Alguien sabe que es el aislamiento de redes (Network Isolation, Isolation Bridge?

What Is Network Isolation?

Benefits of introducing a logical data isolation defense layer include:

* Additional security
* Control of who can access specific information
* Control of computer management
* Protection against malware attacks
* A mechanism to encrypt network data


Network isolation: The ability to allow or deny certain types of network access between computers that have direct Internet Protocol connectivity between them

Identifying Trusted Computers

Trusted computer:

A managed device that is in a known state and meets minimum security requirements

Untrusted computer:

A device that may not meet the minimum security requirements, mainly because it is unmanaged or not centrally controlled


Goals That Are Achievable Using Network Isolation

The following goals can be achieved by using
network isolation:

* Isolate trusted domain member computers from untrusted devices at the network level
* Help to ensure that a device meets the security requirements required to access a trusted asset
* Allow trusted domain members to restrict inbound network access to a specific group of domain member computers
* Focus and prioritize proactive monitoring and
compliance efforts
* Focus security efforts on the few trusted assets that require access from untrusted devices
* Focus and accelerate remediation and recovery efforts


Risks that will not be directly mitigated by network isolation include:

* Trusted users disclosing sensitive data
* Compromise of trusted user credentials
* Untrusted computers accessing other
untrusted computers
* Trusted users misusing or abusing their trusted status
* Lack of security compliance of trusted devices
* Compromised trusted computers access other trusted computers


How Can Network Isolation Be Achieved?

Components of the network isolation
solution include:

Computers that meet the organization’s minimum security requirements

Trusted hosts

The use of IPSec to provide host authentication and data encryption

Host authentication

Verification of security group memberships within the local security policy and access control lists of
the resource

Host authorization

source: http://download.microsoft.com/download/9/D/5/9D535435-954D-47F6-92B5-5125B1291EB7/May_26_ME_IPSec%20and%20Group%20Policy.ppt

Ah gracias, pero esto se puede aplicar en cualquier plataforma o es exclusivo de Micro$oft?

Saludos.

Según la descripción:


Network isolation: The ability to allow or deny certain types of network access between computers that have direct Internet Protocol connectivity between them


Es independiente de la plataforma. De hecho, lo primero que hago al instalar un sistema operativo es aislarlo de cualquier red incluída la LAN. Es tansimple como crear un par de reglas de firewall en la propia máquina que denieguen todo. Luego ya abres los servicios que quieras y les permites comunicación.

Salu2

Ok Gracias a los dos.


Saludos.