How can subnetting increase network security?
Divide and conquer! If all your network was in one subnet, and some device gets compromised, all of yout network and all devices are visible. That compromise could be anything from a virus or work to a hacker. You are then trying to recover all of it at once, and all devices are vulnerable – by the time you clean and secure one, others will potentially be compromised. Breaking the network into subnets increases the number of places once can add security or segregate a network. That can be things like packet filters or full blown firewalls, It also gives IDS systems an easier time, as there is less traffic for them to track, though you would need more. Should a device be compromised in a heavily subnetted network, the initial impact it more likely to be constrained to the subnet, which makes it easier to target your response – all users on the second floor are reporting poor performance for example. That means you have a much smaller haystack to look in to find the culprit to begin with
Subnetting is not meant to increase network security, it was origionally intended to prevent large amounts of Ethernet packets and the risk of packet collision. A combination of subnetting, vlans, and packet filters can be used to achieve of a level of security, however the packet filters on a gateway (or a firewall connected between the gateway and switch ) are more the key points of this type of security set up.
