Segmentation

Network Security 🌐 • Sec+ Glossary 📖 • Security+ 02 • Difficulty: free

What is Segmentation?

Segmentation is the practice of dividing networks, systems, or environments into smaller controlled sections so traffic and access between them can be limited, monitored, and managed more securely.

Examples

A company places user workstations, servers, and guest Wi-Fi on separate network segments so compromise in one area does not automatically expose the others.
A business isolates its finance systems from the general office network and only allows specific approved connections into that segment.

Discover 🔎

Not every system in an organization should be able to talk freely to every other system. If the environment is too open internally, one infected device, one stolen account, or one vulnerable service can give an attacker far more reach than they should have.

Segmentation exists to break that kind of easy movement. Instead of treating the whole environment as one broad trusted space, it divides the environment into smaller areas with clearer boundaries. Those boundaries make access more deliberate and reduce the chance that one problem turns into a much larger one.

Remember: Segmentation is about controlling movement. The goal is not only to protect the edge of the network, but to reduce what can happen inside it as well.

Summary 📝

Segmentation is the practice of dividing networks and environments into smaller controlled zones so communication can be restricted and managed more safely. Its value comes from limiting unnecessary reachability, reducing lateral movement, and containing the effects of compromise. Strong segmentation is not just about drawing boundaries, but about enforcing meaningful rules between them based on business need and trust level.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.