Segmenting a Network
Network infrastructure needs to be protected from attacks that are mostly launched by hackers; one of the best security measures is the use of network segments. A network segment is part of a computer network that is separated from the rest of the network by a device such as a repeater, hub, bridge, switch or router. You can segment a network by using switches to divide the network into a hierarchy. A switch or network switch is a small device that joins multiple computers together, working on layer two of the OSI, to form a local area network.A segment can contain one or multiple computers or other hosts for security, performance or reliability purposes. A virtual local area network (VLAN) segment "|is a collection of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location". (Varadarajan, 1997) VLANs are usually separated by switches that divide the network into multiple broadcast domains, to reduce the amount of traffic going to all devices and thus increase performance .In an organization VLAN can be segmented either by user or by logical group. Segmenting by user involves placing users whose jobs require constant use of the network to interact with a particular server on the same VLAN segment with the servers to which they need access. On the other hand segmenting by logical group involves placing users with the resources that they need. (Shinder, 2005)
There are various number of switches used when segmenting a network. A core switch, which is also known as a tandem switch,
is a high-capacity switch positioned in the physical core of a network. A core switch serves to interconnect workgroup switches, which are relatively low capacity switches that serve groups of workers in geographic clusters. These devices have a wide range of prices ranging from $70 to &100 for Work group switches and $500 to $1000 for core switches. A Switch works by accepting traffic on any of its ports, examining each packet for is destination information, and transmitting the packet only to the port on which the target device resides. (Wiley, 1996)
The importance of segmenting a network is to basically ensure that security, reliability and performance of network infrastructure are enhanced in any given organization.