Project Summary

Infrastructure security project focused on reducing exposure and improving separation of critical systems.

Network Segmentation Architecture Design

Project Overview

Project Type: Infrastructure Security and Network Architecture

Organisation: National Railway Museum

Role: Cybersecurity Volunteer


Executive Summary

This project focused on improving network security through the design of a segmented network architecture intended to reduce exposure, improve separation of critical systems, and limit opportunities for lateral movement.

The work involved analysing the existing network environment, reviewing system dependencies, identifying communication requirements, and developing a proposed future-state architecture suitable for a non-profit environment.


The Challenge

The existing environment operated with limited network segmentation, resulting in broad communication paths between user devices, infrastructure systems, storage platforms, and CCTV systems.

This increased the potential impact of a compromised endpoint and made it difficult to apply more granular security controls.

The challenge was to improve security without disrupting operational requirements or introducing unnecessary complexity.


Approach

The project followed a structured assessment and design process.

Activities included:

  • Asset discovery
  • Infrastructure analysis
  • Dependency mapping
  • Communication path analysis
  • Current-state architecture review
  • Security zone design
  • Segmentation rule development

Solution Design

User Zone

Included:

  • Office workstations
  • Library computers
  • Shop systems
  • Wireless access points
  • General user devices

Server Zone

Included:

  • Domain services
  • Shared storage
  • Archive systems
  • Backup infrastructure
  • Internal services

CCTV Zone

Included:

  • CCTV cameras
  • Recording infrastructure
  • CCTV management systems

Security Objectives

The design aimed to:

  • Reduce unnecessary communication
  • Limit lateral movement opportunities
  • Improve protection of critical systems
  • Support granular access controls
  • Improve security management capabilities

Key Deliverables

  • Current-state network review
  • Dependency mapping documentation
  • CCTV architecture review
  • Proposed segmented architecture
  • Segmentation rules and communication logic
  • Infrastructure validation notes
  • Implementation planning documentation

Outcomes

The project produced a practical network segmentation model aligned with organisational requirements and infrastructure constraints.

The proposed architecture established a foundation for future implementation activities and improved understanding of system relationships throughout the environment.


Skills Demonstrated

  • Network Architecture Review
  • Infrastructure Security
  • Dependency Mapping
  • Segmentation Design
  • Security Improvement Planning
  • Risk Analysis
  • Stakeholder Communication

Lessons Learned

Effective segmentation requires more than simply separating systems. Understanding dependencies, operational requirements, and communication flows is critical to ensuring security improvements remain practical and sustainable.