I am looking to increase the security of my home network as much as possible.
An option I came across was to create two home networks. One would be used by less secure devices, and another for more secure devices. What's the best way to set it up? Is VLAN the most secure option?
I found this question, which is similar, but the OP had more difficult requirements. I do not need to do port-forwarding between both networks.
One good way of achieving this is using VLANs as you have suggested and perhaps two separate VRFs this would allow for segregation at Layer 2 and Layer 3 of the OSI Model. 1
Let it be said that this requires a little bit of networking knowledge and is something that is usually set-up in corporate environments. I don't know what kind of networking kit you're running at home but you would need something a little more advanced than your average home router.
Anything that you can access the command-line on here should suffice, that is for both router & switch. Cisco, Juniper, etc.
Just as a side note, I believe to meet PCI compliance you are required to use a VRF to segregate PCI traffic at Layer 3. That's an example of where VRFs are used in corporate networks.
Another way this could be achieved is the use of an ACL this would allow for allowing and blocking access to certain subnets from other subnets.
For example, if I had my PCI on 10.0.1.1-254 I could deny 10.0.2.1-254 access but I could allow 10.0.3.1-254. This is great because it means that if someone breached your network they couldn't just hop about to different servers, etc as trivially.
(1) The VLAN will be segregating devices at Layer 2 and the VRF will be segregating at Layer 3