|
|
Posts: 679
Joined: February 2011
|
|
#50938
01/03/2013 5:35 PM
|
Joined: Nov 2012
Posts: 25
Member
|
OP
Member
Joined: Nov 2012
Posts: 25 |
Is anybody using wireless computers in their office networks? If yes, are you using VPN setup for security?
Thank you for your time.
Dr Jim Webb K.C., MO
|
|
|
|
Joined: Jun 2009
Posts: 1,811
Member
|
Member
Joined: Jun 2009
Posts: 1,811 |
Jim,
Couple of quick wireless security tidbits.
1. Lock down the wireless side by MAC address (this is the network hardware ID). Means the only computers that the router will allow on the network are ones you have added. Far better than passwords that are weak, shared, stolen.
2. Use WPA2 (or newer). WEP is NOT SECURE as it can be defeated in seconds.
|
|
|
|
Joined: Jul 2009
Posts: 85
Member
|
Member
Joined: Jul 2009
Posts: 85 |
We use wireless - set up the way Jim describes. Our wireless is also hidden so it won't show up in a network search.
Barb
|
|
|
|
Joined: Apr 2010
Posts: 520
Member
|
Member
Joined: Apr 2010
Posts: 520 |
It may work a lot slower on wireless. Depends on what else is going through the airwaves usually. I had a lot of issues with wiresless and it running slowly.
|
|
|
|
Joined: Nov 2012
Posts: 25
Member
|
OP
Member
Joined: Nov 2012
Posts: 25 |
Indy,
I'm using WPA2. Would you recommend running the wireless pc as is or adding VPN?
TIA
Dr. Jim Webb Solo Practice TO K.C., MO
TIA,
Dr. James Webb Solo Practice FP KC, MO
|
|
|
|
Joined: Jun 2009
Posts: 1,811
Member
|
Member
Joined: Jun 2009
Posts: 1,811 |
Indy,
I'm using WPA2. Would you recommend running the wireless pc as is or adding VPN? WPA2 and locking down by MAC ID should be sufficient - VPN is not additive in this instance, and will be slower. Ketan is also correct that wireless will be slower. Tangentially, don't put patient data on the laptop unless you are encrypting the data if it *ever* leaves the practice.
|
|
|
|
Joined: Dec 2009
Posts: 1,201 Likes: 8
Member
|
Member
Joined: Dec 2009
Posts: 1,201 Likes: 8 |
If I may include my thoughts on this topic:
1. Indy is quite correct in recommending using WPA2. There is free code downloadable from the Internet now that will defeat WEP in about 45 seconds.
2. Hiding your SID is useless. There are ways to detect hidden SIDs. You may as well make things easy on yourself and broadcast.
3. VPN is not designed to secure a wireless network.
4. While I certainly will not stop you from using MAC address lists for further security, that isn't something I do. In fact, you'll find that to be a pain on larger networks. Using WPA2 with a strong password should be sufficient. However, you obviously have to keep that password safe.
5. Make certain your router's admin password is strong and secure.
6. If your wireless network is painfully slow then you need to check your office for microwave ovens, bad lighting, hair dryers, older model x-rays, proximity to other wireless networks that may not belong to you, and so forth. If you cannot do anything about those items afore mentioned, you may as well save yourself the heartache and just go wired.
7. If your wireless network is painfully slow and you can't find any of the items mentioned in number 6, walk outside and see if you notice any big antennas from bus stations, other businesses, etc. If you see a big dipole or yagi antenna from another business a block or two away up on their roof, then you may as well hang it up and go wired. They are most likely transmitting several hundred to several thousand watts and your little half a watt to 5 watt wireless router doesn't stand a chance.
JamesNT
|
|
|
|
Joined: Nov 2012
Posts: 25
Member
|
OP
Member
Joined: Nov 2012
Posts: 25 |
Thanks to everyone for your assistance.
Dr. James Webb Solo Practice FP K.C., MO
TIA,
Dr. James Webb Solo Practice FP KC, MO
|
|
|
|
Joined: Sep 2003
Posts: 12,895 Likes: 34
Member
|
Member
Joined: Sep 2003
Posts: 12,895 Likes: 34 |
then you may as well hang it up and go wired. Good suggestions on the security, but that phrase was the best one. May as well go wired no matter what.
Bert Pediatrics Brewer, Maine
|
|
|
|
Joined: Mar 2012
Posts: 73
Member
|
Member
Joined: Mar 2012
Posts: 73 |
If I may include my thoughts on this topic:
2. Hiding your SID is useless. There are ways to detect hidden SIDs. You may as well make things easy on yourself and broadcast.
