Application-outlined segmentation puts network traffic into various classifications and would make enforcing security policies a lot easier. Preferably, the classifications are based upon endpoint identification, not mere IP addresses. Physically defend your servers as well as your equipment. Maintain them in a secure place, and do not grant normal https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network
