Separation in terms of national infrastructure protection is implemented to primarily achieve two goals. Goal one is to separate the assets from attacks to avoid direct access to the organization’s assets. Adversary separation helps in protecting assets for being directly accessed by the intruder. The second goal is to separate components architecturally within an infrastructure. Component distribution helps in the distribution of the risk of compromise since to avoid direct compromise in one area of infrastructure. The goals of separation can be fulfilled either by using physical separation or functional separation. Functional Separation includes software, networks, and computer whereas Physical separations include locks, cabinets, and etc., These access restrictions separation should be designed in a way to fight either internal or external threats. Threat, target, and approach are the three primary factors used to determine the relationship between the different separation techniques (Amoroso, 2010).
Separation on the network helps in buying time during an attack as the attacker will take additional time to get their target when stuck in a network separated from critical data. Separation also helps in avoiding data loss as it adds layers of separation between servers containing highly sensitive data and other less important data. As mentioned earlier attackers take time in breaking out through a segmented network before they could reach the target meanwhile the organization will work on securing its other networks then the damage caused by the attack would be very less.
In the operation and performance of any network, it is essential to perform network segmentation and separation with the aim of protecting sensitive network and organizational resources. Cases where organizations deal with extremely sensitive data, both physical and logical network separation takes place. Physical network separation include the separation of network devices and parts ranging from routers and switches. This option is chosen for cases where total isolation and separation of the data proves to be effective.
However, when an individual or network fails to have the mechanisms of physically separating the networks, virtual solutions become the best solution. Virtual solutions range from virtual LANs, router configurations, firewalls among others. Virtual separation operates in a way that when switches are separated virtually in LANs, the two separate entities are created (Cho et al., 2017). The two entities perform their own operations independently and they do not communicate with the other segments. This level of flexibility comes in handy when an organization wishes to protect its highly sensitive and confidential information. Another interesting application of the virtual network selection is the virtual firewall. The virtual firewall functions through segmentation of the firewall into several ports that operate independently. Through this independent performance, each of them have their own rules and restrictions, thereby enabling independent interaction with the network and its sections. Even though the firewall exists on a single physical computer system, there are multiple virtual ports that operate under administrative controls and rules that do not allow them to communicate with each other. This promotes the security of the entire network.
1.Evaluate one pro and con above proposed above discussions
1. Be 1 paragraphs in length for each Discussion
2. Your responses to above discussions must be more than a simple “Good job” or “I agree with your post”. They must also not just be “Let me add to your post…” Instead, your responses to each other should do three things:
1. Acknowledge the above discussions with some form of recognition.
2. Relate the discussions to something you have learned or are familiar with
3. Add to the conversation by asking additional questions about the discussion, or discussing the topic further.