Segmentation
Segmentation is used within an enterprise’s network infrastructure. Its purpose is to compartmentalize the network, creating isolated segments that restrict the lateral movement of potential attackers. By doing so, segmentation limits the impact of a breach, preventing cyber intruders from traversing freely across the network. It ensures that even if one layer is breached, the intruder is contained within a confined area, unable to access critical assets or move deeper into the network. The following list defines each of the major types of segmentation:
- Physical segmentation: This method separates a network into smaller segments using routers, switches, and firewalls. It’s like building different rooms within a fortress, each with a unique access control. Physical segmentation is ideal for large organizations with diverse network requirements, allowing for the isolation of sensitive data and critical systems.
- Virtual Local Area Networks (VLANs...