Not sure if this is the best forum for this question, but I was wondering if anybody could provide some best practice suggestions for properly securing access to HR and Finance data. I'm considering Private VLAN's but have never implemented them before. Also possibly considering implementing a pix in front of the servers. Just wondering if anybody has any suggestions as to the best course of action.
My network is currently very flat and we only have one location, so no satellite offices to deal with. These users should be able to access all network resources, but I definitely want to limit what sensitive data is accessable by non-HR and non-Finance employees. The other fly in the ointment is that we have all Cisco VoIP phones, so there are voice and data vlan's on every port. Would private vlan's be able to exist in that situation.
Thanks for any and all information.
Steve