Network segmentation is a vital practice both at home and in the office. It will increase your security and productivity. Before we get to that, let’s get into what it is exactly.
Network segmentation is essentially divvying up every smart, internet-enabled device in your home or office, into segments, also known as subnets. These subnets can be as complex and numerous as you’d like, but here are our suggestions for at least getting started. Thankfully, it’s not that complicated to categorize or implement.
First, consider your house. Take a moment to think about all the smart devices and computers (one-in-the-same, but you’re probably picturing different things) there are under one roof. Consider how much that total number has dramatically increased within the last two decades. Not only does this include every cell phone, smart tv, computer, and tablet, you also have to add in gaming systems, smart vacuums, your Amazon Alexa or Google Nest, security cameras, smart thermostats…the list goes on!
All of those devices have many convenient benefits, but they also open your home up to hackers and take up a lot of bandwidth. Our solution is to turn on the Guest network offered by most Internet providers. That way, only your trusted devices, such as phones, tablets, computers, and printers, will live on your main network. Everything else—your streaming services, IoT devices, and guests (!) can live on the Guest network. This does a few things:
- Increases the security around your trusted devices. Your IoT may not update frequently and can be an easy front door for hackers. If the IoT device is on a separate network from your trusted devices, hackers won’t have access.
- It will control traffic from all devices better. That way, your Internet bandwidth won’t be bogged down while you work from home and someone else is streaming a show or playing a video game, for example.
- This will keep bad guys from entering your main network through visitors’ devices. You don’t know how secure their phone or laptop is, so why let it join the same traffic as your trusted devices?
An added bonus? You can limit access to the guest network. That way, you can inhibit Internet activity when your kids should be sleeping, for example.
At work, it’s a very similar procedure, with some additional considerations. At Partners Plus, we advise and utilize three segments.
- The first is our main network. Most trusted devices, such as workstations and servers, live here.
- A simple way to categorize it is anything covered by antivirus can live on this network.
- For decades now, this also included printers, but we may be slowly drifting from that. Learn why here.
- No IoT devices are allowed on this network.
- Employee personal phones/devices and Internet-enabled corporate devices live on a separate Internet connection.
- That way, the devices that may come and go can’t touch our network.
- This network is available during extended operating hours.
- Additionally, we limit the bandwidth to keep focus and productivity up.
- Lastly, we use the guest network from any guests.
- This network is also limited in bandwidth and is available during operating hours.
- For you, that could be vendors, visitors, patients, etc.
We segment into these three subnets using the Wi-Fi’s guest network and the firewall, which utilizes both intelligent software within the hardware. This protects our main network from vulnerable devices and sensitive data. That way, we’re able to detect and act on any intrusions we see attempting to enter our network.
Perhaps our three groupings don’t make sense for your team, or you want to take it a step further. All it takes is a little extra planning! Map out which assets need to communicate with one another, and which don’t. On top of that, consider limited user access with a zero-trust mentality. Think about who has to prove they have permission to access said data. Some access points could even be given on a strictly case-by-case basis.
For both at home and in the office, network segmentation is a great solution. It divides the existing network into smaller pieces to enhance security and performance (controlling traffic flow), as well as limits hackers’ ability to access everything once they’ve found a way in.
To get assistance in the setup, contact us today! We wouldn’t recommend this security practice if we didn’t utilize it ourselves.