Week 10 Network Management and Infrastructure Cantwell

 

Network segmentation is one of those security practices that seems simple at first, but the more I think about it, the more important it becomes. To me, the most important reason for dividing a network is to limit how far a threat can spread if something goes wrong. No network is perfect, and no organization can guarantee that an attacker, infected device, or careless mistake will never get past the first layer of defense. Because of that, segmentation works like a set of internal barriers. If one part of the network is compromised, the attacker should not automatically have access to everything else.

This is especially important when thinking about ransomware and other modern attacks. If a company has one flat network where every system can communicate freely, then one infected workstation could possibly reach file servers, databases, printers, point-of-sale systems, security cameras, or administrative systems. That creates a much bigger problem than just one infected computer. However, if the network is divided into separate segments, such as employee workstations, guest Wi-Fi, servers, management systems, and sensitive data areas, the damage can be contained. Segmentation does not completely stop every attack, but it makes the attacker’s job harder and gives the organization more time to detect and respond.

The machinery needed for network segmentation can include managed switches, routers, firewalls, wireless access points, and sometimes separate physical equipment for highly sensitive areas. Managed switches are important because they allow VLANs to be created. VLANs can separate traffic logically without requiring a completely separate physical network for every department or function. Firewalls are also important because they control what traffic is allowed to move between those segments. For example, regular employee computers may need access to the internet and certain internal applications, but they should not have direct access to database servers or network management tools.

The software needed can vary depending on the size of the network. At a basic level, administrators need switch and firewall management tools to configure VLANs, access control lists, routing rules, and firewall policies. Larger organizations may also use network monitoring software, intrusion detection or prevention systems, endpoint security platforms, and centralized identity management systems like Active Directory. These tools help enforce rules, monitor traffic, and detect suspicious activity between network segments.

There is definitely required expertise to do segmentation effectively. Someone needs to understand IP addressing, subnetting, VLANs, routing, firewall rules, authentication, and how the organization’s systems communicate. It is not enough to just divide the network randomly. Poor segmentation can either leave security gaps or accidentally block employees from doing their jobs. A good design requires both technical knowledge and an understanding of the business. The person designing the network needs to know which systems need to communicate, which ones should be isolated, and what risks are most important to reduce.

Overall, I think network segmentation is one of the best ways to reduce risk because it accepts reality: security incidents can still happen. Instead of assuming everything can be kept out, segmentation helps limit the damage when something does get in. It protects sensitive systems, improves visibility, and gives organizations a stronger defense-in-depth strategy.

For my blogging experience, I found the assignment more helpful than I expected. At first, blogging felt a little different from a normal discussion board or paper because it seemed less formal. However, that also made it easier to explain technical topics in my own words. I enjoyed being able to reflect on what I learned instead of just answering questions in a textbook style. It helped me slow down and think about how the topic connects to real jobs and real networks.

The part I did not enjoy as much was trying to make each blog post sound different. Some technical topics overlap, so it can be challenging to avoid repeating the same ideas. Still, I think that is also part of the value of the assignment because it forces me to understand the material well enough to explain it naturally.

I do think this type of assignment can help me in my current job. Even if I am not designing networks every day, cybersecurity and access control ideas show up in many workplaces. Being able to explain a technical topic clearly is useful because not everyone has the same level of IT knowledge. Whether someone is talking to a manager, coworker, customer, or future employer, communication matters.

I can see myself blogging in the future, even if it is not required for a class. I probably would not blog every day, but I could see the value in writing short posts about cybersecurity topics, troubleshooting lessons, or technology experiences. Blogging can also show growth over time. It gives a person a place to document what they are learning and how they think through problems.

I also believe blogging is a desirable skill for a company. Technical knowledge is important, but being able to communicate that knowledge clearly can make someone more valuable. A company may need employees who can write documentation, create awareness materials, explain security risks, or help train others. Being able to blog or write professionally gives a person another tool in their skill set. In that way, it can make someone a more attractive hire because it shows both technical understanding and communication ability.