Network Segmentation and Zones

Network segmentation divides one large network into smaller, isolated pieces. Instead of every device freely reaching every other, traffic between segments is controlled and filtered.

The main benefits are security (an attack in one segment cannot easily spread), performance (less broadcast traffic per segment), and easier management. Segmentation contains problems instead of letting them spread network-wide.

A flat network where everything connects is convenient but dangerous: malware or an attacker that lands anywhere can reach everything. Segmentation limits the blast radius, the area an incident can affect.

If a workstation in the office segment is infected, segmentation stops it from directly reaching the servers, the cameras, or the building controls, buying time to detect and respond.