Network segmentation for business

Posted on by

Network segmentation was created to help dividing network from each other. Wikipedia defines it as: “Network

Network Segmentetion

Network Segmentetion

segmentation in computer networking is the act or profession of splitting a computer network into sub-networks, each being a network segment or network layer. Advantages of such splitting are primarily for boosting performance and improving security.”

The applications of this are infinite in now a days business world. Let me just explain a little about my customer particular case.

I decided to write this Network segmentation post due to our last client. He is a hotel owner. The hotel has a lot of rooms. They had a network of a few staff computers plus all the customers computers. The customers access the network using WiFi. Just to serve as an example the customers were on the same network as the accounting computer. That is not a good idea. For instance the day that I was deploying the server at the hotel. I had to cut the network for a few minutes. A customer came to complain and guess what. He was an IT guy. He came saying to me things like the IP address from today is different from the one I had yesterday. I did an NSLOOKUP and it says bla,bla,bla. This guy turned to be a really nice guy, but not everyone has a good heart and intentions.

So because of an incident the owner called me to find a solution. He wanted a few more things. Here is part of a presentation we did for him.

  • Sharing document for specific users on the network.
  • Single sign on users for all the services, and Domain Controller.
  • Control the workers by closing Facebook and YouTube during working hours. You can get started with squid proxy server here and here.
  • Firewall and quality of services over the internet channel so that none could steal the whole channel while others can’t user
  • and of course the Network segmentation or separation of the two networks. The one for the work related stuff and the one for the unpredictable customers :).

This article is about the network segmentation only. Let’s talk about the server now. We decided to install a server with 3 network cards. one facing internet, the second one facing the customers and the third facing the work network. Please check out the presentation for the customer.

For this kind of works there hare a lot of options. We like Linux solutions and that is the one chosen.  Particularly Debian 7 for the OS and Firehol for the firewal. basically the segmentation is done with the configuration of each network card (NICs). In this case the ISP gives IP addresses on the range 192.168.0.0/24. The other networks for the customers and worker could be anything. We decided to give them base 10 ip addresses. Let say. 10.0.10.0/24 and 10.0.20.0/24.

Then the firewall configuration with firehol is pretty simple. You just have to create 3 interfaces with rules and route from one network to another. Fireho is pretty good for this, because it provides a simple syntax to write rules. This is it for today, maybe later I will have time to add the configs and comment on them. but for now let’s leave it that way. With this we have the network segmentation working. If you have any questions or want the configurations feel free to ask.

Cheers.

Leave a Reply

Your email address will not be published. Required fields are marked *