Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows in-network and network-border protection for Internet of things (IoT) devices by securely partitioning network space and defining service-based access to IoT devices. The disclosed segmented attack prevention system for IoT networks (SAPSIN) segments the IoT network into two virtual networks: a service network and a control network; and define access control rules for each virtual network. In the service network, SAPSIN utilizes a service-based approach to control device access, allowing only configured protocol, applications, network ports, or address groups to enter or exit the network. In control network, The SAPSIN provides the access control rules by defining a threshold for the number of configuration requests within a predetermined time. As a result, SAPSIN protects IoT devices against intrusion and misuse, without the need for device-specific software or device-specific security hardening.