Network Security Implementation

Designed and deployed VLANs, ACLs, and port security measures to protect critical business networks, ensuring segmentation, controlled access, and secure operations for enterprise environments.

01. OVERVIEW

Modern business networks require proper segmentation to reduce risk and prevent lateral movement. This project implements micro-segmentation and Access Control Lists (ACLs) to isolate critical systems from less secure segments such as Guest Wi-Fi or IoT devices, maintaining confidentiality and operational stability.

02. METHODOLOGY

  • VLAN Segmentation: Implemented logically isolated networks (Management, Production, IoT, DMZ) to reduce attack surfaces and improve traffic control.
  • Switch-Port Security: Applied MAC-address limiting and "Sticky" MACs to prevent unauthorized devices and network table overflow.
  • DHCP Snooping & Dynamic ARP Inspection (DAI): Ensured only authorized servers assign IP addresses and validated ARP packets to prevent MitM attacks.

TECH STACK

Cisco IOS 802.1Q Trunking Standard & Extended ACLs Port Security Wireshark (Packet Analysis) Nmap STP Hardening

"Security isn't just about keeping people out; it's about controlling where they can go once they're in.."