cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
256
Views
0
Helpful
1
Replies

best practices for segmenting HR and Finance?

steve.hart
Level 1
Level 1

Not sure if this is the best forum for this question, but I was wondering if anybody could provide some best practice suggestions for properly securing access to HR and Finance data. I'm considering Private VLAN's but have never implemented them before. Also possibly considering implementing a pix in front of the servers. Just wondering if anybody has any suggestions as to the best course of action.

My network is currently very flat and we only have one location, so no satellite offices to deal with. These users should be able to access all network resources, but I definitely want to limit what sensitive data is accessable by non-HR and non-Finance employees. The other fly in the ointment is that we have all Cisco VoIP phones, so there are voice and data vlan's on every port. Would private vlan's be able to exist in that situation.

Thanks for any and all information.

Steve

1 Reply 1

Istvan_Rabai
Level 7
Level 7

Hi Steve,

I don't think there is a need to use private vlans for this purpose.

You can simply isolate the 2 groups into separate vlans and with proper acl filtering (and intervlan routing) you can control the access of each user to the needed resources.

Keep it simple.

Cheers:

Istvan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: