[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 298
  • Last Modified:

What kind of hardware is best for going wireless?

I'm running a small network at a health center. Approximately 75 computers, with the probability to do some small expanding in the next year with an additional 15 PCs. On our network we have a P2P connection with the local hospital (DSL) that we retrieve patient records from. We have a Windows 2003 Server that handles all of our active directory, and an NT box that does our DHCP. All workstations are running Windows XP Pro. My question is since i'm in the health industry we have to go by HIPPA standards, i'm wondering what a good affordable wireless setup would be for us, and most important the most secure. If you have advice and pricing on any available products that would suit my needs please feel free to let me know. I'd prefer to go with Cisco more then anything. Thanks.
0
selhs
Asked:
selhs
  • 8
  • 4
  • 2
  • +4
1 Solution
 
pseudocyberCommented:
Well, I'm not an expert on this, but I do work in health care - right away you're going to have to rule out a simple, "affordable" solution.  What's affordable for you?

You're going to need something that can do Extensible Authentication Protocol (EAP) and authenticate your users.  You're going to need something with GOOD encryption.

What might be the most "affordable" is to do a basic installation on a DMZ type network - outside your main firewall/internal segments.  Then allow ANYONE to connect to those, or you could put in some authentication mechanism at this point if you felt like it.  Then, require users who connect wirelessly to Authenticate and Encrypt through VPN over their wireless connection to the inside of your network - through your firewall - so you could have the firewall only allow VPN and VPN Authentication traffic from the wireless segment.
0
 
GenexenCommented:
P2P to retrieve hostpital records?  Please post which hospital so that I know never to go there!

But to answer your wireless question:  WEP and MAC filtering provide marginal security at best.  I would start by ruling out any hardware that does not support WPA.  

I personally would seek out a solution which includes 802.1x authentication along with layer-2 isolation.  But this ain't cheap ;)
0
 
rafael_accCommented:
I wouldn't recommend for a complete and exclusive wireless solution. Wireless networks aren't yet very popular regarding security issues - well ... they are popular but very weak also. Yet, it is possible to achieve good security if properly deployed. As you can see from peseudocyber's post, a secure deployment could lead to some very technical issues (VPNs, RADIUS Servers, failover authentication mechanisms, etc.). Thefefore, I believe you should consider going for wireless, very carefully.

You should also consider locations for the access points, the area the wireless network should span, ranges, etc. Concluding, when deploying wireless networks, you should look not only to networking technical issues, but to building infrastructure as well. Then, you will be able to decide what equipment you need.

Anyway ... if your budget allows that, go for the best in the networking field: Cisco

Cheers.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
fixnixCommented:
You could use Access Poitns that authenticate to a RADIUS server and also shields wireless clients from sending packets to each other, all in a DMZ then VPN in to the wired network from there.  That's basically already been said by others above...I just condensed it down to one sentence.  If Cisco is out-of-budget, you could use something like Buffalo's $220-ish unit shown at http://www.buffalotech.com/products/product-detail.php?productid=73&categoryid=6.
0
 
fixnixCommented:
http://dmoz.org/Computers/Security/Authentication/RADIUS/Server/ lists several choices for the RADIUS portion of the network setup, which ones work on which platforms, etc.
0
 
eatmeimadanishCommented:
Genexen, obviously the user was referring to a direct connection and not Kazzaa or emule.  You should think before you insult somebody, escpecially with something that is over your head.  Wireless as long as it is encrypted should suffice for HIPAA.  I actually work as a network administrator for HCA so I deal with HIPPA all the time.  As long as your remediation is the control of passwords to software and an encrypted network, this should be appropriate as a mitigating control for HIPAA. Any solution that includes these steps should be sufficient.  
0
 
rafael_accCommented:
Very good point eatmeimadanish!!!  
I was even wondering what was the point of Genexen's post anyway!?

Cheers.
0
 
PennGwynCommented:
I believe, in this context, "P2P" is referring to a private "point-to-point" link and NOT to a "peer-to-peer" file-sharing bletcherosity.

0
 
rafael_accCommented:
It might be. However, P2P term doesn't refer to "point-to-point" but to "Peer 2 peer", as far as I know. I might be though; please correct me (allways learning)!

Cheers.
0
 
rafael_accCommented:
"I might be wrong" I meant before ...
:)

0
 
pseudocyberCommented:
I read it as Point To Point, given the context ...
0
 
rafael_accCommented:
Ok. I can see that ...  but, technically, what is the real meaning?
Maybe you are better inspired than most of us today :) ... However, I don't believe it should be a matter of inspiration!

Cheers.
0
 
fixnixCommented:
Hey Rafael: google for "P2P T1" and you'll find many many businesses, ISP's, tech forums, etc, that use P2P to mean Point to Point.  Enter P2P into dictionary.com and you'll get a link to http://www.acronymfinder.com/af-query.asp?p=dict&String=exact&Acronym=P2P which includes "Point to Point" among several other acronymns.  


"I read it on the internet....it MUST be true!"  haha.  I guess it depends on context, and I'm not aware of any official "These acronymns are correct, these are wrong" governing bodies, but using P2P to mean Point to Point certainly seems pretty common.  

"When in Rome....."

Cheers.
0
 
rafael_accCommented:
Good. Anyway ... we are "fighting" for nothing here as far as Genexen doesn't say anything ...
Cheers.
0
 
fixnixCommented:
lol!
0
 
rafael_accCommented:
:D
We must relax a litle bit!
0
 
selhsAuthor Commented:
No you are correct, I was referring to point to point, not peer to peer. There aren't many companys that have a direct DSL connection to other buildings. Alot of people just use T1 lines, but we didn't need all that speed for 1 PC to use on the other end. We are only sending small amounts of data and no voice, so the practical solution for us was to get a DSL line. Eitherway, the decision isn't in my hands to go wireless. Right now all of our PCs are hardwired into the network. Our providers (Doctors), want to be able to use their PDAs to bring up patient records and appointments anywhere in the building. From a networking point of view, as a systems administrator I think it would benefit me more then them. I don't have to remotely log into my PC to retrieve my files. I prefer to go with the more secure and best network because i feel more comfortable, I really don't want to have to lose patient information to hackers. I put in for the company to pay for my CCNA and my CNWP, which will help me out. I'm just trying to get a read on what all i need. I'm going to get a Firebox III 700 for our VPN firewall, and then the standard cisco routers and wireless routers/access points.
0
 
rafael_accCommented:
And the winner is ... ?
0
 
selhsAuthor Commented:
I have to go what is best for our company lol.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 8
  • 4
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now