The RSI Security blog breaks down the techniques in some depth, but the procedure in essence goes similar to this: Create firewalls and router standards, which set rules for letting and denying use of your techniques. Firewall configurations really should be reviewed bi-per year to ensure there aren't any faulty https://www.nathanlabsadvisory.com/blog/nathan/key-components-of-a-successful-incident-response-strategy/