Finding #17

Description *

Priority (1-4) Category 1 Category 2

Formatted Text *

Network Segmentation Gaps

Severity Level: Priority 2
Category: Security / Infrastructure

Description:
While phones are segmented, printers and other non-workstation devices remain on the trusted network, and core/third-party vendor connections are not fully isolated, increasing exploit risks.

Impact:

Vulnerable devices (e.g., IoT) can be exploited for lateral movement.
Messy audit reports from improper segmentation.
Vendor network threats could access the bank's network.

FFIEC Reference:

FFIEC IT Examination Handbook (November 2016):

"Non-workstation devices require network segmentation." (p. 37)
"Vendor connections must be isolated to reduce risks." (p. 39)

Recommendations:

Segment Devices: Move printers and IoT to a restricted network.
Isolate 3^rd party Vendor Connections: Using your firewall.
Implement Firewall Rules: Enforce strict access controls between segments.

<h2 style="margin: 0in; font-size: 14pt; font-family: Arial, sans-serif; color: rgb(89, 89, 89); letter-spacing: 0.25pt;">Network Segmentation Gaps<o:p></o:p></h2>Severity Level: Priority 2 Category: Security / Infrastructure Description: While phones are segmented, printers and other non-workstation devices remain on the trusted network, and core/third-party vendor connections are not fully isolated, increasing exploit risks. Impact:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Vulnerable devices (e.g., IoT) can be exploited for lateral movement.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Messy audit reports from improper segmentation.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Vendor network threats could access the bank's network. <o:p></o:p></li></ul>FFIEC Reference:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">FFIEC IT Examination Handbook (November 2016):<o:p></o:p></li><ul type="circle" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"Non-workstation devices require network segmentation." (p. 37)<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"Vendor connections must be isolated to reduce risks." (p. 39) <o:p></o:p></li></ul></ul>Recommendations:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Segment Devices: Move printers and IoT to a restricted network.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Isolate 3rd party Vendor Connections: Using your firewall.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Implement Firewall Rules: Enforce strict access controls between segments.<o:p></o:p></li></ul>

Back to list