mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 22:24:56 +03:00
mukul975
82 lines
2.4 KiB
Markdown
82 lines
2.4 KiB
Markdown
# Microsegmentation Implementation Plan Template
|
|
|
|
## Project Information
|
|
|
|
| Field | Value |
|
|
|---|---|
|
|
| Project Name | |
|
|
| Organization | |
|
|
| Project Lead | |
|
|
| Start Date | |
|
|
| Segmentation Tool | [Illumio / VMware NSX / Guardicore / Cisco ACI] |
|
|
|
|
## Workload Inventory
|
|
|
|
| Workload | IP Address | OS | Role | Application | Environment | Location |
|
|
|---|---|---|---|---|---|---|
|
|
| | | | web | | prod | |
|
|
| | | | app | | prod | |
|
|
| | | | db | | prod | |
|
|
|
|
## Segmentation Zone Design
|
|
|
|
### Zone Definitions
|
|
|
|
| Zone Name | Description | Workloads | Default Policy |
|
|
|---|---|---|---|
|
|
| PCI-CDE | Cardholder data environment | [list] | Deny-all |
|
|
| HR-Systems | HR applications | [list] | Deny-all |
|
|
| DMZ | Internet-facing services | [list] | Deny-all |
|
|
| Management | Admin/monitoring | [list] | Restricted |
|
|
|
|
### Inter-Zone Communication Matrix
|
|
|
|
| Source Zone | Destination Zone | Ports/Protocols | Justification |
|
|
|---|---|---|---|
|
|
| DMZ | App-Tier | 8080/tcp | Web application traffic |
|
|
| App-Tier | DB-Tier | 3306/tcp | Database queries |
|
|
| Management | All Zones | 22/tcp, 9090/tcp | SSH and monitoring |
|
|
|
|
## Policy Rules
|
|
|
|
### Allow Rules
|
|
|
|
| Rule ID | Source | Destination | Port | Protocol | Process | Justification |
|
|
|---|---|---|---|---|---|---|
|
|
| 1 | | | | tcp | | |
|
|
| 2 | | | | tcp | | |
|
|
|
|
### Default Deny
|
|
- All traffic not explicitly allowed is denied
|
|
- Deny rule logged and alerted
|
|
|
|
## Enforcement Schedule
|
|
|
|
| Week | Activity | Applications | Risk Level |
|
|
|---|---|---|---|
|
|
| 1-2 | Agent deployment and discovery | All | Low |
|
|
| 3-4 | Label assignment and validation | All | Low |
|
|
| 5-6 | Policy design and test mode | All | Low |
|
|
| 7 | Enforce: Dev/Test environments | Dev apps | Low |
|
|
| 8 | Enforce: Low-risk production | Non-critical | Medium |
|
|
| 9-10 | Enforce: Business-critical apps | ERP, CRM | High |
|
|
| 11-12 | Enforce: Regulated environments | PCI, HIPAA | High |
|
|
|
|
## Validation Tests
|
|
|
|
- [ ] Legitimate traffic flows uninterrupted after enforcement
|
|
- [ ] Unauthorized cross-zone traffic is blocked
|
|
- [ ] Lateral movement from compromised workload is contained
|
|
- [ ] Policy violation alerts appear in SIEM
|
|
- [ ] Break-glass procedure works for emergency access
|
|
- [ ] Application dependency map matches actual flows
|
|
|
|
## Sign-Off
|
|
|
|
| Stakeholder | Role | Approval | Date |
|
|
|---|---|---|---|
|
|
| | Security Architecture | | |
|
|
| | Network Operations | | |
|
|
| | Application Owners | | |
|
|
| | Compliance/Audit | | |
|