A-028 - Internal Network Segmentation
Purpose
Structure internal network zones to control trust boundaries and limit lateral movement.
Asset Type
- Infrastructure
Description
- Logical segmentation of internal network using VLANs and routing policies
- Separates administrative, service and exposed components
- Defines trust boundaries within Hell environment
Criticality
- High
Sensitivity
- Sensitive
Exposure Level
- Internal only
Trust Zone
- Hell
Dependencies
- Firewall / IDS (A-021)
- Hypervisor (A-020)
Relationships
- Governs communication between internal assets
- Supports isolation of critical services (AD, backup, monitoring)
Security Position (Architecture Context)
- Core element of trust boundary model
- Reduces blast radius of compromise
- Supports enforcement of least privilege at network level
Existing Protective Measures
- VLAN-based segmentation
- Controlled inter-zone routing
- Firewall enforcement between zones
Owner / Responsibility
- Operations Role (Ops)
Notes
- Effectiveness depends on correct firewall rule enforcement
- Misconfiguration may lead to unintended exposure paths