Security Policy Management with
Professor Wool
Network Segmentation Course
Network Segmentation with Professor Wool is a whiteboard-style series of lessons that examine the challenges of and provide technical tips for segmenting networks for security across in evolving enterprise networks and data centers.
Lesson 1
In this lesson, Professor Wool presents a simple yet highly effective strategy to help you future proof your network segmentation policy against future changes. Using the concept of a diamond, Professor Wool shows how you can define very specific rules at each end point of the diamond and broader policies in the middle. This will significantly reduce the time and effort needed to work on change requests—without compromising on security in any way.
How to Structure Your Security Policy in a Segmented Network
Lesson 2
In this lesson, Professor Wool recommends a simple matrix to define network segments and security zones, and the traffic allowed to and from each zone. This matrix can then be used to immediately assess a firewall change requests as well as validate that existing security policies have been implemented correctly.
How to Define, Simplify and Enforce Network Segmentation and Security Zoning
Lesson 3
In this lesson, Professor Wool examines common missteps when organizations create security zones and best practices to consider for an improved defense.
Common Mistakes and Best Practices for Designing Network Security Zones
Lesson 4
In this lesson, Professor Wool provides recommendations for how to design your network for optimal segmentation in two typical scenarios: Allowing traffic from an external partner application into the corporate data center, and structuring network traffic flows within the data center to force specific flows with more check points for better security.
Data Center Segmentation Best Practices
Lesson 5
In this lesson, Professor Wool presents some of the challenges of setting up security policies for East-West traffic. On the one hand these policies need to allow all legitimate business traffic to flow through the data center, yet on the other hand they need to be very specific so as to block everything else. Watch this video to find out more.
The Challenges of East West Traffic Discovery for Network Segmentation
Lesson 6
Following on from Professor Wool’s previous lesson, this lesson presents a step-by-step process for writing firewall policies for East-West traffic. This involves an iterative process of discovering, identifying and then writing explicit ‘allow’ rules for all valid business traffic that goes through the network segment. Watch this video to find out more.
How to Build Firewall Policies for East West Traffic
Lesson 7