Network Segmentation

Sec+ Glossary 📖 • Network Security 🌐 • Difficulty: premium

What is Network Segmentation?

Network segmentation is the practice of dividing a network into smaller zones and controlling traffic between them. It limits lateral movement, reduces the impact of a compromise, and helps enforce different security policies for systems with different risk levels.

Examples

User laptops are placed in one network segment and are blocked from directly connecting to database servers in another segment.
A guest Wi-Fi network is segmented from internal corporate systems so visitors cannot reach company resources.

Discover 🔎

A flat network is convenient, but it makes attacker movement easy. If an attacker compromises one device, they can often scan and reach many other systems. Network segmentation breaks that convenience on purpose. It creates boundaries so a compromise stays contained and sensitive systems are protected behind tighter controls.

Remember: Segmentation is about reducing blast radius. You assume something will eventually be compromised, so you design the network so it cannot reach everything.

Summary 📝

Network segmentation divides networks into zones and enforces controls between them to limit lateral movement and reduce the impact of compromise. It improves security by restricting unnecessary access to sensitive systems and enabling different policies for different risk areas. Effective segmentation depends on enforcement, monitoring, and ongoing rule maintenance.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.