Splitter switch with multiple network

With an increase in informatics insecurity in companies, I try to increase the security of my network, but I encountered a problem trying to set up my ideas. Right now, each person in my company is on their own computer, and there are some shared one, and they can access the whole company network, even what they will never need, so it is a true problem of security.

Data access is not a problem, as the management is done properly within the identification process of each person. However, everyone can access the tools (remote desktop, engine configurations, ...) :

What I am afraid is that someone breach my internal network, and be able to download/modify my engine configurations, control the remote desktops, ... I want to be able to physically separate my different networks, so that everyone can only access only one network at a time with their computer (wan OR lan1 OR lan 2):

I bought manual RJ45 splitter switch from Amazon and it was working just fine (there were only two separate networks). But now some people need to be able to switch between 3 or more networks so it became way more complex. Does someone have an idea ? I want a solution that cannot be hacked, I use a mechanical one as it is the safest but if there are some equivalent solutions, I am open. If rights could be set up for every computer to limit the networks access (RH area only need RH and WAN access for example) it would be even better. Right now, I only need to link the people to the right network so it does the job fine. PS : all computers and engines are on Windows Pro/Linux (Debian, Ubuntu, ...)

Your network diagram is flawed. The way you must do it is simply by defining all the VLAN/LAN and it's the firewall on the top of the pyramid that decide, with the rule you set, what can talk over to other VLAN and what can go on the Internet.

Get switch that support VLAN, and a firewall that support multiple VLAN.

In exemple a network for industrial's factory is often blocked for the internet, as most of the time such equipment are way out of date and insecure by themself on the internet, and isolated from other LAN for the same reason.

I want to be able to physically separate my different networks, so that everyone can only access only one network at a time with their computer

That doesn't increase security. Nothing is stopping intruded code from accessing a sensitive device once it's been connected.

The proper way to do it is to define security zones separated by a firewall. Security zones can be separate network switches, but you can also just use VLANs.

1. Make each of your red and blue boxes a VLAN. Define exactly which protocols may be used from one VLAN to the other and which direction may be used to create a connection. Craft those definitions into firewall rules.
2. Define restrictive rules for Internet access. Only allow what's required for work. If that's not possible use comprehensive content filtering with SSL deep inspection to disallow encryption to bypass the content filter. (This item likely requires you to hire a good consultant.)

There, you've got decent security.