Network Segmentation
Security+ 🏆 • Network Security 🌐
•
Difficulty: premium
Definition
Network segmentation is the practice of dividing a network into smaller zones and controlling traffic between them. It limits lateral movement, reduces the impact of a compromise, and helps enforce different security policies for systems with different risk levels.
Examples
- User laptops are placed in one network segment and are blocked from directly connecting to database servers in another segment.
- A guest Wi-Fi network is segmented from internal corporate systems so visitors cannot reach company resources.
Discover 🔎
A flat network is convenient, but it makes attacker movement easy. If an attacker compromises one device, they can often scan and reach many other systems. Network segmentation breaks that convenience on purpose. It creates boundaries so a compromise stays contained and sensitive systems are protected behind tighter controls.
Remember: Segmentation is about reducing blast radius. You assume something will eventually be compromised, so you design the network so it cannot reach everything.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.