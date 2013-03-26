Pointless, and if you asked me in this situation, I'd probably bum-rush you out of my office. MAC filtering is a PITA, there are better ways.

No doubt I would not make the cut. I have no formal training, but I am vastly more competent than anyone I work with which is why I have unofficially assumed the role of an IT administrator.

Will other firm have physical access to workstations, server rooms, APs, etc?

Yes, but I am hoping to at least restrict physical access to the server/network core.

Will equipment be left unattended (do you have a 24/7 operation)?

Yes, they will have a key to the building

What value is lost if workstations/network is accessed by unauthorized persons?

We handle card holder information and therefor must comply with PCI-DSS level 4 regulations. Data is stored locally on the server and 1 workstation but encrypted and password protected on both. Other important data like company financials are stored on the server. Very little sensitive data is stored on the workstations.

What is your current setup? (Server OS, WS OS(es), APs Mfg and Model, details on other equipment.

Server: Server 2008 with Hyper-V Server 2000, 8 workstations on XP Pro, 1 firebox X55e-wireless, un-managed gigabit switch, couple of IP printers, 1 wireless printer, but will likely make that wired when we move and turn off the wifi completely. This is all on a "Workgroup" not a domain.



If you just want to sound cool, what you said is fine. If you want an informed suggestion on security, you need to inform us.

If you don't have anything worth securing, security is kinda pointless.

If you are running a windows domain, I'd say teaching everybody Windows Key + L and enforcing it is fine for WS security.

For AP security, WPA2 w/ AES is fine, use VPN if you are paranoid, or RADIUS.

What router are you using now? check for any known vulnerabilities on your firmware.



If someone has physical access to your data, they can always just walk off with it. If you are just trying to discourage moochers and office hijinks, just about any thin barrier will work.