Open in app

Sign in

Write

Sign in

Network Segmentation PenTesting

Akash Venky
4 min readSep 15, 2022

— — — — — — — — — — — — — Happy Engineer`s Day — — — — — — — — — — — — —

What is Network Segmentation Pentesting

A segmentation check is a series of penetration tests used to validate that less-secure networks are not able to communicate with high-secure networks.

From Above Fig:

Network Segmentation testing routes

  1. VLAN (A) — — — — VLAN(C),VLAN(D),VLAN(E)
  2. VLAN(B) — — — — -VLAN(C),VLAN(D),VLAN(E)

WRONG Network segmentation testing routes

  1. VLAN(A) — — -VLAN(B)
  2. VLAN(B) — — -VLAN(A)
  3. VLAN(C) — — -VLAN(D)
  4. VLAN(D) — — -VLAN(E)

How Network segmentation can be used ?

Network segmentation is an architectural approach that divides a network into multiple segments (For creating multiple departments such as HR,IT,Security,Developement,Testing etc)or subnets, each acting as its own small network. This allows network administrators to control the flow of traffic between subnets.

Sample Network Segmentation examples in real life.

  1. Imagine a large bank with several branch offices. The bank’s security policy restricts branch employees from accessing its financial reporting system.
  2. Consider a education institution from primary to highest college, where primary teachers are not allowed to work on high school syllabus.
  3. In Govt Police system Separate network is defined for crime branch, Civil branch , Traffic branch etc, Still all the networks remains as a child network to the Main Parent Network.

Network segmentation can enforce the security policy by preventing all branch traffic from reaching the financial system.

One common approach in Segmentation is firewall segmentation.

When a Firewall is deployed at a desired network boundary and architects the network, via physical links or virtual local area networks (VLANs), so that all traffic crossing the boundary is routed through that firewall.

What is the difference between VLAN and network segmentation?

At a high level, subnets and VLANs are analogous in that they both deal with segmenting or partitioning a portion of the network. However, VLANs are data link layer (OSI layer 2) constructs, while subnets are network layer (OSI layer 3) IP constructs, and they address (no pun intended) different issues on a network.

How to Understand IP Address better

What is IP ?

Internet Protocol (IP) is the method or protocol by which data is sent from one system to another on the internet. An IP address is a 32-bit number. It uniquely identifies a host (computer or other device, such as a printer or router) on a TCP/IP network.

What does an IP address tell you?

IP address Includes the city, ZIP code, or area code of your ISP, as well as your ISP’s name.

What does the first number and last 3 digits in an IP mean

IPv4 addresses are composed of two parts. The first numbers in the address specify the network, while the latter numbers specify the specific host. A subnet mask specifies which part of an address is the network part, and which part addresses the specific host. In other words, it says how large the network is. A /24 is a class C network, having 256 addresses and a subnet mask of 255.255. 255.0.

Can 2 devices have the same IP address?

All public IPs assigned to Routers of ISPs or Routers connecting to Internet are unique. but private IPs of two hosts can be the same if both are connected to different public networks. So the combination of public and private IP identifies your device uniquely.

Is 192.168 a private IP

And don’t be surprised if you have a device or two at home with a so-called 192 IP address, or a private IP address beginning with 192.168. This is the most common default private IP address format assigned to network routers around the globe.

Does IP address change with WIFI?

When you connect multiple devices on a Wi-Fi network, each has its own local IP address, which differs from the public IP address. Using Wi-Fi does not directly alter a network’s public IP, but you can use Wi-Fi to connect with a different IP address.

Suggestions are most welcomed,

Please write a mail to Akash.venky091@gmail.com, Also you can follow me here for more updates on Security, Ethical hacking Akash Venky or contact me @ https://www.linkedin.com/in/akash-h-c-4a4090a7/

Ethical Hacking
Cybersecurity
Networking
Security
Bug Bounty

--

--

Akash Venky
Akash Venky

Written by Akash Venky

261 Followers
46 Following

A white hat Hacker...!!!

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams