<div>
<div class="content wysiwyg-content">
Dear Experts,<br />
<br />
Please advise on how to correctly separate the networks and what devices should be used and configured. &nbsp;I have two networks - Public (<i>internet access, etc.</i>) and Private (<i>should not be accessible from/to the Internet, but should be accessible from certain machines on the Public network</i>). &nbsp;Currently, all computers (<i>belongs to both Public &amp;&nbsp;Private networks</i>) are sharing the same Cisco 2960 switch, but &quot;separated&quot; by their IP's on the subnets they belong to. &nbsp;For instance,<br />
<br />
Public subnet: 192.168.13.x<br />
Private subnet: 192.168.1.x<br />
<br />
Computer A on Public subnet has 2 adapters - IP 192.168.13.5 and IP 192.168.1.5<br />
Computer B on Private subnet communicates with Computer A on IP 192.168.1.6<br />
<br />
My concerns are:<br />

<div class="bullet">
is this enough to separate the two subnets as they are now
</div>
<div class="bullet">
what if Computer A is compromised, would devices on Private network be compromised as well; if yes, what would be a correct way to &quot;completely&quot; separate them and how.
</div>
<br />
Thanks.
</div>
</div>


Dear Experts,

Please advise on how to correctly separate the networks and what devices should be used and configured.  I have two networks - Public (internet access, etc.) and Private (should not be accessible from/to the Internet, but should be accessible from certain machines on the Public network).  Currently, all computers (belongs to both Public & Private networks) are sharing the same Cisco 2960 switch, but "separated" by their IP's on the subnets they belong to.  For instance,

Public subnet: 192.168.13.x
Private subnet: 192.168.1.x

Computer A on Public subnet has 2 adapters - IP 192.168.13.5 and IP 192.168.1.5
Computer B on Private subnet communicates with Computer A on IP 192.168.1.6

My concerns are:
is this enough to separate the two subnets as they are now
what if Computer A is compromised, would devices on Private network be compromised as well; if yes, what would be a correct way to "completely" separate them and how.

Thanks.

Network Separation / Cisco 2960

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

Switches / Hubs

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.