Network Security Platform
Description
The Network Security Platform provides network perimeter protection, traffic filtering, and routing control for the Scheol Lab environment.
It ensures segmentation, enforcement of network security policies, and secure connectivity between internal and external services.
Asset Identification
| Attribute | Value |
|---|---|
| Asset ID | PLT-NET-01 |
| CI Type | Platform |
| Asset Name | Network Security Platform |
| Asset Category | Network Security |
| Owner | Security Role (Sec) |
| Status | Active |
| Location | Public VPS |
| Primary Function | Network traffic filtering, routing, and security enforcement |
Asset Dependencies
| Dependency Type | Asset | Status |
|---|---|---|
| Infrastructure | OPNsense Firewall | Active |
| Platform | Proxmox Virtualization Platform | Active |
| Information | Infrastructure Configuration Data | In Progress |
Relationships
| Relationship | Target CI |
|---|---|
| Protects | Internal Platforms (Identity Management, Documentation, Automation) |
| Secures | Public-facing VPS services |
| Integrates with | Logging & Monitoring Platform for network events |
Asset Classification
| Criteria | Level |
|---|---|
| Confidentiality | 🟨 Medium |
| Integrity | 🟥 High |
| Availability | 🟥 High |
Criticality score: 🟥 High
Rationale:
- Integrity is essential to prevent unauthorized routing or firewall changes.
- Availability is critical to maintain connectivity and service operation.
- Confidentiality is moderate; network configuration may contain sensitive topology info.
Responsibilities
| Role | Responsibility |
|---|---|
| Security Role (Sec) | Configuration, monitoring, and security policy enforcement |
| Operations Role (Ops) | Support deployment and integration with Proxmox infrastructure |
| Development Role (Dev) | Ensure secure integration of application services and public endpoints |
Security Controls
- Firewall and IPS/IDS rules
- Network segmentation and VLANs
- Access control for configuration interfaces
- Logging and alerting of network events
- Regular security audits and configuration hardening
Security Considerations
Main risks include:
- Misconfiguration leading to exposure of internal services
- Unauthorized access to network devices or configuration
- Network downtime affecting multiple services
- Failure of IDS/IPS or monitoring integration
Mitigations:
- Role-based access control
- Secure configuration management and versioning
- Redundancy where possible
- Integration with centralized logging and alerting
Methodological References:
- ISO 27001 - Control 8.16 Monitoring activities ; Control 8.20 Network security ; Control 8.22 Segregation of networks.
- NIST CSF - PR.PT Protective Technology ; PR.AC Access Control ; DE.CM Continuous Monitoring.
- EBIOS RM - Network security infrastructure assets supporting system protection.