IT Knowledge DB

❯

11 Cross cutting Concepts

❯

Segmentation

Apr 23, 20261 min read

concept
segmentation
security
networking

Segmentation

Definition

Dividing a network (or any system) into zones so a compromise in one zone cannot spread. The foundation of Zero Trust and PCI/HIPAA/OT architectures.

Granularity spectrum

Perimeter only — trusted/untrusted (legacy)
Zones — DMZ, internal, management
Micro-segmentation — per-workload / per-identity

Where it appears

🌐 Networking

VLAN — L2 segmentation
VRF — L3 separation on the same device
ACLs — permit/deny by 5-tuple
Firewalls — stateful inspection between zones
NAC — PacketFence vs OpenNAC dynamic VLAN assignment

☁️ Cloud

AWS — separate VPCs, subnets, Security Groups, NACLs
Azure — VNets, NSGs, ASGs, Azure Firewall

📦 Containers

Kubernetes NetworkPolicy — pod-to-pod firewall
Cilium / Calico — identity-aware policy, eBPF
Namespaces — logical, not security

🔐 Cybersecurity

Zero Trust — segment by identity, not network location
OT/IT separation — Purdue model levels

See also

Routing
L2
L3

Graph View

Segmentation
Definition
Granularity spectrum
Where it appears
🌐 Networking
☁️ Cloud
📦 Containers
🔐 Cybersecurity
See also

Backlinks

Cybersecurity MOC
Cross-cutting Concepts MOC
NAT & PAT
VLAN & 802.1Q Trunking
AWS Security Groups vs NACLs
AWS VPC Fundamentals
VPC knowledge base
Containers Fundamentals
Docker Fundamentals
Kubernetes Fundamentals
Routing
IT Knowledge DB — Index

Created with Quartz v4.5.2 © 2026

GitHub
Renodus