New We plan on releasing bi-monthly edits and updates to the OS-CFDB project! Please check out the search function!
Inadequate Network Segmentation
|Internal Penetration Testing
|External Penetration Testing
The technical overview of a finding, not meant to be all-inclusive.
The assessment team discovered that portions of the network have inadequate security boundaries. Improper network segmentation can allow unauthorized traffic to reach unattended destinations. This type of network architecture may be suitable for normal operations but lacks the security needed for critical business functions.
How a finding result will affect an organization.
This ability to move traffic from a low security to a high-security boundary may allow an attacker to escalate privileges or access critical business data. If an attacker can locate firewall misconfigurations or crossing boundaries, they may be able to communicate to high-value targets within a secure enclave.
Current plan of action recomended.
Configure internal firewalls and network infrastructure to isolate traffic to areas of the network as necessary. Network segmentation should take into account where more sensitive administrative or operational information resides, and bias toward protection of that data. If this is not possible an audit should be conducted and a risk assessment to determine a functions balance of security and operations.