I’m always surprised at the number of organizations that don’t use private VLANs on their public-facing servers. Private VLANs (A Cisco systems feature, but other manufactures have equivalents) prevent a compromised server from being used as jumping off point to attack other servers. It essentially isolates devices on a subnet so that they can talk to the network gateway, but not to other devices on the same subnet. Private VLANS can prevent your web server, for example, from being used to attack your mail server. It’s a simple configuration, and one that should be in your network administrator’s toolbox.
Cybersecurity Engineer, Cisco
Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.