Re: Linksys BEFSX41 vs. high end firewalls
From: Richard H Miller (rick_at_bcm.tmc.edu)
Date: 12/02/03
- Next message: Arman: "Re: DMZ (De-militarized Zone)"
- Previous message: G Klein: "Re: Catch 22 with Norton Internet Security"
- In reply to: Mig: "Linksys BEFSX41 vs. high end firewalls"
- Next in thread: Leythos: "Re: Linksys BEFSX41 vs. high end firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 2 Dec 2003 00:34:19 GMT
Mig (ebthor@hotmail.com) wrote:
: I have a small medical office customer that is trying to save money
: wherever possible and want an inexpensive router for DSL internet
: access. We want to stay within HIPAA guidelines, but I can't really
: figure out if we need a high end unit like the Cisco Pix series, or if
: the firewall in the BEFSX41 is sufficient. Some of the features it
: advertises are:
: Protects PCs from Ping of Death, SYN Flood, Land Attacks, IP Spoofing,
: and Other DoS (Denial of Service) Attacks
: The Router can be configured to limit internal users' Internet access
: based on URLs and/or time periods—URL filtering and time filtering.
: For enhanced protection against intruders from the Internet, the
: Router features an advanced Stateful Packet Inspection firewall.
: Can anyone offer some advise on the matter?
I would not trust a router to provuide sufficient protection if PHI is
involved. From my experiance, I would recommend a VPN Edge device from
checkpoint. It is standalone. A small PIX would also work as would some
of the other non-host based firewalls. Other people in the newsgroup may
have other recommendations. Listen to them, especially if they have helped
small medical practices. My background is at the large enterprise level and
it may not be the best for your situation.
If you feel comfortable supporting Linux, it also might meet your needs.
A host base solution such is zone-alarm, kerio, black ice or the like
is not sufficient for providing the protection required. The industry
practice is having a separate permeter device.
Part of what you need to do is
define what the parameters of the security policy are going to be [i.e.
what type of access inbound is required (if any) vs what type of outbound
access is required.
If you office is going to send data to larger health care providers you
may have to install a VPN endpoint that will work with the partner's VPN
device.
If you are going to allow random people into your domain, then you will
probably need a design that will allow a DMZ.
I strongly advise that you hire a security consultant to work with you to develop
the appropriate apporach for this office. Choose one who works with multiple
vendors and check the references for how good a job they did.
I would not advise going too cheaply on this, remember, HIPAA violations are
considered to be a civil rights violation and whatever solution you come up with
must meet the privacy regs now and will also have to meet the security regs in 2005.
But, by the same token, you should not have to spend 5-10K for an enterprise level
solution. I think you can get a good solution for 500-1500. But remember, the solution
should be one you are comfortable with for support, maintenance and trouble-shooting
Richard H. Miller, MCSE, CCSE+
Information Security Manager
Information Technology Security and Compliance
Information Technology - Baylor College of Medicine
- Next message: Arman: "Re: DMZ (De-militarized Zone)"
- Previous message: G Klein: "Re: Catch 22 with Norton Internet Security"
- In reply to: Mig: "Linksys BEFSX41 vs. high end firewalls"
- Next in thread: Leythos: "Re: Linksys BEFSX41 vs. high end firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
