I think its important to understand where the client's fear comes from. Its
thinking that they are opening their network wide up.
HIPPA is making a client process compliant not the hardware itself, as just
mentioned by someone. But one of the processes is what network policies does
the hospitol allow that could compromise securty if it was not managed
properly. They don't want something in palce that could be improperly
managed. The intent may not jsut be HIPPA compliance, but their own good
judgement on how to keep data secure. Its been written about on every
corner how consumer wifi devices are hackable and not secure, and they
remember that regardless if it has anything to do with your network. The key
is to not have the customer AP/WiFiCPE be the mechanism of implimenting
security. When it is shown that a third party device or other internal
processes are responsible for doing the security, it takes away the WIFI as
even being a variable to consider for breaching security. They can't
critisize wifi for security if the securing method is not the wifi device.
The last thing you want is to have your service be slow to be bought because
some technical bouard is debating for months and months that security risks
of your network. Just take it out of the equation, so there is no delay in
buying your service, and they can figure out how to secure their network as
a seperate transaction.
Tom DeReggi
RapidDSL & Wireless, Inc
IntAirNet- Fixed Wireless Broadband
----- Original Message -----
From: "Dennis Burgess - 2K Wireless" <[EMAIL PROTECTED]>
To: "'WISPA General List'" <[email protected]>
Sent: Monday, November 27, 2006 5:32 PM
Subject: RE: [WISPA] Wireless Security biting you in the ass?
John,
Do you have a listing of HIPPA security needs?
One thing you can do is provide a secure tunnel, IPSEC is best, or a
security on top of security approach. This tunnel will run from your
customer equipment, his hospital, etc, to your boarder router etc that is
connected via fiber or land line. At that point it is as secure as you
can
get it.
So, if you use WEP, Ya security sux, but then put IPSEC inside that WEP
packet, now you are talking. T1s can be tapped, seen it done. So with
the
WEP and IPSEC you are always talking secure. Add on top of that, the
application, and whatever it uses for security, HTTPS, etc.
It's a custom solution to a simple problem. The only thing now that they
could complain about is what about someone sitting in the parking lot
listening to packets sent and received. Can they do that with a T1 etc,
well, ya you can TAP a T1, usually done on the switch side of things? All
you can do then is maybe offer a dedicated backhaul to them, with a
proportery protocol, something like Nstream would work, so now you have
Nstream, running WEP encrypted packets that has IPSEC packets inside that.
If the break it, they should get the data for the work they had to do.
Or
put up something like a optical service if you are close! That would
eliminate that.
Another question I would have to ask is, how secure is cable or DSL?
Figure
this, DSL lets every customer off of their DSLAM to coomuncate to each
other, so does cable. If someone had the right cable modem and off the
same
segment, sure, they can capture every package that is going across the
cable
line!
Thoughts.
Dennis Burgess, MCP, CCNA, A+, N+, Mikrotik Certified
[EMAIL PROTECTED]
www.2kwireless.com
2K Wireless provides high-speed internet access, along with network
consulting for WISPs, and business's with a focus on TCP/IP networking,
security, and Mikrotik routers.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of John Scrivner
Sent: Monday, November 27, 2006 4:17 PM
To: [email protected]
Subject: [WISPA] Wireless Security biting you in the ass?
Wireless broadband security issues have now officially led to my
business being put into a bad light due to perceived lack of security. I
am a member of a regional broadband planning group that is working with
health care and other industry sectors to help deliver broadband options
to all areas that need it. Rural Health centers and hospitals are all
over the region and most need access to broadband which is highly
secure. I need to know what others have done to bring HIPAA compliance
assurance to network administrators and hospital personnel so that your
solutions are chosen and used for health care connectivity. Currently my
services are not being considered do to the perception of a lack of
HIPAA security compliance. I need to get on top of this right now and
welcome your thoughts and ideas. I would prefer to hear from those of
you who have some actual knowledge of delivering HIPAA compliant
connections or those who provide equipment which has been documented to
meet HIPAA compliance.
Thank you,
John Scrivner
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
