FW: Home Access

[Danny Lee <abqdan () UNM EDU>]

Depending on how much you can afford, security proximity devices do
exist for computer systems. They are becoming more affordable. An
example (though I have not used this product):
http://www.ensuretech.com/products/overview/overview.html. This type of
device can deal with users walking away from PCs under your control.

As far as Starbucks is concerned, you could implement IP filtering to
prevent off-site access to critical resources. What possible reason is
there for a user to log in to a restricted system that contains HIPPA
protected content at a Starbucks?

And to still allow permitted home access, VPN tunnelling would support
what you need.

--Danny

Danny Lee
Knowledge Management Specialist,
University of New Mexico



-----Original Message-----
From: Dan Roberts [mailto:ddrobert () KENT EDU]
Sent: Monday, November 07, 2005 9:36 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Home Access

I don't believe you'll ever find a technological solution to the type of
scenario you describe, where a user logs in from a public place and then
leaves that session unattended.  No matter how idiot-proof your
solution, the potential is always there that it'll be defeated by a
better idiot!
:-)  This type of problem needs to be attacked through user education,
policy and sanctions.  You can find a comfort zone, but you'll never
eliminate the risk completely.

If remote desktop access is absolutely necessary (I have to assume
you've already established that), you could use a system to check a PC's
compliance with the HIPPA requirements, prior to letting it access your
resources.  This could be accomplished by requiring access from a
managed laptops.. or with a VPN device like Juniper's SSLVPN that can
perform host-checks prior to letting the user log on (requires an agent
running on the PC).  The concept would be similar to Cisco Clean Access,
if you're familiar with that.

Dan Roberts
Office of Security and Compliance
Information Services Division
Kent State University

330-672-5373
ddrobert () kent edu

David Grisham <DGrisham () SALUD UNM EDU> wrote on 11/04/2005 05:50:47 PM:

> How if at all does anyone give home access to workers from the health
> science center & university hospital?  HIPAA has a specific
> workstation security implementation specification that requires the
> institution to ensure that workstations accessing Electronic Protected

> Health Information (ePHI) be secure.  We can make sure that our
> workstations have the latest security patches, firewalls & up to date
> anti virus software.  We currently loan secure images to our home
> transcriptionists.  However, Internet access is here and our medical
> staff does need to work from home or from other sites with Internet
> access.
>
> I would be glad to talk with anyone from any institution who was
> considering a portal, Internet access or just home access to ePHI and
> what we're doing to ensure that our workforce does not open up patient

> records at Starbucks, walk away from a screen in a public area, or use

> any workstation that does not meet are minimum security requirements.
>
>
> Cheers. -grish
> David D. Grisham, Ph.D.,  CISM, CHS III Manager, IT Security, UNM
> Hospitals, Information Technology 1650 University Blvd,  S.500,
> Albuquerque, NM 87102
> Ph: (505) 272-5657 FAX 272-3305
> Work email:  dgrisham () salud unm edu
> Adjunct Faculty, Computer Science, UNM Academic & personal email:
> dave () unm edu
>
>
> > > > vphung () SCIENCE SJSU EDU 11/4/2005 2:46:22 PM >>>
> For remote access
>
> Email - webmail with SSL v3 only
> Web related - WebDAV with SSL v3 only
> All others - Remote desktop via tunnel using SSH v2 only
>
> SSH tunneling works really well with either VNC (Mac and *NIX) or RDC
> (Windows) from home (DSL for better performance). It's easy to
> implement and required almost no maintenance since most of us has an
> SSH server somewhere on a network where a user's computer can be
> reached. Instruction is here
>
> http://ncs.science.sjsu.edu/vphung/index.php?HOW_TO:RDC
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Vuong Phung
> Operating Systems Administrator
> College of Science - Dean's Office
>
> San Jose State University
> One Washington Square
> San Jose, CA 95192-0099
> Duncan Hall 33
>
> Tel 1.408.924.5056
> Fax 1.408.924.5033
> Web http://ncs.science.sjsu.edu/helpdesk
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> -----Original Message-----
> From: clementz.7 [mailto:clementz.7 () OSU EDU]
> Sent: Friday, November 04, 2005 12:02 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Home Access
>
>
> How many schools allow remote access and what types of access do you
> allow.  Please email me directly and I will give you my phone number
> to talk more securly.
> .  We have faculty that are pushing more and more for remote access,
> but we do not have the manpower to support it.  Just curious if others

> are experiencing the same issues.
>
> Todd Clementz
> Systems Administrator
> The Austin E. Knowlton School of Architecture The Ohio State
> University Support Site.  http://support.knowlton.ohio-state.edu
> clementz.7 () osu edu