4. While I certainly will not stop you from using MAC address lists for further security, that isn't something I do. In fact, you'll find that to be a pain on larger networks. Using WPA2 with a strong password should be sufficient. However, you obviously have to keep that password safe.
JamesNT I've also read a lot that not broadcasting SSID is not useful, but may even slow down wireless. And, using MAC address lists is just as (non)useful as not broadcasting SSID... and is a pain to maintain. Best thing as James says... strong WPA2 passwords.
|
|
|
|
Joined: Jun 2009
Posts: 1,811
Member
|
Member
Joined: Jun 2009
Posts: 1,811 |
I've also read a lot that not broadcasting SSID is not useful, but may even slow down wireless. And, using MAC address lists is just as (non)useful as not broadcasting SSID... and is a pain to maintain. Best thing as James says... strong WPA2 passwords. The reason I recommend locking down to MAC IDs is that you are maintaining positive control of the wireless network. Yes it is work, but it means that the only way someone gains access to your patient data/network is by a positive act on your part. Anyone who gains the network password, by whatever means is *in*. Back in the day, before ubiquitous wireless, when wired networks were the norm, I mandated that the business networks we ran were static IPs, no DHCP, with non-typical sub-nets. That allowed my net-sec crew to flag DHCP packets as network intrusion. Many was the time that they would get an alert, and then start running down the suspicious activity. Typically it was a visitor buffoon (invited by Sales & Marketing) that thought nothing of plugging into our network. Point being, you should actively control access to your network, and practice equipment only has to be added once. Also add that MAC ID and device name to your 'Pearl Harbor' file, so that if it is lost/stolen, you can immediately disable it from the network.
|
|
|
|
Joined: Apr 2010
Posts: 1,546 Likes: 1
Member
|
Member
Joined: Apr 2010
Posts: 1,546 Likes: 1 |
While I believe in the importance of data security, I have to say that my belief is that all these highly sophisticated solutions are really pretty pointless. We have an office with strong passwords, encryption, and all of these good things; then the building manager gives the keys to the lowest bidder for janitorial services, and the staff can't be bothered to memorize those strong passwords so has them on sticky notes over their desks. Electronic security is meaningless without physical security, and that lies beyond the control of many offices.
David Grauman MD Department of Medicine Commonwealth Health Center Saipan, Northern Mariana Islands
|
|
|
|
Joined: Mar 2011
Posts: 837 Likes: 10
Member
|
Member
Joined: Mar 2011
Posts: 837 Likes: 10 |
Right on. Society mostly runs on trust. A certain amount of security is obviously necessary, but I can't really keep anyone from breaking into my office or house if they are so inclined.
Tom Duncan Family Practice Astoria OR
|
|
|
|
Joined: Sep 2003
Posts: 12,895 Likes: 34
Member
|
Member
Joined: Sep 2003
Posts: 12,895 Likes: 34 |
Well, that was four paragraphs lost. AARRGGGG!!
Here is what we do. We take a song like Bride over troubled water:
Then take the first letter of each word, so:
lab4oTw17Gs
Always keep numbers in the middle. That will not get hacked. They can remember it and, more importantly, you can. I keep a copy at home just in case. Or you can keep them on a client.
Forget once. Writeup, Forget twice, day without pay. They can put it on a home computer with a difficult login and get that way too.
Bert Pediatrics Brewer, Maine
|
|
|
|
Joined: Sep 2009
Posts: 2,988 Likes: 5
Member
|
Member
Joined: Sep 2009
Posts: 2,988 Likes: 5 |
We take a song like Bride over troubled water You can also use other Simon and Garfunkel songs, like "The Hound of Silence" or "I am a Crock, (I'm on Long Island)."
Jon GI Baltimore
Reduce needless clicks!
|
|
|
|
Joined: Sep 2003
Posts: 12,895 Likes: 34
Member
|
Member
Joined: Sep 2003
Posts: 12,895 Likes: 34 |
No, the whole key is to use words like Bride.
Bert Pediatrics Brewer, Maine
|
|
|
|
Joined: Nov 2012
Posts: 25
Member
|
OP
Member
Joined: Nov 2012
Posts: 25 |
TIA,
Dr. James Webb Solo Practice FP KC, MO
|
|
|
|
|
0 members (),
42
guests, and
39
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|