creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/configuring-microsegmentation-for-zero-trust/assets/template.md
T

2.4 KiB
Raw Blame History

Microsegmentation Implementation Plan Template

Project Information

Field Value
Project Name
Organization
Project Lead
Start Date
Segmentation Tool [Illumio / VMware NSX / Guardicore / Cisco ACI]

Workload Inventory

Workload IP Address OS Role Application Environment Location
web prod
app prod
db prod

Segmentation Zone Design

Zone Definitions

Zone Name Description Workloads Default Policy
PCI-CDE Cardholder data environment [list] Deny-all
HR-Systems HR applications [list] Deny-all
DMZ Internet-facing services [list] Deny-all
Management Admin/monitoring [list] Restricted

Inter-Zone Communication Matrix

Source Zone Destination Zone Ports/Protocols Justification
DMZ App-Tier 8080/tcp Web application traffic
App-Tier DB-Tier 3306/tcp Database queries
Management All Zones 22/tcp, 9090/tcp SSH and monitoring

Policy Rules

Allow Rules

Rule ID Source Destination Port Protocol Process Justification
1 tcp
2 tcp

Default Deny

  • All traffic not explicitly allowed is denied
  • Deny rule logged and alerted

Enforcement Schedule

Week Activity Applications Risk Level
1-2 Agent deployment and discovery All Low
3-4 Label assignment and validation All Low
5-6 Policy design and test mode All Low
7 Enforce: Dev/Test environments Dev apps Low
8 Enforce: Low-risk production Non-critical Medium
9-10 Enforce: Business-critical apps ERP, CRM High
11-12 Enforce: Regulated environments PCI, HIPAA High

Validation Tests

  • Legitimate traffic flows uninterrupted after enforcement
  • Unauthorized cross-zone traffic is blocked
  • Lateral movement from compromised workload is contained
  • Policy violation alerts appear in SIEM
  • Break-glass procedure works for emergency access
  • Application dependency map matches actual flows

Sign-Off

Stakeholder Role Approval Date
Security Architecture
Network Operations
Application Owners
Compliance/Audit
Reference in New Issue View Git Blame Copy Permalink