DEV Community

zikarelhub
zikarelhub

Posted on

Nigerian Business Network Security — VLAN Segmentation and VPN Implementation

Most Nigerian SME networks are flat — every device on the same subnet, all able to reach everything. One compromised device gives an attacker access to the entire network. Here's how to fix that.

The Problem — Flat Networks

Flat Network (BAD):
Staff laptop → Can reach → Accounting server ✓
Guest phone → Can reach → HR database ✓  
IoT printer → Can reach → File server ✓
Compromised device → Can reach → Everything ✓
Enter fullscreen mode Exit fullscreen mode

The Fix — VLAN Segmentation

Segmented Network (GOOD):
VLAN 10: Staff (192.168.10.0/24)
VLAN 20: Guest (192.168.20.0/24) → Internet only
VLAN 30: Servers (192.168.30.0/24) → Staff only
VLAN 40: IoT (192.168.40.0/24) → Internet only

GuestStaff: BLOCKED
IoTServers: BLOCKED  
GuestServers: BLOCKED
Enter fullscreen mode Exit fullscreen mode

VPN for Remote Nigerian Workers

# WireGuard VPN server setup
wg genkey | tee server_private.key | wg pubkey > server_public.key

# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = $(cat server_private.key)
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
# Remote Nigerian worker
PublicKey = WORKER_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32
Enter fullscreen mode Exit fullscreen mode
// Enforce VPN at application level
const vpnRequired = (req, res, next) => {
  if (!req.ip.startsWith('10.0.0.')) {
    return res.status(403).json({
      error: 'VPN connection required'
    });
  }
  next();
};

app.use('/api/admin', vpnRequired);
app.use('/api/finance', vpnRequired);
Enter fullscreen mode Exit fullscreen mode

Network Monitoring Alerts

// Alert IT team on Telegram for anomalies
async function checkNetworkAnomalies() {
  const outbound = await getOutboundTraffic('1h');

  if (outbound.bytes > 1_000_000_000) { // 1GB+
    await sendTelegramAlert(
      `🚨 Large outbound transfer detected: ${outbound.bytes / 1e9}GB in 1 hour. Investigate immediately.`
    );
  }
}
Enter fullscreen mode Exit fullscreen mode

Nigerian-Specific Notes

  • Use UPS systems — power fluctuations damage network equipment and create security gaps
  • If you have multiple ISPs — both connections need the same security standards
  • Enforce VPN policy even for staff using personal mobile hotspots

ZikarelHub LTD is Nigeria's #1 software and digital agency — network security and application security built together.

What's the biggest network security gap you've seen in Nigerian businesses? 👇

Top comments (0)