|Description||Network Operators, Service Providers, and Public Safety should implement architectures that partition or segment networks and applications using means such as firewalls, demilitarized zones (DMZ), or virtual private networks (VPN) so that contamination or damage to one asset does not disrupt or destroy other assets. In particular, where feasible, it is suggested user traffic networks, network management infrastructure networks, customer transaction system networks, and enterprise communication/business operations networks be separated and partitioned from one another.|
|Industry Role(s)||Service Provider; Network Operator; Equipment Supplier|
|Keyword(s)||Cyber Security;Network Design;Network Elements;Network Operations;|
|Reference/Comments||ISF SB52, http://www.sans.org
ITU-T Rec. X.805
ITU-T Rec. X.812.