|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Help in setting up Public WiFi in Medical Office Waiting room.Our Management wants me to configure a way to allow patients internet access on their personal laptops while in our waiting rooms in each office. We presently have WiFi in our office but, it is secured and we use Static IP's for every workstation, Laptop or other device. I have two concerns in adding public WiFi access: 1. Security of our own corporate servers and sensitive patient medical data on any workstations. 2. The legal aspects (If any) allowing patients to freely surf the internet. Technical Questions: Is it possible to split our network in to two pipes for security reasons? Pipe one: Corporate Use (Secured with Static IP's). Pipe Two: Public WiFi access (Unsecured). Again my biggest concern is to isolate any public use from our medical data. Any suggestions much apperciated. Thanks, Phil PC_Admin wrote:
Show quoteHide quote > I'm the Network Admin for a medium sized practice. Just thinking, but I wonder if it would just be easier to order another > Our Management wants me to configure a way to allow patients internet > access on their personal laptops while in our waiting rooms in each > office. We presently have WiFi in our office but, it is secured and we > use Static IP's for every workstation, Laptop or other device. > > I have two concerns in adding public WiFi access: > > 1. Security of our own corporate servers and sensitive patient medical > data on any workstations. > 2. The legal aspects (If any) allowing patients to freely surf the > internet. > > Technical Questions: > > Is it possible to split our network in to two pipes for security reasons? > > > Pipe one: Corporate Use (Secured with Static IP's). > Pipe Two: Public WiFi access (Unsecured). > > Again my biggest concern is to isolate any public use from our medical > data. > > Any suggestions much apperciated. > > Thanks, Phil DSL account and dedicate another Wireless router to public WiFi access only. This saves the hassle of worrying about security for our existing corporate system. Ideas? Suggestions ? "PC_Admin" <p***@bettervision.net> wrote in message That is just what I was going to suggest.news:eLODeFv3JHA.5204@TK2MSFTNGP02.phx.gbl... > Just thinking, but I wonder if it would just be easier to order another > DSL account and dedicate another Wireless router to public WiFi access > only. This saves the hassle of worrying about security for our existing > corporate system. As far as I am concerned that is the only acceptable way,...particularly if I was a patient of that doctor. You know,..if the doctors would actually keep the appointment times that the tell the patient to be there they would never be waiting there long enough to startup a laptop in the first place. -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- Phillip Windell wrote:
Show quoteHide quote > "PC_Admin" <p***@bettervision.net> wrote in message Thanks I agree on the second DSL. A quick and easy fix for the problem.> news:eLODeFv3JHA.5204@TK2MSFTNGP02.phx.gbl... >> Just thinking, but I wonder if it would just be easier to order another >> DSL account and dedicate another Wireless router to public WiFi access >> only. This saves the hassle of worrying about security for our existing >> corporate system. > > That is just what I was going to suggest. > As far as I am concerned that is the only acceptable way,...particularly if > I was a patient of that doctor. > > You know,..if the doctors would actually keep the appointment times that the > tell the patient to be there they would never be waiting there long enough > to startup a laptop in the first place. > This is a waiting room for Laser Vision, Eye Surgery or even Cosmetic Surgery, so it's not uncommon for relatives or friends of the patient to be waiting an hour or even more. Most patients getting Cataract Surgery are in their 60's and most would not even use a WiFi device, but many of our younger patients in for Laser Vision correction, or Facial cosmetic surgery have iPods, netbooks, and various other communication devices, so management feels this may be of service to those long wait times. We also offer fresh baked cookies, Large Screen Television, free assorted snacks, and cold beverages.. Now we will add free WiFi access (Grin).. Thank again for your thoughts on the WiFi.. Phil "PC_Admin" <p***@bettervision.net> wrote in message That's fine. I just couldn't resist taking a little jab at them for the news:uWLbuYv3JHA.3676@TK2MSFTNGP06.phx.gbl... > This is a waiting room for Laser Vision, Eye Surgery or even Cosmetic > Surgery, so it's not uncommon for relatives or friends of the patient to > be waiting an hour or even more. Most patients getting Cataract Surgery > are in their 60's and most would not even use a WiFi device, but many of > our younger patients in for Laser Vision correction, or Facial cosmetic > surgery have iPods, netbooks, and various other communication devices, so > management feels this may be of service to those long wait times. We also > offer fresh baked cookies, Large Screen Television, free assorted snacks, > and cold beverages.. Now we will add free WiFi access (Grin).. times I've had to sit around and wait for them :-) -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- Phillip Windell wrote:
