Zero Trust Begins With Internal Segmentation and Inspection
Zero Trust Begins With Internal Segmentation and Inspection In this post, I want to highlight a common network topology in K12s where the traditional three tiered or collapsed core designs are used. In that architecture, typically, routing is done either on the core or aggregation switch. Instead, we can take a more security first approach to how traffic is handled internally and out to the internet. To begin, I’ll dive into how traffic flows in this typology and provide examples in a lab. Something key to look at in this design is that traffic will be implicitly allowed unless you set up L3 filtering rules. In traditional IP routing when you begin setting up routes and subnets on your core switch, inter-VLAN routing is enabled by default. This is a requirement because that is what allows your internal traffic out to the internet, typically over a transport VLAN to your NAT router or firewall, but the flaw is that it allows all traffic within ...