Link to home
Start Free TrialLog in
Avatar of justin0104
justin0104Flag for United States of America

asked on

lock user vlan down from accessing server vlan

What is the best way of going about this and is it necessary? I have a user vlan that right now has complete access to the server vlan and I'm wondering if I should lock this down some so they can't do certain things. What ports would you recommend locking the users from accessing on the server vlan?
ASKER CERTIFIED SOLUTION
Avatar of Saineolai
Saineolai
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of justin0104

ASKER

Well we have exchange, AD authentication, SQL, web sites 80 and 443. Would it be best to allow all known good ports 0-1024 and block all other ports above that? I do however want to block rdp and icmp so I know how to do that but do you see any problems with the 0-1024 allow and then everything above that block?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Alright I'll just look up ports then. You are correct with the malware, viruses and so forth question. This is just a general security policy I am trying to enforce. Right now we do have a server vlan and a user vlan and I realize that they are do separate broadcast domains but just in case I want to have my bases covered.
Avatar of Qlemo
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.