Blog / Segregating Your Networks

When it comes to security and compliance, segregating your networks is a must.

IT terminology can be daunting, but don’t worry, because computer networks aren’t; they’re simply groups of computers that communicate with each other. A network can range from just a few devices to fleets of hundreds and even thousands of computers, and they come in wired, wireless, and hybrid forms, but regardless of their size, they’re all networks. Segregating your networks, then, just means preventing different networks from communicating with each other. It’s one of many tools that IT has at its disposal to keep things safe, protected, and in some cases, compliant. There are times when network segregation isn’t just a good idea but an essential requirement.

As for common setups, most organizations use both wired and wireless networks internally, and those are typically allowed to communicate with each other. However, restaurants, hotels, and many other organizations also provide a wireless network for customer or public use. It’s these kinds of unsecured courtesy networks (among others) that shouldn’t be talking to your internal business network.

How is segregating your networks accomplished?

The surest way to separate public or unsecured networks from your internal ones is to build them separately from the beginning, so your public network runs on totally different hardware than your internal one. This means purchasing a whole new set of wireless access points, switches, and even a different internet connection. This way any device, compromised or not, would be utterly unable to access the company network. There’s simply no way to use one to hack the other when are wholly and physically separated.

Of course, while this method is the most secure, such a solution is incredibly expensive and the truth is virtually every wireless device can broadcast to multiple networks so it’s by no means a perfect solution. If you’ve ever been waiting for an appointment and had to choose between networks labelled “BusinessName” and “BusinessName – Public” then you should know what we’re talking about here. So although your networks may be entirely separate, people’s phones can still “see” your internal one even if they can only connect to your public one, and that means hackers can still attack it directly.

So rather than spending excessively on an imperfect solution, we recommend a slightly less secure but much more budget-friendly alternative. We’re not going to delve into the details (this post would become a technical manual if we did), but it is possible to segregate your networks even when they’re both using the same infrastructure. It requires configuring all network access points and equipment in a specific manner, which in turn requires high-quality hardware as not all switches can be configured as needed. Investing in exceptional equipment here is still far, far cheaper than the previous method, so don’t use cheap switches that could compromise your security.

Many regulatory structures have specific security standards when it comes to segregating your networks as well. For example, PCI-DSS requires businesses ensure payments are sent via their own network that’s separated from your regular one. Similarly, SCADA equipment often reacts poorly to strange network traffic (it can break) so complete network segregation may be a good idea for such a scenario. But regardless of whether segregating your network is a requirement or just a good idea, organizations of every size and type need to consider segregating their networks, especially if staff regularly bring personal devices to work.

For more information about segregating your networks, contact TRINUS to get yourself some stress-free IT. We’ll be happy to help with every step of the process, including planning, sourcing equipment, and configuration and deployment.

This Shakespeare quote comes from Taming of the shrew, “Who wooed in haste and means to wed at leisure.”

Be kind, courtesy your friendly neighbourhood cyber-man.