Skip to main content

5: Network Segmentation and Wireless Tech

Network Segmentation

Definition: A strategy that divides a network into multiple segments or sub-networks, each being a network segment.

Benefits:

  • Performance Enhancement: Organize systems such that those that communicate frequently are in the same segment. This boosts network efficiency.

    Placing regularly communicating systems in the same segment enhances performance.

  • Reduced Communication Issues: By controlling traffic flow, issues like network congestion and broadcast storms are contained within individual segments rather than spreading across the entire network.

  • Enhanced Security: By isolating specific traffic and restricting user access to only authorized segments, potential security threats can be minimized.

    Segmentation restricts unauthorized access to sensitive sections of the network.

Intranet

A private network designed to host internal information services, similar to those on the public internet.

Some modern services, like SharePoint, blur the traditional definition of an intranet. While SharePoint can be accessed from the internet, its private, restricted sections for company use can be considered intranet features. North Korea is considered by some to be the largest Intranet because it's isolated from the global internet. 

Extranet

A hybrid between an intranet and the public internet. It's a private network that also provides specific public access.

Common in businesses that need to share information with external stakeholders (e.g., suppliers, partners). An example might be a supplier portal where suppliers can log in to see orders, but it's still part of the company's private network.

Extranets balance between keeping internal data secure and sharing necessary info with external parties.

DMZ (Demilitarized Zone) / Perimeter Network

Definition: A network area (or subnetwork) that sits between an organization's internal network and an external network, typically the public internet. It's like a buffer zone – services that are accessible to the public (like web servers) are placed here. 

The main idea is to add an additional layer of security. If a hacker compromises a server in the DMZ, they still don't have direct access to the internal network.

Placing public-facing services directly on the internal network without a DMZ can expose the entire network to threats.

Back to top