Network Segmentation Definition & Meaning

Network segmentation is the division of an entire network into smaller segments or sub-networks (subnets). For example, if a business has a computer network, segmentation could mean limiting traffic to a database with customer information to only those employees who explicitly need that access.

How does network segmentation work?

There are multiple ways to segment a computer network:

  • Organizations use multiple virtual local area networks (VLANs) within their larger company network so that each segment receives its own network, prohibiting traffic from jumping between two VLANs.
  • IT personnel can configure hardware to filter specific traffic, often IP addresses, between segments of the network. Only users or devices with permitted IP addresses can enter that part of the network, such as a database with sensitive customer information.
  • Software-defined networking allows users to manage segmentation with applications or software rather than hardware.
  • Deploying firewalls at each network segment filters traffic between databases, accounts, and applications rather than allowing anyone who makes it past the perimeter firewall to enter company accounts. Using firewalls for each network segment is expensive and can be difficult to configure.

Why is network segmentation important?

Businesses have discovered that a single firewall at the perimeter of a computer network doesn’t always protect the applications within it. If an attacker passes the firewall, and the firewall is the network’s only protection, the attacker then has opportunities to move between different applications, even high-level access ones. Network segmentation makes it more difficult for attackers to move laterally through the network. If IP traffic is constantly filtered or applications require credentials to enter, attackers are less likely to continue moving within the network.

Segmentation also makes it easier to track a breach. If each subnet or segment has its own filtering procedures, and if security software is implemented with each, organizations can more readily locate an unauthorized visitor.

Network segmentation helps traffic to flow more efficiently. If traffic is limited for each segment, it will be less likely to clog and slow that part of the network. The database mentioned above will only have traffic from the users allowed access, which better uses bandwidth.

Lastly, segmentation helps organizations comply with data protection regulations. Any business bound by rules like GDPR must be able to document who accesses customer data. Segmentation makes it easier for businesses to track which employees have accessed accounts, applications, and databases. It’s also an important practice for better protecting sensitive customer information.

Difference between network segmentation and microsegmentation

They’re very similar concepts, but microsegmentation refers specifically to limiting user access to applications through authentication protocols. Microsegmentation is user-facing, managing traffic through entry points that users must pass through by presenting the correct credentials. It’s a form of network segmentation, but traditionally network segmentation referred more to hardware-configured segments and firewalls, while microsegmentation occurs at application access points. They’re helpful additional tools, but many security professionals argue that microsegmentation is the best way to control lateral traffic in computer networks and data centers. It uses the principle of zero trust to strictly limit network traffic to those who can provide legitimate credentials.

 

Related Links

Jenna Phipps
Jenna Phipps
Jenna Phipps is a contributor for websites such as Webopedia.com and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Top Articles

The Complete List of Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How to Create a Website Shortcut on Your Desktop

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

Hotmail [Outlook] Email Accounts

By Vangie Beal Hotmail was one of the first public webmail services that could be accessed from any web browser. Since 2011, Hotmail, in terms...

No-Code Development Definition &...

No-code development is a method of application development that allows people without programming...

Trusted Device Definition &...

A trusted device is a machine, such as a mobile phone, laptop, tablet...

What Is a Columnar...

A columnar database management system (CDBMS) is a type of database management system...