Security considerations
As part of the Zero Trust Security model, we don’t want to assume corporate traffic in other segments is trusted without applying appropriate security controls and inspection. Following is a list of security considerations for your design:
|
Risk |
Mitigation |
Considerations |
|---|---|---|
|
Malware |
Antimalware |
Enabled on all external traffic from the datacenter, remote internet breakout designs, and file transfers between corporate resources |
|
Malicious websites |
Web filtering |
Enabled on all HTTP/HTTPS traffic for remote internet breakout scenarios |
|
Application visibility and reporting |
Application control |
Enabled on all network traffic |
|
Server-side attacks |
Intrusion prevention |
Enable IPS signatures for server targets on appropriate targets |
|
Data loss |
Data loss and prevention (DLP) |
Enabled where applicable for sensitive data that should not transfer across unauthorized boundaries |
|
Unauthorized access |
Role-based access control (RBAC) and Zero Trust Network Access (ZTNA) |
Lock down inbound policies as much as possible Utilize ZTNA |