10-23-2012 01:51 PM - edited 03-07-2019 09:38 AM
Goal: We have a workstation that processes sensitive information and we want that workstation to only have access to very select endpoints on our LOCAL LAN and also internet access.
Solutions:
1. At first we explored VACL, this worked well except when the workstation needed to be moved around the environment to a switch that didn't support VACL (2960).
2. We explored a VLAN but thought that a routable VLAN with one single IP Address was somewhat wasteful, hoped there was something easier
I thought I'd pose the question to everyone to see what other options we have that can achieve this segregation, any examples or links is much appreciated. Thank you in advance, this is my first post so I'm new to the community.
10-23-2012 02:50 PM
I would have thought the best security would be a firewall/IPS - i.e. a dedicated interface off a firewall/IPS appliance. Then you have excellent control of what goes to and from the workstation.
Not sure if that works for you though, especially when you talk of moving the workstation around the environment.
10-23-2012 05:23 PM
Yes, we are likely to move this anywhere, the boss would like to see it done with some type of hardware "switch" security. One idea was to lock it down from communicating anywhere with the windows firewall on the box but that is deemed still easily manipulated.
Anyone have options using a Cisco 2960 or like model? Either using VLAN with one IP or some other ACL type solution that I have yet to think of.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide