from: https://www.us-cert.gov/ncas/tips/ST18-001
How can you improve the security of network infrastructure devices?
NCCIC encourages users and network administrators to implement the following recommendations to better secure their network infrastructure:
Segment and Segregate Networks and Functions
Security architects must consider the overall infrastructure layout, including segmentation and segregation. Proper network segmentation is an effective security mechanism to prevent an intruder from propagating exploits or laterally moving around an internal network. On a poorly segmented network, intruders are able to extend their impact to control critical devices or gain access to sensitive data and intellectual property. Segregation separates network segments based on role and functionality. A securely segregated network can contain malicious occurrences, reducing the impact from intruders in the event that they have gained a foothold somewhere inside the network.