Show quoteHide quote > "PC_Admin" <p***@bettervision.net> wrote in message Ha Ha !! No offense taken.. I totally agree, been there myself :-)> news:uWLbuYv3JHA.3676@TK2MSFTNGP06.phx.gbl... >> This is a waiting room for Laser Vision, Eye Surgery or even Cosmetic >> Surgery, so it's not uncommon for relatives or friends of the patient to >> be waiting an hour or even more. Most patients getting Cataract Surgery >> are in their 60's and most would not even use a WiFi device, but many of >> our younger patients in for Laser Vision correction, or Facial cosmetic >> surgery have iPods, netbooks, and various other communication devices, so >> management feels this may be of service to those long wait times. We also >> offer fresh baked cookies, Large Screen Television, free assorted snacks, >> and cold beverages.. Now we will add free WiFi access (Grin).. > > That's fine. I just couldn't resist taking a little jab at them for the > times I've had to sit around and wait for them :-) > > I do remember a while back waiting for my Wife having a minor procedure in the hospital and while I waited in the waiting room I was able to use their free internet access, very cool ! "PC_Admin" <p***@bettervision.net> wrote in message If it is not illegal,...it OUGHT to be.news:ORLER8u3JHA.5204@TK2MSFTNGP02.phx.gbl... > 1. Security of our own corporate servers and sensitive patient medical > data on any workstations. > 2. The legal aspects (If any) allowing patients to freely surf the > internet. -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- look into NAP. Since your network is secured based on static IP address, the
non-compliant computers/laptop could allow access to internet only. Exactly how you would set this up is up to you, but it is possible. You do not have to use SCCM to garner the benefits. As mentioned by most of the other posters. The issue of can it be done might be less important than "should" it be done - especially as an adjunct to a supposedly secure (HIPPA/SOX) compliant network. The optimum configuration would be to create a separate domain, with firewall, edge with the only possibility of interface connection thru management interface. Your security must be top line, as cheap as most Medical professionals are, I'd have to wonder if this "wish list" is serious or more window dressing? In the end, the results will reflect on you - as the administrator - rather than management. sometimes its better to CYA upfront than to acquiesce to every hare-brained request sent your way. Write up the proposal, present it to your Dr. and let him decide how far he wants to go with it. The std. for proposals is to give 3 options. Good, better - high dollar (best?)... http://blogs.technet.com/nap/archive/2008/04/21/the-low-down-on-configuration-manager-nap-remediation-sccm-nap-2.aspx Show quoteHide quote "PC_Admin" <p***@bettervision.net> wrote in message news:ORLER8u3JHA.5204@TK2MSFTNGP02.phx.gbl... > I'm the Network Admin for a medium sized practice. > Our Management wants me to configure a way to allow patients internet > access on their personal laptops while in our waiting rooms in each > office. We presently have WiFi in our office but, it is secured and we use > Static IP's for every workstation, Laptop or other device. > > I have two concerns in adding public WiFi access: > > 1. Security of our own corporate servers and sensitive patient medical > data on any workstations. > 2. The legal aspects (If any) allowing patients to freely surf the > internet. > > Technical Questions: > > Is it possible to split our network in to two pipes for security reasons? > > > Pipe one: Corporate Use (Secured with Static IP's). > Pipe Two: Public WiFi access (Unsecured). > > Again my biggest concern is to isolate any public use from our medical > data. > > Any suggestions much apperciated. > > Thanks, Phil "Beoweolf" <Beowe***@home.net> wrote in message Agreed. I have gotten myself in to a bit a trouble at times because I am not news:yKfTl.11321$im1.2759@nlpi061.nbdc.sbc.com... > than management. sometimes its better to CYA upfront than to acquiesce to > every hare-brained request sent your way. Write up the proposal, present > it to your Dr. and let him decide how far he wants to go with it. The std. > for proposals is to give 3 options. Good, better - high dollar (best?)... afraid to tell the people I work for that something is a "bad idea" if it is a bad idea. After all, if something goes wrong and it doesn't work right afterwards, I get the blame,..not the one who thought up the idea. -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- Phillip Windell wrote:
> "Beoweolf" <Beowe***@home.net> wrote in message Yes I agree this Waiting Room WiFi idea is questionable if it will ever > news:yKfTl.11321$im1.2759@nlpi061.nbdc.sbc.com... > >> than management. sometimes its better to CYA upfront than to acquiesce to >> every hare-brained request sent your way. Write up the proposal, present >> it to your Dr. and let him decide how far he wants to go with it. The std. >> for proposals is to give 3 options. Good, better - high dollar (best?)... > > Agreed. I have gotten myself in to a bit a trouble at times because I am not > afraid to tell the people I work for that something is a "bad idea" if it is > a bad idea. After all, if something goes wrong and it doesn't work right > afterwards, I get the blame,..not the one who thought up the idea. > be fully appreciated by our patients, but if it goes wrong and our main system was somehow compromised, I would be the one taking the heat for it. So the CYA rule is a important to me. Adding a second DSL line completely isolated from our corporate network is quick and easy to implement. And at only $35 a month for a slow 1.5MB connection its affordable even if only 1 or 2 people a week even use it. Heck we spend 10 times that a month in free fresh baked cookies, soda's and candy for our patients :-) Marketing will likely advertise "Free Internet Access while you wait to get your laser vision treatment" Now days people want to be connected so it may just be a plus.. If it works and people use it, I'll be installing it in 5 more offices, if not no big loss.. Hi
