Networking • Security

Firewalls and Network Segmentation

By MDToolsOne •
Firewall network illustration

Network segmentation and properly configured firewalls are foundational controls to limit lateral movement and reduce blast radius when a breach occurs.

Principles of segmentation

  • Separate critical systems (DB, auth) from public-facing services.
  • Use least-privilege network flows — allow only necessary ports and hosts.
  • Apply micro-segmentation for east-west traffic in cloud and container environments.

Firewall types & placement

Edge firewalls protect perimeter traffic; internal firewalls control segment-to-segment flows. Consider host-based firewalls (iptables, nftables) in addition to network appliances.

Policy examples

# Allow web frontend to talk to API only on port 443
allow from 10.0.1.0/24 to 10.0.2.10 port 443

Related: BGP & routing basics • Zero-trust networks

MD Tools