Re: HIPAA and firewalls
From: Leythos (void_at_nowhere.com)
Date: 05/10/04
- Next message: Nigel Wade: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall prevent Sasser worm?]"
- Previous message: Nigel Wade: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall prevent Sasser worm?]"
- In reply to: Irwin: "HIPAA and firewalls"
- Next in thread: Gregory: "Re: HIPAA and firewalls"
- Reply:(deleted message) Gregory: "Re: HIPAA and firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 May 2004 12:36:59 GMT
In article <a02856e1.0405091647.70658c8c@posting.google.com>,
ebct@yahoo.com says...
> Hello all. I was trying to connect a few radiology offices in a HIPAA
> compliant manner using VPN. We were considering hardware firewalls
> from Watchguard, Netgear, SonicWall, just read something about
> NetScreen, don't know anything yet about HP. The offices are connected
> using 768k upload DSL, which I presume is the bottleneck. I have read
> previous posts on older equipment, but haven't seen anything
> discussing 2004 equipment. I wondered what you all thought out there?
We do this exact type of work all over the US, this is a very common
practice in the medical and all other types of business.
> 1. Which products would be the most cost-effective, given all the
> different plans and service and upgrade stuff?
Cost effective has many paths - I look at cost effective as being
something I can install and forget for months on end. I install
WatchGuard units everywhere.
A typical solution would include a Firebox 1000 or a Firebox 2500 at the
main office and then SOHO6tc or 700 units at the other locations -
depends on the number of users (the SOHO units have a per-connection
cost, the 700,1000,2500 don't have a limitation on user counts).
You can setup a Branch Office VPN tunnel in about 10 minutes if you have
some experience, creating the rules to limit access by user/system can
take longer.
> 2. Why do the little boxes cost so darn much? They cost way more than
> the computers you are trying to protect. I guess the data is
> invaluable, but still...
I consider the level of protection to be about right for the cost. There
are sub $1000 units out there, but when you start looking at the company
backing them, the included features, how much for support and upgrades,
availability of third-party support, ease of use, etc... I install the
WG units unless a clients requests something else.
> 3. What do you experts think about those arrangements where you buy
> hours of telephone tech support to walk you through an install
> yourself? Much cheaper than an on-site install. Is the end result as
> reasonable? Or at least satisfactory?
I think that it's a mistake to not get a professional firewall person in
to do the install. Doing a generic install can leave you with many
issues that you may not see for months and then it's too late.
> 4. There are all of these different kinds of authentication - user,
> login, certificate. What do I really need? Different vendors all give
> you different information.
If you are doing a main off to branch office setup then all you need is
the firewall to firewall VPN tunnels setup and treat the entire thing as
one big lan.
If you can't get fixed IP addresses for each location you're going to
have problems with tunnels, get a fixed IP at every location. One other
thing, DSL is problematic, we've never had a DSL install where the
tunnel stayed up longer than 1 week without having to auto-reconnect.
Our Road Runner Business class connections go many months before any
auto-reconnect (if at all), and a T1 or fractional T1 is almost always
perfect.
Setting up the VPN tunnels between offices is the proper way to do it
regardless of what type of business you have. It protects the users and
data. If your remote office VPN can force all outbound traffic through
the tunnel to the home office you can get an added benefit of being able
to centrally filter and monitor all traffic, but it will mean that you
need a faster connection between the offices in order to not slow down
the remote users.
One thing I like about the WG firewall units (the 700 and above) is that
they have both Web and SMTP filters that when properly configured
eliminate most of the problems with bad web sites (block lists and
removal of active-x, scripting) and virus infected attachments (by
extension). In the last year, with one large client, not one virus
infected email made it past the firewall for the AV software to havet o
deal with.
Get a firewall professional to install your firewalls, you won't be
sorry.
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: Nigel Wade: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall prevent Sasser worm?]"
- Previous message: Nigel Wade: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall prevent Sasser worm?]"
- In reply to: Irwin: "HIPAA and firewalls"
- Next in thread: Gregory: "Re: HIPAA and firewalls"
- Reply:(deleted message) Gregory: "Re: HIPAA and firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
