HIPA and Network Configs

der.hans plug-discuss@lists.plug.phoenix.az.us
Sat, 4 Jan 2003 19:30:40 -0700 (MST) 

Am 04. Jan, 2003 schw=E4tzte Gary Nichols so:

> That's a hornet's nest I don't even want to touch. ;-)
> The baseline is that you have to prevent any ->unauthorized <- access
> to your systems.
> For example, if you have a contract with IBM that grants them access to
> dial-in via SecureID to work on your machines, then that's fine - it's
> authorized - however you also have to have a 3rd party agreement with
> them stating such and assigning responsibilities, damages, etc.  This
> is a topic all in itself.  *blah*

It's also something that doesn't happen with the m$ license, which is all
one-sided.

> > Does it approve transmission accross 3rd party networks?
> >
>
> Yes - I assume you mean a private point-to-point private network
> connection.  Provided of course that you can prove that you have
> adequate safeguards in place on both ends.  On such a connection,
> encryption is not required.

Actually, I mean transmission across someone else's network, e.g. VPN over
the Net. It also means something like a leased t1 to a leased t1 where the
ISP has access to the data as it goes across the ISP's system.

> > And if the wireless is tunneled using the approved encryption standard?
>
> It's not so much that it's encrypted over the spectrum, it's that the
> spectrum isn't approved.  At least that's the problem I'm having.

So tunnelling across the Internet is OK, but tunnelling over 802.11 isn't?

> > Is it a decent encryption standard?
>
> Depends on your interpretation of 'decent'.

Not the "cracked 4 hours after its release m$ vpn".

> Even more interesting is that ANY phi that leaves your network over a
> public network has to be encrypted - that includes web., ftp, telnet,
> smtp... etc.  This is forcing a lot of companies to have a "hello
> Jesus" with security finally.  The industry is moving towards https,
> sftp, ssh and pki-based solutions.

Cool.

> Again, this is a good thing - I just hope that they enforce it.

I definitely want them to do so.

thanks for the answers,

der.hans
--=20
#  https://www.LuftHans.com/    http://www.TOLISGroup.com/
#  Motorraeder toeten nicht. Motorraeder werden getoetet.