Security Basics mailing list archives

Re: HIPAA_Compliance

From: "David Glosser" <david_glosser () yahoo com>
Date: Thu, 15 Apr 2004 17:41:15 -0400

I can second the high overhead.

However, we've testing Intel IPSEC offload cards and have been VERY
impressed.   Very little overhead, if any, to the desktop or server
CPUs.....

As an added security bonus, if you set the IPSEC policy to REQUIRE
encryption on the server, then the client must be running IPSEC as well.  So
anyone just plugging in a laptop won't be able to connect/scan/probe the
server at all..  ... Less than $100 per card for the Intel IPSEC offload
server card and $50 for the client.

Again, we are only testing. I'd be interested in hearing from someone who
has used these in a production environment.


----- Original Message ----- 
From: "Billy Dodson" <billy () pmm-i com>
To: "Robinson, Sonja" <SRobinson () HIPUSA com>; "paralleluniverse"
<paralleluniverse () ev1 net>; <security-basics () lists securityfocus com>
Sent: Tuesday, April 06, 2004 9:39 AM
Subject: RE: HIPAA_Compliance


If you are in a windows enviroment, you can use IPSEC policies within
the domain security policy to encrypt traffic on the LAN.  This is of
course with a very high overhead.  I am not deeply versed in HIPPA
policies.  You can reduce some of the overhead by just encrypting
traffic between domain controllers.  I know that also if you uses Cisco
routers for your WAN, they can be configured to encrypt that traffic as
well.


Billy Dodson
Network Systems Engineer
Permian Micro Mart
3815 E. 52nd Street
Odessa, TX 79762
432.367.3239 - Direct Line
432.367.6179 x139

-----Original Message-----
From: Robinson, Sonja [mailto:SRobinson () HIPUSA com]
Sent: Monday, April 05, 2004 3:00 PM
To: 'paralleluniverse'; security-basics () lists securityfocus com
Subject: RE: HIPAA_Compliance

What are you trying to encrypt and from what points?

i.e. PHI in e-mail - suggest Kryptiq, Sigaba, PGP enterprise solutions
depending on your needs you could also use desktop - ssl file
transfer/gateway decryption  VPN -works for communications over telecomm
lines for business partners, subsidiaries, etc.

secure ftp - for file transfer

web file repository - ssl file transfer

Your soultion wil ldepend on what you are looking to encrypt, why and
the to/from points.

-----Original Message-----
From: paralleluniverse [mailto:paralleluniverse () ev1 net]
Sent: Saturday, April 03, 2004 9:48 PM
To: security-basics () lists securityfocus com
Subject: HIPAA_Compliance


Hello to All,

In order to provide security solutions for HIPAA compliance, encryption,
though not required, seems to solve several of the problems. Would
anyone have some suggestions for an inexpensive, easy to deploy,
convenient to use, and easy to train staff, encryption solution? Other
thoughts?

Ron Cohen
FUNEN



------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
CONFIDENTIALITY NOTICE: This e-mail transmission, including any
attachments to it, may contain confidential information or protected
health information subject to privacy regulations such as the Health
Insurance Portability and Accountability Act of 1996 (HIPAA). This
transmission is intended only for the use of the recipient(s) named
above. If you are not the intended recipient, or a person responsible
for delivering it to the intended recipient, you are hereby notified
that any disclosure, copying, distribution or use of any of the
information contained in this transmission is STRICTLY PROHIBITED. If
you have received this transmission in error, please immediately notify
me by reply e-mail and destroy the original transmission in its entirety
without saving it in any manner.

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

HIPAA_Compliance paralleluniverse (Apr 05)
- <Possible follow-ups>
- RE: HIPAA_Compliance Michael Dunn (Apr 05)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 05)
- RE: HIPAA_Compliance Henry, Christopher M. (Apr 06)
- RE: HIPAA_Compliance Billy Dodson (Apr 06)
  - Re: HIPAA_Compliance David Glosser (Apr 16)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- HIPAA_Compliance paralleluniverse (Apr 07)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- RE: HIPAA_Compliance Chris Orzal (Apr 07)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 07)
  - Re: HIPAA_Compliance Ned Fleming (Apr 08)
- Re: HIPAA_Compliance Ned Fleming (Apr 12)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 12)