Medryte Healthcare Solutions Pvt.

,Ltd Normal

Network security management,

segregation & encryption
Responsibility: Subin Document No: 24-13724

Department: IT & Networking Revision: 1.1

Date: 05-Aug-2024 Sheet: 1 of 8

1. Introduction
Ensuring network security is critical for protecting sensitive data, maintaining
system integrity, and preventing unauthorized access. This document outlines
best practices for network security management, network segregation, and
encryption techniques.

2. Network Security Management

2.1 Access Control & Authentication
 Implement role-based access control (RBAC) to restrict access based on
user roles.
 Enforce strong password policies and multi-factor authentication (MFA).
 Regularly review and update user access permissions.
2.2 Firewall & Intrusion Detection/Prevention Systems (IDS/IPS)
 Deploy firewalls at network perimeters and critical points within the
network.
 Use IDS/IPS to monitor and prevent unauthorized access attempts.
 Maintain and regularly update firewall and IDS/IPS rules.
2.3 Network Monitoring & Logging
 Continuously monitor network traffic for anomalies.
 Enable centralized logging for analysis and forensic purposes.
  Use SIEM (Security Information and Event Management) systems for
real-time threat detection.
2.4 Patch Management & System Updates
 Implement an automated patch management process.
 Regularly update operating systems, applications, and firmware.
 Test patches before deployment to minimize disruptions.

3. Network Segregation
3.1 Segmentation Strategies
 Divide the network into security zones based on function, sensitivity,
and risk.
 Use VLANs (Virtual Local Area Networks) to isolate network segments.
 Implement micro-segmentation for fine-grained access control.
3.2 Best Practices for Segmentation
 Separate critical systems from less secure environments (e.g.,
production vs. development).
 Restrict access between segments using firewalls and access control lists
(ACLs).
 Monitor inter-segment traffic for suspicious activities.
3.3 Secure Remote Access
 Implement VPNs (Virtual Private Networks) with strong encryption.
 Enforce least-privilege access for remote users.
 Monitor and log remote access sessions.
 We have to enabled interface X1 and X2 for Internet Service Provider
then remaining three X0,X3 Users LAN interface then X4 for IT
Department systems like server, Camera and Bio-Metrics Interface based
on under VLAN configuration.

 Firewall Fully Licensed for all Services Like (Antivirus, Web Content Filter,
VPN, Analyser etc.)

 We Setup DUAL WAN Failover Service. Dual WAN failover is a network

redundancy solution that switches to a secondary WAN connection to
ensure uninterrupted internet connectivity when the primary
connection fails

 We Setup Site to Site VPN Service. Site-to-site VPNs service used by our
firms connect our multiple Brach offices that want to share certain
resources

 Site-to-site VPN that keeps data encrypted between two networks

without needing credentials or client apps on devices using it.
  A site-to-site VPN provides access from one network to another over the
internet. It works by creating a secure, encrypted tunnel between two
networks located at different sites. The tunnel acts as a direct link
through which data can be securely transmitted.

 Strongly Setup Web Content Filter Service for our Infrastructure.

 Sonic Wall’s Content Filtering Service provides powerful protection and

productivity solution to block access to harmful and unproductive web
content.

 Within our organization, there are four teams that function under
distinct content filter services.

Prevention Service (IPS):

 The Sonicwall Intrusion Prevention Service (IPS) is a subscription
based service that monitors network traffic for potential threats
and alerts administrators if it detects suspicious activity.

 It protects networks from a variety of problems, including Viruses,

Spyware, Security breaches, Zero-day attacks, and false positives.

 Intrusion Prevention System must work efficiently to avoid

decreasing network performance. It must be quick because
exploits might occur anytime. To eliminate threats and false
positives, the IPS must detect and respond accurately.

 How to use the IPS to Reference that we have added to the

flowchart below.
 In our firewall also we enabled the Intrusion prevention System (IPS).
Intrusion Detection System (IDS):
 IDS is either a hardware or software program that analyzes
incoming network traffic for malicious activities or policy breaches
(network behaviour analysis) and issues alerts when they are
detected. It detects real-time traffic and searches for attack
signatures or traffic patterns, then sends out alarms. Unlike IPS, a
network Intrusion Detection System is not in line with the data
path, so it can only alert and alarm on detection of anomalies.

4. Data Encryption
4.1 Encryption at Rest
 Use AES-128 encryption for data stored on servers, databases, and
backup devices.
 Implement full-disk encryption for all company-issued devices.
 Secure encryption keys using a dedicated key management system.
4.2 Encryption in Transit
 Enforce TLS 1.2 or higher for secure data transmission.
 Use encrypted protocols such as SSH, HTTPS, and SFTP.
 Apply VPN tunneling for secure communication over public networks.
4.3 Encryption Key Management
 Rotate encryption keys periodically and store them securely.
  Use hardware security modules (HSMs) for high-security key
management.
 Implement strict access controls for key retrieval and usage.

Head office to branch office connection policy, Site TO Site VPN.

1) Where encrypted information can travel from site to site.
2) VPN that keeps data encrypted between two networks without needing
credentials.
3) We enable Site to site VPN Policy in firewall the purpose of File sharing one
site to another site

Document Version History

This table shows a record of significant changes to the document.

Version Date Author Description of Change

1.0 05-Aug-2023 Selva Kumar Initial release

1.1 02-Aug-2024 Subin Version Update

APPROVALS

This table shows the approvals on this document for circulation, use, and withdrawal.

Version Date Approver Title/Authority Approval Remarks

1.0 07-Aug-2023 Mr.Sujin Jekash Simson MD Verified
1.1 05-Augr-2024 Mr.Sujin Jekash Simson MD Verified
1.2

Approval & Acknowledgment I acknowledge that I have reviewed and understood the Medryte
Failover Test Plan.

Authorized Signature: ___________________________

Date: ___________________________