If you can use TLS or SSL to talk to the server. I would recommend doing that as well along with WPA-2.
-mmiller On Tue, Feb 2, 2010 at 10:30 AM, Jody & Jennifer McCluggage <[email protected]> wrote: > Under the conditions that you describe (no radius, no enterprise gear, > single user), I believe your best bet would be to implement WPA-2 Personal. > This setup requires a pre-shared key that is used by both sides. Under most > clients, after initial setup, the user does not need to know the pre-shared > key to use it (it is installed on the client), so make the pre-shared key > wickedly long and complex (25+ random string). The biggest issues with > pre-shared keys are that all systems must use the same one and they usually > must be manually updated (i.e. they are not changed on a regular basis). > Since you are only implementing for one user, the first weakness is > mitigated quite a bit. You can help mitigate the second one by creating a > very long and complex string and securely storing it (use something like Kee > Password safe, etc). Most of the tools out there currently attempt to break > WPA-2 Personal rely on a weak pre-shared key (i.e. most don’t directly > attack the encryption or algorithm) so can usually be thwarted by using a > strong key. > > > > I have not worked directly with OpenWRT but I assume that it supports WPA-2 > Personal? > > > > As for HIPAA, it does not proscribe specific steps on how to secure wireless > (the new updates in the ARRA HITECH does proscribe acceptable encryption. > WPA-2 uses AES which should satisfy it). Its goal is to simply secure > protected health information. It is organization’s job to determine the > best way to do that and justify it through risk analysis and migration > processes. So the bottom line is, whatever you decide to do, document what > you perceive the risk to be and how you went about mitigating it. > > > > Jody > > > > ________________________________ > > From: [email protected] > [mailto:[email protected]] On Behalf Of Tyler Robinson > Sent: Monday, February 01, 2010 7:56 PM > > To: PaulDotCom Security Weekly Mailing List > Subject: [Pauldotcom] Secure "Relative Term I guess" Wireless network > withVPN > > > > Just wondering if anyone has had any experience configuring DDWRT or OpenWRT > to be HIPPA compliant across WIFI, I have a single user, single machine > Medication cart that I need to be WIFI mobile but still HIPPA comliant and > of course the customer wants to spend the least amount of money so no radius > and no special enterprise WIFI Gear. Any advice is always appreciated. > Thanks, > TR > > -- > Tyler Robinson > Owner of Computer Impressions > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
