No announcement yet.

Security for Payroll Software

  • Filter
  • Time
  • Show
Clear All
new posts

  • Security for Payroll Software

    Our company uses ADP for our payroll services with their software. In the past the 4 people that needed the software had a second computer at their desk with a KVM all the PC's and server were 100% isolated and used a direct dialup to ADP so it quite secure.

    Now we are upgrading to the new software which requires high speed internet and better workstations.

    We have merged the workstations over time so that the user only has one computer with 2 network cards one for the regular network one for payroll which all works fine but management is not too keen on merging the whole setup.

    I am wondering what other people have done with their payroll systems. We are a mid-size company with about 230 employees. In small business's I just put the quickbooks DB (or peachtree...) on the server with full access to the 1-2 users that need it and nobody else.


  • #2
    Re: Security for Payroll Software

    We used ADP in multiple ways. At one point, we had ADP in a citrix environment. At another point, ADP was hosted by them, and they accessed it via login.

    Either way, what you can do in your situation is to place the ADP users in a group, and only allow that group access to the ADP folder.
    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Security for Payroll Software

      I was thinking about a all-in-one box to run the server application and terminal services to run remote desktop with 2 part authentication (smart cards).

      That got shot down by ADP as far as an all in one box they said I need 2 servers to do it the workstation app will not run on the server box. They said that will not support a virtual PC install, I asked if it won't work or not supported? They said some people have had success but un-supported.

      The adp rep said it is secure enough to just setup the server and then the workstations like any other software, no additional steps are required.


      • #4
        Re: Security for Payroll Software

        Have you considered creating an IPSec policy in the domain to require secure communication between those workstations and the ADP server?

        That's what my organization has done with our CRM and order taking app. Of course, enabling and using IPSec on the network is not exactly an afternoon project. =)
        Wesley David
        LinkedIn | Careers 2.0
        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
        Vendor Neutral Certifications: CWNA
        Blog: || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
        Goofy kitten avatar photo from Troy Snow:


        • #5
          Re: Security for Payroll Software

          I had not considered IPSec, I am thinking that it may be a little more then I want to tackle at this point.

          Currently I am building a test enviornment that will be the ADP server using 2003 R2, also running Virtual PC with a 2003 r2 server for term-services.

          RSA is sending me a demo of their SecurID token package so that I can try out 2 part auth to the term-services.

          Also as recommended above I will be making a "payroll" group for permissions to the folder to restrict access (which is standard practice for us anyways).

          I will use the 2003 SP2 windows security wizard to help harden the OS a little bit.

          After speaking to ADP, I am almost more worried about a front door attack where one of our employees that is not supposed to be looking at the payroll information gets in there and snoops around. I think the RSA securID keyfob things should help with that.