CME-203

Network Segmentation (VLANs/Subnets)

Isolate Network High Confidence

Description

Separates network traffic into isolated segments by trust zone, preventing lateral movement between zones (e.g., DMZ, internal, management).

CVSS Vector Impacts

Metric Transition Rationale
Attack Vector (AV) N A Compromised host in one segment cannot directly reach other segments
Scope (S) C U Blast radius limited to network segment

CWE Relationships

CWE-284 CWE-668

Verification

Verify network topology shows segmentation between trust zones

$ ip addr show | grep -c 'inet '
# Expected: Multiple interfaces or VLANs
Platform: linux
← CME-202: Host-Based Firewall (firewalld/nftables) CME-204: IPsec / WireGuard (Encrypted Transport) →