Problem Statement
Outline a safe plan to test segmentation between user VLANs and a database subnet.
Explanation
First, confirm scope, target subnets, and allowed test ports. Coordinate a window with ops. From a test host in the user VLAN, try only the approved DB ports and record results. Use tiny, read-only connection checks if allowed. Do not run heavy scans. If any unexpected access is open, stop and report immediately with source, destination, port, and timestamp. Share remediation ideas like deny-by-default ACLs and service allow-lists.
Code Solution
SolutionRead Only
From VLAN20 host: 1) nc -vz db.example 1433 2) nc -vz db.example 3306 3) Record pass or block → report
