mmisero
asked on
Wireless security solution
I am in a situation where I would like to provide wireless internet access to our the patients in our medical facility while they are at the office. I don't want to run things wide open and unencrypted, but I also don't want a security setup that the average user can't handle or that we will have to spend time helping them setup. What I was thinking was some sort of dongle or usb type device that would plug into their laptops and allow them onto the network while the device is plugged in. When they leave they turn in the device. That way we have keep the security of our wireless in 2 ways both encryption and physical device. I have tried several unsuccesful internet searches, does anyone have any idea of a product that would fit this requirement? Or maybe another solution?
Thanks.
Thanks.
I would just supply PCMCIA wireless cards to your patients. Since they will be your cards, just use MAC address filtering on your router. You won't have to use any encryption, but no one will be allowed on your network unless their MAC address is on the list. Of course, I am assuming you will be using laptops. Its as simple as that. Hope this helps. FYI, MAC addresses are as unique as a VIN number on an automobile. Hope this helps!
Actually, MAC addresses aren't THAT unique, but I've never run in to a duplicate (some of my colleagues have and they note it can produce WEIRD network issues.
Also, understand, wireless security is a bit like saying military intelligence. Even the most secure wireless network can be hacked fairly easily, even with Mac Address filtering as a mac address can be easily spoofed. If you have to comply with government regulations for securing patient data, I would suggest you create a separate network to provide this wireless access so they are not on YOUR network.
Also, understand, wireless security is a bit like saying military intelligence. Even the most secure wireless network can be hacked fairly easily, even with Mac Address filtering as a mac address can be easily spoofed. If you have to comply with government regulations for securing patient data, I would suggest you create a separate network to provide this wireless access so they are not on YOUR network.
If you just give them internet access and no other network access, and your wireless system isn't also connected internaly to a lan, I'd just use a simple WEP key which you change every day and which you supply your guests with. Just make sure you also provide them with some simple rules they should follow so they stay as secure as possible, like disabling file and printer sharing etc., or not to use an administrator account during the surfing. That way your users can use the OS they have on their PC, using a dongle or something like that will probably only work easily with M$ stuff, but there may be others out there, like mac or linux users....
you might want to check out this reference for securing wireless accesss points:
http://www.cisecurity.org/bench_wireless.html
there are many devices that will do what you are looking for but the infrastructure to set up something like what you are talking about can start to add up. Any ideas on the budget for your solution?
A popular recomendation that I see in EE often would be something like a RSA Security SecurID Key Fob which could do it, for $1400+ each... but what do you do if someone walk out with one?
HTH
-t
http://www.cisecurity.org/bench_wireless.html
there are many devices that will do what you are looking for but the infrastructure to set up something like what you are talking about can start to add up. Any ideas on the budget for your solution?
A popular recomendation that I see in EE often would be something like a RSA Security SecurID Key Fob which could do it, for $1400+ each... but what do you do if someone walk out with one?
HTH
-t
ASKER
Wow, lots of great information! It seems the only thing close to what I am after is the Key Fob, but the price tag is prohibative. The PCMCIA card idea with mac filtering might be closer to the bugetary requirements, although, again the personel on site are medical staff and would not have the time or ability to help patients through configuring a network card. The basic plan as conceived is to have a switch on the perimeter, the internal (company) lan would be firewalled off this switch. The patient access/wireless AP/router would be connected to the perimeter switch. Both the firewall and the wirelessAP/router will have outside IP addresses. I don't think we would have government (HIPAA) compliance issues as we don't have to protect the patient's personal equipment, only their medical information that we are in possession of. A thought occurs to me, does anyone know how hotels handle internet or wireless access?
Just a thought, as you mention your desire to keep it simple... what about wireless usb adapters?
you can configure your access points to allow access by mac address and provide wireless access to any device by just plugging in a usb based wireless card.
i might even keep them as 802.11b usb adapters, that combined with 802.11G capable routers would possible provide a higher QOS for everyone.
you could come up with a little laminated instruction card for the configuration, you would be suprised how quickly poeple will learn about a technology if they think it will provide an advantage.
my mother can get a wireless NIC on line but still cannot set the clock on her VCR.
HTH
-t
on the other side about how to go about configuring the end users...
i would put the wireless APs on their own vlan and NAT them behind a public IP, it wont serve you if you create a path onto your laptops from the outside. What would happen if a utility laptop which is typically used by patients gets co-opted by the doctors for a training session and the key logger that was "accidentally" put on it starts feeding juicy non HIPPA compliant stuff to a central american website... maybe not so good methinks.
you can configure your access points to allow access by mac address and provide wireless access to any device by just plugging in a usb based wireless card.
i might even keep them as 802.11b usb adapters, that combined with 802.11G capable routers would possible provide a higher QOS for everyone.
you could come up with a little laminated instruction card for the configuration, you would be suprised how quickly poeple will learn about a technology if they think it will provide an advantage.
my mother can get a wireless NIC on line but still cannot set the clock on her VCR.
HTH
-t
on the other side about how to go about configuring the end users...
i would put the wireless APs on their own vlan and NAT them behind a public IP, it wont serve you if you create a path onto your laptops from the outside. What would happen if a utility laptop which is typically used by patients gets co-opted by the doctors for a training session and the key logger that was "accidentally" put on it starts feeding juicy non HIPPA compliant stuff to a central american website... maybe not so good methinks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.