Customers typically test vulnerability patches before deploying them - this is nonsensical. It is better to patch a vulnerable system, even though this may adversely affect existing systems. Deploy security patches as you get them - systems are more at risk by not patching than having a system fail because of the patch. Also consider the reputational damage caused by compromise when a patch is already available...
Segmentation isolates and secures resources by sensitivity. The website would live in the outer-most circle. User access control sytems in the middle, and sensitive services in the inner-most circle.
Isolate all shared resources in your network with dedicated firewalls and access control lists.
All content copyright © Michael Wittenburg 1995 to 2022. All rights reserved.
Merch (t-shirts designed by my twin)