Network Segmentation

Network segmentation is a secure partitioning of networks such that network segments have tightly controlled access to eachother. For instance, a network can be segmented such that traffic from network partition A can’t reach network partition B.

Modern network design requires network segmentation to properly secure network environments. For instance, application A should only have network access to those services it relies on, say service B and C. This can be accomplished by segmenting your production network such that service’s B and C maintain a whitelist for applications using them. Network segmentation can be implemented in a number of ways. One way is with IPsets.