Seperate VLAN for VoIP and Data?
-
Hi guys
I am deploying a standalone hardware installation of PFsense in a small business environment related to confidential medical data. I will be restricting the firewall to a large degree for inbound and outbound access. Would you recommend that i keep my VoIP and pc data on seperate VLAN's? I have a VoIP server as well, would that be kept in the Data or VoIP VLAN.
Thanks
-
VLANs are often used for VoIP phones. Typically, a computer connects to the phone, which in turn connects to the switch. The question is whether you need or want isolation between the 2. With VLANs, you have better control over what can connect to what. I have worked with both configurations, with VLANs normally used on large networks, but not on small. One place where you may want to use VLANs is when your phones connect to a hosted PBX and separate Internet connections are used for data & voice. As for security, VLANs do provide isolation, but given switches don't share data with other ports, it's difficult to intercept calls anyway. Years ago, back in the days of hubs or even coax Ethernet, it was possible to monitor data at every location. Even with VLANs, it would be possible for someone with appropriate knowledge, such as many of us here, to tap into an Ethernet connection to monitor traffic. I have done just that, with a "data tap" I created with a managed switch.
The VoIP server would be on the same VLAN as the phones.
-
HIPAA only requires that you make reasonable accommodations for security. This may not be a requirement to separate traffic, but I would recommend you do so anyway as this isn't something that end users would see. This can also help or hurt future troubleshooting depending on the issue.
Personally, I'd separate the traffic.
