I currently have several VLANS (management for network devices, iot for smart devices, infra for security cameras and NAS, one for personal devices, anothe for guests, etc.
Currently I’m hosting a game server which is exposed to the outside world and am thinking of adding a couple more similar services.
Is it best practice to put such machines on their own isolated VLAN to minimize their attack surface?
I recommend putting public-facing devices on a separate VLAN, and run as much as possible through a reverse proxy, to only have a single port open. Network monitoring is important too.