Network Segmentation
Segmentation isolates parts of a network to limit lateral movement and reduce blast radius.
Updated: 2026-03-05
Definition
Network segmentation divides a network into smaller zones (VLANs, subnets, security zones) with controlled traffic flows between them.
It limits how far an attacker can move after gaining access.
Key points
- Reduces blast radius
- Enforce with ACLs/firewalls/security groups
- Microsegmentation is finer-grained segmentation
Common mistakes
- Creating segments but allowing 'any-any' between them.
- Not mapping dependencies; segmentation breaks apps when unmanaged.
Related exams
CompTIA Security+ (SY0-701)
Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.
CompTIA Network+ (N10-009)
Free Network+ N10-009 mini test. Continue in the app for offline packs and detailed explanations.
Cisco CCNA (200-301)
Free CCNA 200-301 mini test. Continue in the app for offline packs and detailed explanations.
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams