Designing network architectures for security
Implementing sound security literally starts from the ground up. By applying a solid foundation to an ICS network, the road is paved to allow for a more streamlined implementation of the network security program. A solid foundation comes in the form of security-focused network architecture designs decisions. An example of a security-focused design decision would be the provisioning of network traffic choke points at strategic locations in the network architecture. These choke points will facilitate effective packet capturing, used by security tools like a Intrusion Detection Systems (IDS). Another example would be designing network segmentation that supports confining and detecting security incidents and keeps disruptions such as packet broadcast storms local to the zone, protecting the overall network.
By spending a little more time upfront, properly designing the foundation of the ICS network, the job of securing the network becomes easier overall...