This is one way to do so. Public Wireless behind the first Main Router. Private Wire and wireless behind the second Router. Network Segregation - http://www.ezlan.net/shield.html Make sure that the second Wireless Router can be secured at a WPA2 level in case you use Wireless on the Private Wireless. Jack (MS, MVP-Networking). Show quoteHide quote "PC_Admin" <p***@bettervision.net> wrote in message news:ORLER8u3JHA.5204@TK2MSFTNGP02.phx.gbl... > I'm the Network Admin for a medium sized practice. > Our Management wants me to configure a way to allow patients internet > access on their personal laptops while in our waiting rooms in each > office. We presently have WiFi in our office but, it is secured and we use > Static IP's for every workstation, Laptop or other device. > > I have two concerns in adding public WiFi access: > > 1. Security of our own corporate servers and sensitive patient medical > data on any workstations. > 2. The legal aspects (If any) allowing patients to freely surf the > internet. > > Technical Questions: > > Is it possible to split our network in to two pipes for security reasons? > > > Pipe one: Corporate Use (Secured with Static IP's). > Pipe Two: Public WiFi access (Unsecured). > > Again my biggest concern is to isolate any public use from our medical > data. > > Any suggestions much apperciated. > > Thanks, Phil HI Jack,
Thanks for the information. Actually I am curious about this approach for other possible projects in the future. This is not the first time someone has approached me about allowing public internet access on their secured private network. I have never considered a router in front of another router. Is there a website you can recommend that gives some more information on this approach. Thanks, Phil Jack-MVP wrote: Show quoteHide quote > Hi > This is one way to do so. > Public Wireless behind the first Main Router. > Private Wire and wireless behind the second Router. > Network Segregation - http://www.ezlan.net/shield.html > Make sure that the second Wireless Router can be secured at a WPA2 level > in case you use Wireless on the Private Wireless. > Jack (MS, MVP-Networking). > > "PC_Admin" <p***@bettervision.net> wrote in message > news:ORLER8u3JHA.5204@TK2MSFTNGP02.phx.gbl... >> I'm the Network Admin for a medium sized practice. >> Our Management wants me to configure a way to allow patients internet >> access on their personal laptops while in our waiting rooms in each >> office. We presently have WiFi in our office but, it is secured and we >> use Static IP's for every workstation, Laptop or other device. >> >> I have two concerns in adding public WiFi access: >> >> 1. Security of our own corporate servers and sensitive patient medical >> data on any workstations. >> 2. The legal aspects (If any) allowing patients to freely surf the >> internet. >> >> Technical Questions: >> >> Is it possible to split our network in to two pipes for security reasons? >> >> >> Pipe one: Corporate Use (Secured with Static IP's). >> Pipe Two: Public WiFi access (Unsecured). >> >> Again my biggest concern is to isolate any public use from our medical >> data. >> >> Any suggestions much apperciated. >> >> Thanks, Phil > Hi
There is No more to it then what is on the page that I linked above. It is quite simple and based on the NAT Firewall of the Routers. It makes the first (public) network as the Internet for the second Private Network. One of the advantages of modern live is that the saying "You get what you pay for" is not really valid any more. In many situations simple elegant solutions are just as good as the costly ones. :D Jack (MS, MVP-Networking) Show quoteHide quote "PC_Admin" <p***@bettervision.net> wrote in message news:O2sPK973JHA.3544@TK2MSFTNGP04.phx.gbl... > HI Jack, > Thanks for the information. Actually I am curious about this approach for > other possible projects in the future. > This is not the first time someone has approached me about allowing public > internet access on their secured private network. > > I have never considered a router in front of another router. > > Is there a website you can recommend that gives some more information on > this approach. > > Thanks, Phil > > Jack-MVP wrote: >> Hi >> This is one way to do so. >> Public Wireless behind the first Main Router. >> Private Wire and wireless behind the second Router. >> Network Segregation - http://www.ezlan.net/shield.html >> Make sure that the second Wireless Router can be secured at a WPA2 level >> in case you use Wireless on the Private Wireless. >> Jack (MS, MVP-Networking). >> >> "PC_Admin" <p***@bettervision.net> wrote in message >> news:ORLER8u3JHA.5204@TK2MSFTNGP02.phx.gbl... >>> I'm the Network Admin for a medium sized