Firewall Wizards mailing list archives

RE: Link from DMZ to Internal Apps

From: "Carl Friedberg" <friedberg () exs esb com>
Date: Mon, 18 Feb 2002 09:34:16 -0500

My limited experience in the healthcare world suggests the starting
point, as with all security, is to define your policy, at the highest
level. In this field, there are state and federal laws which mandate the
security and privacy of any patient-related information (you'll know
exactly what this is). If you don't have such a policy in place, doesn't
the next accreditation visit focus management concern in this area? (I
really don't know). If you do have a policy in place, you will have to
get written authorization from the Hospital Board to violate the
exisiting security policy.

I don't believe you could put all of your inside applications on the
outside without exposing some protected patient data...

I've had pretty good success with VPNs. There are issues here as well (a
client machine on a cable or DSL network getting hacked), but it's not a
bad starting point.

Just my 2 band-aids.

Carl

-----Original Message-----
From: Guess Who [mailto:yamadog35 () yahoo com]

demands for external access to internal applications.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Link from DMZ to Internal Apps Guess Who (Feb 18)
- Re: Link from DMZ to Internal Apps Marcus J. Ranum (Feb 18)
  - Re: Link from DMZ to Internal Apps R. DuFresne (Feb 19)
- Re: Link from DMZ to Internal Apps Rick Smith at Secure Computing (Feb 21)
- <Possible follow-ups>
- RE: Link from DMZ to Internal Apps Carl Friedberg (Feb 18)
- Re: Link from DMZ to Internal Apps Joseph Steinberg (Feb 19)
- Re: Re: Link from DMZ to Internal Apps Uri Lichtenfeld (Feb 19)
  - RE: Re: Link from DMZ to Internal Apps Benjamin P. Grubin (Feb 20)
- RE: Re: Link from DMZ to Internal Apps Ames, Neil (Feb 21)