What a subnet mask actually does (no math required):

Think of a city divided into neighborhoods. The mask defines the boundaries.

It tells every device: "These addresses are local, talk to them directly. Those are outside, send traffic to the router."

From a security perspective, this is the foundation of network segmentation. Servers, workstations, IoT, and guest Wi-Fi on separate subnets. If an attacker compromises a guest laptop, the boundary limits how far they move.

That's not just networking. That's least privilege applied to infrastructure.

More in today's article!