practice. >>> Our Management wants me to configure a way to allow patients internet >>> access on their personal laptops while in our waiting rooms in each >>> office. We presently have WiFi in our office but, it is secured and we >>> use Static IP's for every workstation, Laptop or other device. >>> >>> I have two concerns in adding public WiFi access: >>> >>> 1. Security of our own corporate servers and sensitive patient medical >>> data on any workstations. >>> 2. The legal aspects (If any) allowing patients to freely surf the >>> internet. >>> >>> Technical Questions: >>> >>> Is it possible to split our network in to two pipes for security >>> reasons? >>> >>> >>> Pipe one: Corporate Use (Secured with Static IP's). >>> Pipe Two: Public WiFi access (Unsecured). >>> >>> Again my biggest concern is to isolate any public use from our medical >>> data. >>> >>> Any suggestions much apperciated. >>> >>> Thanks, Phil >> I'll have to play with this a little at home and get an idea how well it
would work. I have many things that enter in to the mix to complicate this option. We use VPN to connect our remote offices to our servers here, and several other hardware devices that are interconnected to consider in the mix. Also our existing internal static IPs can not be changed. I'll need to do some more research on the internet before I consider trying this. For now a second DSL account wins for simplicity and security. :-) Phil Jack [MVP-Networking] wrote: Show quoteHide quote > Hi > There is No more to it then what is on the page that I linked above. > It is quite simple and based on the NAT Firewall of the Routers. > It makes the first (public) network as the Internet for the second > Private Network. > One of the advantages of modern live is that the saying "You get what > you pay for" is not really valid any more. In many situations simple > elegant solutions are just as good as the costly ones. :D > Jack (MS, MVP-Networking) > > "PC_Admin" <p***@bettervision.net> wrote in message > news:O2sPK973JHA.3544@TK2MSFTNGP04.phx.gbl... >> HI Jack, >> Thanks for the information. Actually I am curious about this approach >> for other possible projects in the future. >> This is not the first time someone has approached me about allowing >> public internet access on their secured private network. >> >> I have never considered a router in front of another router. >> >> Is there a website you can recommend that gives some more information >> on this approach. >> >> Thanks, Phil >> >> Jack-MVP wrote: >>> Hi >>> This is one way to do so. >>> Public Wireless behind the first Main Router. >>> Private Wire and wireless behind the second Router. >>> Network Segregation - http://www.ezlan.net/shield.html >>> Make sure that the second Wireless Router can be secured at a WPA2 >>> level in case you use Wireless on the Private Wireless. >>> Jack (MS, MVP-Networking). >>> >>> "PC_Admin" <p***@bettervision.net> wrote in message >>> news:ORLER8u3JHA.5204@TK2MSFTNGP02.phx.gbl... >>>> I'm the Network Admin for a medium sized practice. >>>> Our Management wants me to configure a way to allow patients >>>> internet access on their personal laptops while in our waiting rooms >>>> in each office. We presently have WiFi in our office but, it is >>>> secured and we use Static IP's for every workstation, Laptop or >>>> other device. >>>> >>>> I have two concerns in adding public WiFi access: >>>> >>>> 1. Security of our own corporate servers and sensitive patient >>>> medical data on any workstations. >>>> 2. The legal aspects (If any) allowing patients to freely surf the >>>> internet. >>>> >>>> Technical Questions: >>>> >>>> Is it possible to split our network in to two pipes for security >>>> reasons? >>>> >>>> >>>> Pipe one: Corporate Use (Secured with Static IP's). >>>> Pipe Two: Public WiFi access (Unsecured). >>>> >>>> Again my biggest concern is to isolate any public use from our >>>> medical data. >>>> >>>> Any suggestions much apperciated. >>>> >>>> Thanks, Phil >>> > "PC_Admin" <p***@bettervision.net> wrote in message Then a second DSL is the way to go here. Creating a Back-to-Back DMZ using news:eTfTUrI4JHA.5816@TK2MSFTNGP02.phx.gbl... > I'll have to play with this a little at home and get an idea how well it > would work. > I have many things that enter in to the mix to complicate this option. > We use VPN to connect our remote offices to our servers here, and several > other hardware devices that are interconnected to consider in the mix. > Also our existing internal static IPs can not be changed. > I'll need to do some more research on the internet before I consider > trying this. > For now a second DSL account wins for simplicity and security. :-) > Phil a pair of NAT Devices (the actual name of the "design model" you've been discussing) could possibly make a mess of your VPN situation and the Publicly addressed devices. Not saying it couldn't be dealt with, but it just depends on how much trouble you want to go through. -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------  
Other interesting topics
How to approach troubleshooting wireless connections?
Limiting Access To My Router DNS Resolution Fails with Wireless Adapter WEP encryption network help please. Faxing on Wireless Disconnected Network Drives on Startup computer-to-computer XP Profesional vs. Vista Home Wireless NetWorking Cell Modem on Wireless network |
|||||||||||||||||||||||
