A network segment is a portion of a computer network that is separated from the rest of the network by a device such as a repeater, hub, bridge, switch or router. Each segment can contain one or multiple computers or other hosts. The type of segmentation differs according to the type of device used. For example, a bridge separates collision domains, while a router separates both collision domains and broadcast domains. A collision domain is a logical area in a network where data packets can collide with one another. A collision occurs when two or more network devices attempt to send a signal along the same transmission channel at the same time, and it can result in garbled, and thus useless, messages. A broadcast domain is the portion of a network that is reachable by a network broadcast, i.e., a simultaneous transmission of a single message to all hosts on the network, or part, thereof. Each network segment supports a single medium access protocol and a predetermined bandwidth. The more hosts that are on a network segment, the more divided this bandwidth is. Crowded network segments lead to a condition known as congestion, which results in degraded performance. Each network segment can have its own hub or switch. In most cases a contiguous range of IP addresses will be assigned to each segment. Perhaps the greatest advantage of having multiple segments rather than having all hosts on a single, large segment is that it can increase the amount of traffic that a network can carry. A major consideration in designing segmentation to maximize network capacity is to put computers that do not normally communicate with each other on different segments. Another important reason for segmentation is security. If an attacker successfully compromises a single computer in a network segment, every computer in that segment is at risk. Although the use of a switch instead of a hub can minimize the effect of packet sniffing (i.e., eavesdropping on packets passing through a network), it is also possible to circumvent switch security. However, segmentation allows all the advantages to a business or other organization of having all of its hosts on a single network while insulating each part of the network from unauthorized entry. Each segment can be protected from the other segments by using firewalls, each employing its own set of rules, through which data moving between segments must pass. Examples of situations in which networks are typically segmented include businesses (e.g., payroll and personnel data are not accessible to ordinary employees), educational institutions (e.g., students are not able to access data about other students or change their grades) and co-location companies (which must keep the networks of the various web sites they host separate). Created October 2, 2005. |