cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
422
Views
0
Helpful
2
Replies

best practices for segmenting HR and Finance?

steve.hart
Level 1
Level 1

Not sure if this is the best forum for this question, but I was wondering if anybody could provide some best practice suggestions for properly securing access to HR and Finance data. I'm considering Private VLAN's but have never implemented them before. Also possibly considering implementing a pix in front of the servers. Just wondering if anybody has any suggestions as to the best course of action.

My network is currently very flat and we only have one location, so no satellite offices to deal with. These users should be able to access all network resources, but I definitely want to limit what sensitive data is accessable by non-HR and non-Finance employees. The other fly in the ointment is that we have all Cisco VoIP phones, so there are voice and data vlan's on every port. Would private vlan's be able to exist in that situation.

Thanks for any and all information.

Steve

2 Replies 2

Istvan_Rabai
Level 7
Level 7

Hi Steve,

I don't think there is a need to use private vlans for this purpose.

You can simply isolate the 2 groups into separate vlans and with proper acl filtering (and intervlan routing) you can control the access of each user to the needed resources.

Keep it simple.

Cheers:

Istvan

alexarafat
Level 1
Level 1

I’m not sure if this is the best forum for this question, but I’m looking for best practices on securing access to HR and Finance data. My network is currently very flat, with only one location and no satellite offices, so I need a way to restrict sensitive data access to only HR and Finance employees while allowing them to access all other network resources. I’m considering implementing Private VLANs but have never set them up before, and I’m also looking into placing a PIX firewall in front of the servers. One challenge is that we use Cisco VoIP phones, meaning there are voice and data VLANs on every port, so I’m unsure if Private VLANs would work in that setup. Any insights or recommendations would be greatly appreciated. This whole process has made me more aware of security risks in financial matters—similar to how many people have discovered hidden fees in their car finance agreements, leading to mis-sold car finance claims. It just shows how important it is to fully understand the systems and contracts we rely on!

Review Cisco Networking for a $25 gift card