Security Basics mailing list archives
Re: HIPAA_Compliance
From: "David Glosser" <david_glosser () yahoo com>
Date: Thu, 15 Apr 2004 17:41:15 -0400
I can second the high overhead. However, we've testing Intel IPSEC offload cards and have been VERY impressed. Very little overhead, if any, to the desktop or server CPUs..... As an added security bonus, if you set the IPSEC policy to REQUIRE encryption on the server, then the client must be running IPSEC as well. So anyone just plugging in a laptop won't be able to connect/scan/probe the server at all.. ... Less than $100 per card for the Intel IPSEC offload server card and $50 for the client. Again, we are only testing. I'd be interested in hearing from someone who has used these in a production environment. ----- Original Message ----- From: "Billy Dodson" <billy () pmm-i com> To: "Robinson, Sonja" <SRobinson () HIPUSA com>; "paralleluniverse" <paralleluniverse () ev1 net>; <security-basics () lists securityfocus com> Sent: Tuesday, April 06, 2004 9:39 AM Subject: RE: HIPAA_Compliance If you are in a windows enviroment, you can use IPSEC policies within the domain security policy to encrypt traffic on the LAN. This is of course with a very high overhead. I am not deeply versed in HIPPA policies. You can reduce some of the overhead by just encrypting traffic between domain controllers. I know that also if you uses Cisco routers for your WAN, they can be configured to encrypt that traffic as well. Billy Dodson Network Systems Engineer Permian Micro Mart 3815 E. 52nd Street Odessa, TX 79762 432.367.3239 - Direct Line 432.367.6179 x139 -----Original Message----- From: Robinson, Sonja [mailto:SRobinson () HIPUSA com] Sent: Monday, April 05, 2004 3:00 PM To: 'paralleluniverse'; security-basics () lists securityfocus com Subject: RE: HIPAA_Compliance What are you trying to encrypt and from what points? i.e. PHI in e-mail - suggest Kryptiq, Sigaba, PGP enterprise solutions depending on your needs you could also use desktop - ssl file transfer/gateway decryption VPN -works for communications over telecomm lines for business partners, subsidiaries, etc. secure ftp - for file transfer web file repository - ssl file transfer Your soultion wil ldepend on what you are looking to encrypt, why and the to/from points. -----Original Message----- From: paralleluniverse [mailto:paralleluniverse () ev1 net] Sent: Saturday, April 03, 2004 9:48 PM To: security-basics () lists securityfocus com Subject: HIPAA_Compliance Hello to All, In order to provide security solutions for HIPAA compliance, encryption, though not required, seems to solve several of the problems. Would anyone have some suggestions for an inexpensive, easy to deploy, convenient to use, and easy to train staff, encryption solution? Other thoughts? Ron Cohen FUNEN ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- CONFIDENTIALITY NOTICE: This e-mail transmission, including any attachments to it, may contain confidential information or protected health information subject to privacy regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This transmission is intended only for the use of the recipient(s) named above. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify me by reply e-mail and destroy the original transmission in its entirety without saving it in any manner. ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- HIPAA_Compliance paralleluniverse (Apr 05)
- <Possible follow-ups>
- RE: HIPAA_Compliance Michael Dunn (Apr 05)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 05)
- RE: HIPAA_Compliance Henry, Christopher M. (Apr 06)
- RE: HIPAA_Compliance Billy Dodson (Apr 06)
- Re: HIPAA_Compliance David Glosser (Apr 16)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- HIPAA_Compliance paralleluniverse (Apr 07)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- RE: HIPAA_Compliance Chris Orzal (Apr 07)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 07)
- Re: HIPAA_Compliance Ned Fleming (Apr 08)
- Re: HIPAA_Compliance Ned Fleming (Apr 12)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 12)