Implement pfSense network segmentation #13
Description
Global ID: VICS-BACKEND-002
Estimated Time: 4-5 days
Problem
Need network segmentation following Purdue Model to isolate IT from OT networks.
Solution Tasks
- Deploy pfSense container or VM
- Configure Level 0-1 network (field devices, PLCs)
- Configure Level 2 network (SCADA, HMI)
- Configure Level 3-4 network (enterprise IT)
- Implement firewall rules between zones
- Configure DMZ for external access
- Set up VLANs for segmentation
- Document network architecture diagram
Acceptance Criteria
- Zones properly segmented with firewall rules
- Only authorized traffic between zones
- DMZ isolates external connections
- Network diagram matches Purdue Model
- Firewall rules documented
- Penetration testing validates segmentation