Simulated SME Network
Lab project as a case study: segmentation, DMZ, guest Wi-Fi & management network.
Type
Lab / reference
Target
SME without in-house IT
Focus
Security & maintainability
Highlights
- • 4 network zones (Internal/DMZ/Guest/Management)
- • Firewall as clean boundary between internet and LAN
- • Documentation + target architecture + next steps
Tech stack / tools
Note: This is a lab project case study. For production, we’d add exact rules, role model and operating concept.
Context
Goal: a realistic target architecture for a small business without in-house IT — stable, traceable and with security basics.
- • about 15 employees, Windows clients
- • Sensitive data (customer/business)
- • Need: clarity, structure, access control
Scope
Included
- • Network zones & rules (concept)
- • Roles/management access (principle)
- • Documentation / target state
Optional
- • Monitoring approach
- • Backup/recovery checklist
- • Hardening (standards)
Not included
- • Real customer data / production
- • Full SOC/EDR setup
Architecture
Segmentation separates zones logically, reduces risk and keeps administration controllable.
Zones
- • Internal (users/clients)
- • DMZ (public services)
- • Guest (guest Wi-Fi)
- • Management (admin/management)
Security decisions
Least privilege
Admin access only where it belongs (management).
Clean boundary
Firewall clearly separates internet and internal networks.
Traceability
Documentation + baseline for logging/monitoring.
Deliverables
- • PDF report (current state, risks, quick wins)
- • Action plan A/B/C
- • Review call (clear, questions live)
Learnings
Key takeaway: segmentation + clean standards quickly create clarity. For real production: define exact rules, role model and operating concept.
Want this clarity for your IT too?
Short first call — you’ll know if an IT check makes sense.