IT Knowledge DB

❯

11 Cross cutting Concepts

❯

Segmentation

Apr 23, 20261 min read

concept
segmentation
security
networking

Segmentation

Definition

Dividing a network (or any system) into zones so a compromise in one zone cannot spread. The foundation of Zero Trust and PCI/HIPAA/OT architectures.

Granularity spectrum

Perimeter only — trusted/untrusted (legacy)
Zones — DMZ, internal, management
Micro-segmentation — per-workload / per-identity

Where it appears

🌐 Networking

VLAN — L2 segmentation
VRF — L3 separation on the same device
ACLs — permit/deny by 5-tuple
Firewalls — stateful inspection between zones
NAC — PacketFence vs OpenNAC dynamic VLAN assignment

☁️ Cloud

AWS — separate VPCs, subnets, Security Groups, NACLs
Azure — VNets, NSGs, ASGs, Azure Firewall

📦 Containers

Kubernetes NetworkPolicy — pod-to-pod firewall
Cilium / Calico — identity-aware policy, eBPF
Namespaces — logical, not security

🔐 Cybersecurity

Zero Trust — segment by identity, not network location
OT/IT separation — Purdue model levels

See also

Routing
L2
L3

Graph View

Segmentation
Definition
Granularity spectrum
Where it appears
🌐 Networking
☁️ Cloud
📦 Containers
🔐 Cybersecurity
See also

Backlinks

Cybersecurity MOC
Cross-cutting Concepts MOC
NAT & PAT
VLAN & 802.1Q Trunking
AWS Organizations and SCPs
AWS Security Groups vs NACLs
AWS Transit Gateway
AWS VPC Endpoints
AWS VPC Fundamentals
VPC knowledge base
Containers Fundamentals
Docker Fundamentals
Kubernetes Fundamentals
Routing
IT Knowledge DB — Index

Created with Quartz v4.5.2 © 2026

GitHub
Renodus