A small, financial focused business is looking to organize and secure its network. It currently has a single public IP address from a local telecom. Construct an argument as to how you think a company should engineer the network, what type of routing it should use, and how it should break up the subnets.
The financial firm should purchase an enterprise firewall and configure it to be PCI compliant. Different subnets could be configured for access to servers with financial information, employee computers, phones, peripheral equipment such as printers/scanners/card readers/etc., and the wireless network. Access could be restricted between them as desired and only certain ip addresses could be allowed to access the firewall itself. Certain users would have access to certain subnets based on necessity and security concerns.
Breaking up the subnets this allows for troubleshooting within those subnets to be resolved more quickly and accurately. Additionally, monitoring can be set up with SNMP to alert of unusual activity within those subnets.
Avoiding wireless connections is preferred, but if they are to be used, two-factor authentication should be put into place. If the wireless access point is isolated from other parts of the network, it could be used for personal or guest access.
Switches can be configured to disable a port if anything besides a computer or a phone is plugged in to prevent security breaches (like if someone plugs in a wireless access point to a switch that allows it to access a subnet that has access to sensitive information).