Whether we are talking about the network in your home or the network in your office, it’s important that these networks be properly segmented. Why? To keep sensitive traffic on the network separated from more public traffic and more importantly, some potential threats that could infiltrate your network.
So what exactly is network segmentation? When you create a network, all of the devices on that network can “see” or communicate with each other. In the past, this was fine, because networks consisted of trusted devices that performed their work and that was really it. Then came the internet and now devices connected to the network can also communicate across the internet. Still, this was mainly fine. Then came wireless networks and more devices being connected to the network, either by cable or wirelessly. Then came guest networks, so visitors to your office would wirelessly connect, but not necessarily be connected to the “main” network.
This is where network segmentation comes in to play. Network segmentation allows you to create separate networks across the same wired or wireless networks. The most common way to do this is by using something called a VLAN. In effect, when you setup a wireless network and a guest wireless network, you may be using VLAN technology.
What is a VLAN?
A VLAN is a Virtual Local Area Network. One way to think of this is as a network within a network. In other words, on a wired network, a VLAN travels across the same physical wire but keeps traffic separated. VLANs allow you to segment your network into groups of devices that have rules associated to them in terms of what other devices or locations on the network they can see.
In the case of a wireless network, a VLAN does the same thing, but across the same wireless access points that broadcast the wireless network. So, let’s say you have an accounting department, a manufacturing department, a marketing, sales, customer service and administration department. You have a single hard-wired network that connects all these department to your network and the internet.
If you segment this network, you could create a VLAN for your marketing, sales and administration departments, a VLAN for your manufacturing department and a VLAN for your accounting department. The VLANs are assigned as follows: one VLAN to the sales, marketing and administration departments, one VLAN to the manufacturing department and one VLAN to the accounting department. You can then decide what devices on each network are allowed to do. The computers on the accounting VLAN may be able to see the computers on the others and access the Internet. The VLANs in the manufacturing, sales, marketing and administration departments may be able to see one another, but not the accounting department. The computers on the manufacturing VLAN may not be able to see the Internet. This is network segmentation, allowing you to further secure your IT infrastructure by creating network rules that keep things more safe.
Smart Homes, Internet of Things and Cybersecurity
With the proliferation of smart devices, like smart thermostats, TVs, speakers, lights and the like, a VLAN is the ideal way to isolate these predominantly wireless devices from accessing anything on the network. You would want these devices to reach the internet for updates and centralized control. As these types of devices are considered to be relatively insecure, you would definitely want to isolate them from any other part of your network, so that if they were to be compromised, they would not be able to compromise other more important devices on your network.
Network segmentation is key to keeping your data and IT assets secure. If you’re not sure if your network is properly segmented, ask your IT department or partner to review your network and be sure it is properly configured for maximum security.
MJ Shoer is founder & principal consultant at MJ Shoer LLC., which offers consulting services for MSPs and Channel Organizations. He previously launched, built and sold one of New England's most successful MSPs.
