| HN Mirror

Corporate Networks 10-15 years ago are like the Canadian US border, where as today they're more akin to the North Korean South Korean border.

10-15 years ago everything was on the same LAN except for the handful of web servers you might have plugged into the DMZ port of your firewall and every client was implicitly trusted. Today we have VLANs for everything and segmentation is done purely for organization aesthetics. Switches can dynamically provision ports based on the client connected. Wired clients and wireless clients reside in different segments with different restrictions. Open network ports in unsecured areas, like conference rooms, are on highly restricted VLANs. I've even seen segmentation based on client MAC addresses where unknown devices were just routed back to themselves for everything.

Back then Email servers accepted connections from anyone and would relay just about anything no questions asked, today email servers are locked down and very suspicious of one another with DNS records (SPF, PTR) for verification.

There are security appliances sitting on the edges of network monitoring all inbound and outbound traffic as well as appliances in the network watching the too and fro. We have software clients sitting on desktops monitoring traffic and blocking malicious or harmful requests as well. Software firewalls are now standard and turned on by default.

On top of all that, Mobile Networks are distributed with each cell tower being it's own insular network with a secure WAN connection over an ISP back into the central network with all manner of port filtering in place.