Home Forums Using Wireless

Is anybody using wireless computers in their office networks? If yes, are you using VPN setup for security?

Thank you for your time.

Dr Jim Webb
K.C., MO

Jim,

Couple of quick wireless security tidbits.

1. Lock down the wireless side by MAC address (this is the network hardware ID). Means the only computers that the router will allow on the network are ones you have added. Far better than passwords that are weak, shared, stolen.

2. Use WPA2 (or newer). WEP is NOT SECURE as it can be defeated in seconds.

We use wireless - set up the way Jim describes. Our wireless is also hidden so it won't show up in a network search.

Barb

It may work a lot slower on wireless. Depends on what else is going through the airwaves usually. I had a lot of issues with wiresless and it running slowly.

Indy,

I'm using WPA2. Would you recommend running the wireless pc as is or adding VPN?

TIA

Dr. Jim Webb
Solo Practice TO
K.C., MO

WPA2 and locking down by MAC ID should be sufficient - VPN is not additive in this instance, and will be slower.

Ketan is also correct that wireless will be slower.

Tangentially, don't put patient data on the laptop unless you are encrypting the data if it *ever* leaves the practice.

If I may include my thoughts on this topic:

1. Indy is quite correct in recommending using WPA2. There is free code downloadable from the Internet now that will defeat WEP in about 45 seconds.

2. Hiding your SID is useless. There are ways to detect hidden SIDs. You may as well make things easy on yourself and broadcast.

3. VPN is not designed to secure a wireless network.

4. While I certainly will not stop you from using MAC address lists for further security, that isn't something I do. In fact, you'll find that to be a pain on larger networks. Using WPA2 with a strong password should be sufficient. However, you obviously have to keep that password safe.

5. Make certain your router's admin password is strong and secure.

6. If your wireless network is painfully slow then you need to check your office for microwave ovens, bad lighting, hair dryers, older model x-rays, proximity to other wireless networks that may not belong to you, and so forth. If you cannot do anything about those items afore mentioned, you may as well save yourself the heartache and just go wired.

7. If your wireless network is painfully slow and you can't find any of the items mentioned in number 6, walk outside and see if you notice any big antennas from bus stations, other businesses, etc. If you see a big dipole or yagi antenna from another business a block or two away up on their roof, then you may as well hang it up and go wired. They are most likely transmitting several hundred to several thousand watts and your little half a watt to 5 watt wireless router doesn't stand a chance.

JamesNT

Thanks to everyone for your assistance.

Dr. James Webb
Solo Practice FP
K.C., MO

Good suggestions on the security, but that phrase was the best one. May as well go wired no matter what.

I've also read a lot that not broadcasting SSID is not useful, but may even slow down wireless. And, using MAC address lists is just as (non)useful as not broadcasting SSID... and is a pain to maintain. Best thing as James says... strong WPA2 passwords.

The reason I recommend locking down to MAC IDs is that you are maintaining positive control of the wireless network. Yes it is work, but it means that the only way someone gains access to your patient data/network is by a positive act on your part. Anyone who gains the network password, by whatever means is *in*.

Back in the day, before ubiquitous wireless, when wired networks were the norm, I mandated that the business networks we ran were static IPs, no DHCP, with non-typical sub-nets. That allowed my net-sec crew to flag DHCP packets as network intrusion.

Many was the time that they would get an alert, and then start running down the suspicious activity. Typically it was a visitor buffoon (invited by Sales & Marketing) that thought nothing of plugging into our network.

Point being, you should actively control access to your network, and practice equipment only has to be added once. Also add that MAC ID and device name to your 'Pearl Harbor' file, so that if it is lost/stolen, you can immediately disable it from the network.

While I believe in the importance of data security, I have to say that my belief is that all these highly sophisticated solutions are really pretty pointless. We have an office with strong passwords, encryption, and all of these good things; then the building manager gives the keys to the lowest bidder for janitorial services, and the staff can't be bothered to memorize those strong passwords so has them on sticky notes over their desks. Electronic security is meaningless without physical security, and that lies beyond the control of many offices.

Right on.
Society mostly runs on trust.
A certain amount of security is obviously necessary, but I can't really keep anyone from breaking into my office or house if they are so inclined.

Well, that was four paragraphs lost. AARRGGGG!!

Here is what we do. We take a song like Bride over troubled water:

Then take the first letter of each word, so:

lab4oTw17Gs

Always keep numbers in the middle. That will not get hacked. They can remember it and, more importantly, you can. I keep a copy at home just in case. Or you can keep them on a client.

Forget once. Writeup, Forget twice, day without pay. They can put it on a home computer with a difficult login and get that way too.

You can also use other Simon and Garfunkel songs, like "The Hound of Silence" or "I am a Crock, (I'm on Long Island)."

No, the whole key is to use words like Bride.

Or password.