Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…
Network segmentation is a strategy for limiting the potential impace of a security exploit by dividing a large network into smaller physical or virtual networks called subnetworks or subnets.
The goal of network segmentation is to limit unauthorized access to devices, data, and applications by restricting communication between subnetworks. Network segmentation plays an important role in Zero Trust because it limits opportunities for unauthorized lateral movement within a network.
When a network is segmented, each subnet functions as a virtual local area network (VLAN). Security policies are used to determine which users, services or devices can interconnect subnets. The most valuable resources will have the strictest access controls.
One example of network segmentation involves placing an internal firewall inside a network. Network engineers can segment the two different sides of that firewall into specific sub-network areas. For example, data can go into the first sub-network environment and be scanned for malicious code before it progresses through the firewall to the other side of the network.
Another big use for network segmentation is to route data in the most efficient and effective way. In order to optimize workflows, engineers may only send certain kinds of data through a particular network segment, either to improve security, or to cut out unnecessary traffic that puts pressure on network hardware or requires more resources.
Techopedia’s editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.
What is Differential Privacy? Differential privacy is a mathematical framework for determining a quantifiable and adjustable level of privacy protection....
Margaret RouseTechnology Expert
What are Tactics, Techniques, and Procedures (TTPs)? Tactics, techniques, and procedures (TTPs) are the strategic plans, methodologies, and actions an...
What is a Security Posture? Security posture definition refers to the ability an organization has to protect its information technology...
Trending NewsLatest GuidesReviewsTerm of the Day