So. I just got a pallet of hardware.
My boss wants me to replace existing hardware, and increasing security in the process.
We are a small company, and I'm the one doing everything from A to Z, where N is for Network.
A shower thought:Why not use isolated private VLAN's for all clients?I mean.. It's not like they need to talk to each other anyway. Servers are in separate subnet. Printers and internet as well.The only application I know of doing any client-to-client is Skype for Business, which shouldn't be a problem for the router/internet connection to handle.
On the other hand it would be great reduce the risk of lateral movement if we're being hit by adversaries or malware.
I've tried looking around the interwebs, but I'm not finding much on this topic.
The alternative is to use ordinary VLANS based on department/floor/function, kept to something like a 26 (or even a 27) bit mask.
No comments:
Post a Comment