I currently have several VLANS (management for network devices, iot for smart devices, infra for security cameras and NAS, one for personal devices, anothe for guests, etc.
Currently I’m hosting a game server which is exposed to the outside world and am thinking of adding a couple more similar services.
Is it best practice to put such machines on their own isolated VLAN to minimize their attack surface?
The reverse is also true. The typical Windows PC is much more prone to being breached than a reasonably well managed Linux server.