The way to define traffic filtering rules as described before only affects traffic that is exchanged between network segments. Often connections between hosts attached to the same network segment are still unfiltered. Therefore, grouping machines according to their purpose or business unit and putting them into their own network segment makes sense. This allows better control over the traffic flow and establishes an additional layer of defense between the different groups of nodes. Besides the security impact of such a network design, it also makes it a bit easier to establish traffic prioritization for the different host groups and the network can grow bigger.
To add one further line of defense, you can add a host-based firewall to all nodes that limits the incoming and outgoing network traffic. iptables or Shorewall makes up a nice solution that can also be deployed onto single hosts as a host-based firewall. While thinking in terms of defense in depth, there's no way around host-based firewalls, especially since opening a couple of ports is not a big burden.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.