Network Separation

A common practice employed so as to ensure security and enhance performance is to split networks so as to bring about the formation of sub-networks. This can be achieved in one of two ways: Physical Separation and Logical Separation.

Physical Separation is the process of literally breaking down networks and providing each network with its different routers and other hardware like switches and firewalls. It is ensured that overlap does not occur. This, however, is a very cumbersome and expensive process to carry out. So, this paved the way for Logical Separation.

Logical Separation makes use of VLAN's. VLAN is a virtual local area network. This means that Logical Separation entails allowing a user to access a local and virtual computing environment. Logical Separation cuts cost in massive amounts. This is attributed to the fact that there is now very less hardware to purchase and maintain.

Mechanism of Logical Separation: As mentioned, this is done by VLAN's. They use switches and put various computers on a network, completely virtual. These are put together based on their functioning or the departments, etc. This helps achieve isolation in traffic amongst the several computers present in the VLAN. What a router would do in a situation like this is it would put together computers on various subnets. This is achieved by checking the physical locations. So this means that all computers must be located geographically close. A logical separation essentially means separating computers based on logical needs rather than having to separate them on the basis of physical needs.

This is highly advantageous as if a network worm were to enter, it wouldn't make the whole network vulnerable but would affect a sub-network. An obvious advantage of this implementation is to increased traffic control. It also assists in the betterment of the performance as now, there would be a lesser number of hosts per sub-network. This means the traffic created locally is minimized to how much is really required. It also allows users to gain access to only a few network resources. If there is any malicious behaviour, it can be detected to the earliest due to this limited access and the authorities could be notified to the earliest.

Physical separation is followed through when the protection of critical and crucial data must be carried out. This can be thought of by imagining where to hide gold. Hiding it in an isolated island means reducing the area of risk on the whole and ultimately protecting the required: gold in this case.

Logical separation, however, is done in any other cases. So, in any other case where crucial data is not concerned. This is done based on any one detail, example departments. Then an employee would have access to the network which is useful to him/her only. This allows for protection of the network in the larger scope.

Companies, more often than not use a combination of physical and logical separation to achieve high standards of security for their organisation.