Network Infrastructure
- Backbone of modern organizations
- Comprises hardware, software, services, and facilities for network support and management
Physical Separation
- Security measures to protect sensitive information
- Often referred to as "Air Gapping”
- Isolates a system by physically disconnecting it from all networks
- Isolated from both local and internet networks
- Disconnection from direct or indirect connections
- Example:
- ICS system
- Systems on power plants or water treatment facilities are often air gapped to prevent cyber attacks that could lead to real-world damage.
- However, Air Gap systems are not infallible
- Physical separation is one of the most secure methods of security, but it is still vulnerable to sophisticated attacks
Logical Separation
- Establishes boundaries within a network to restrict access to certain areas
- Implemented using firewalls, VLANs, and Network Devices that can control traffic based on rules and policies
- Example:
- Use of VLANs in corporate network
- VLANS can segregate network traffic, ensuring that data form one department cannot be accessed by another department
- Reduces congestion, manages network traffic and improves security
- Use of firewalls to create a screened subnet network
- Logical subnetwork that contains the organization's external-facing services separating them from the internal network
- Logical separation should be properly configured to be more effective in network security
- Technically not as secure as Physical Separation
- Network devices can be exploited
Comparison
- Physical Separation (Air-Gapping)
- High security, complete isolation
- Logical Separation
- More flexible, easier to implement
- Less secure if not configured properly