Network Segmentation
Dividing a network into subnetworks to improve security and performance.
Also: micro-segmentation
Definition
Network segmentation is the practice of dividing a computer network into smaller, isolated subnetworks (segments or zones) using VLANs, firewalls, and access control lists. It limits lateral movement by attackers who breach one segment, contains malware spread, improves performance by reducing broadcast domains, and enables granular security policy enforcement. Micro-segmentation extends this concept to individual workloads in cloud environments, enforcing east-west traffic controls between services.
Example
“A hospital network separates medical devices, clinical workstations, guest Wi-Fi, and administrative systems into distinct VLANs; ransomware infecting one segment cannot reach the others due to firewall rules between segments.”
Synonyms
- network isolation
- network zoning
- micro-segmentation
- network partitioning
Antonyms / Opposites
- flat network
- open network
Images
CC-licensed · free to useVideo
Related Terms
- vlan
- firewall
- zero-trust
- vpn