Home | Press | Contact Us | Clients | Testimonials
ecfirst Home

Tip of the month of November, 2007 - Week 2

FIREWALL SYSTEM

Firewall systems are the first line of defense for information security. It is a part of an organization’s network perimeter defense. Today’s firewall systems are intelligent and integrate several critical capabilities including prevention of various types of attacks, spam filtering, and content monitoring. An organization may deploy one or more firewall systems in various parts of its information infrastructure. For example firewall systems may be deployed at each of the clinics that connect to a hospital network from a remote location. There may be a firewall system between the wired and wireless network systems.

The cornerstone of any organization’s perimeter defense is its deployment of firewall system(s). Firewall systems can filter traffic on the basis of content as well as:

  • Source IP addresses
  • Destination IP addresses
  • Source TCP and UDP ports
  • IP protocol
  • Destination TCP and UDP ports
  • The interface on which the packet arrives
  • The interface where the packet is destined

Critical assets that organizations need to protect typically at the perimeter include Domain Name System (DNS) and Web servers, as well as other systems deployed on the DMZ. All critical systems should be “hardened” – what this implies is that all unnecessary services should be disabled.

A robust and roving shield delivers both passive and active security components to defend vital digital information assets of an organization.Robust refers to passive defensive components on the business infrastructure, while roving identifies the active defensive components. A roving shield is important because the threat today is dynamic and requires the business defense to be adaptive, active and alert in detecting gaps that may be exploited by those who make it past the robust shield.

GET HIPAA CERTIFIED ON-LINE

HIPAA Academy, the industry’s leading provider of HIPAA training, certification and consulting, has made available on-line the content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified HIPAA Security Specialist (CHSS). Recent clients include many hospitals, long term care organizations, BCBS, several business associates and leading firms such as IBM, HP, E&Y, Kaiser Permanente and others. Get certified and get ahead with the HIPAA certification credential. For details, please visit www.HIPAAAcademy.Net.

U.S. Government and Security – Complimentary Quick Reference Card Now Available from ecfirst.com, home of the HIPAA Academy.
The Federal Information Security Management Act (FISMA)is Title III of the E-Government Act (Public Law 107-347). It was passed by the 107th U.S. Congress and signed into law by President George W. Bush in December 2002. FISMA requires each U.S. federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other source.

Further, the Homeland Security Presidential Directive 12 (HSPD-12) specifies identity management and access control practices for government employees and contractors. FISMA and HSPD-12 are resulting in organizations taking a risk-based, cost-effective approach to securing sensitive information and systems. Get your complimentary copy of this quick reference card that highlights all key aspects of this important U.S. government information security regulation.

For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net

HIPAA Tip

Defense-in-Depth Architecture:
Enabling a Robust and Roving Shield

A defense-in-depth security architecture results in multiple layers of security so as to make the vital assets at the core of the infrastructure impregnable. The threat to the business infrastructure is both from outsiders and insiders. Security officers must think of their organization’s security in terms of establishing a “robust and roving shield,” to secure the infrastructure. Organizations have to counter attacks by developing a robust and roving shield to reduce vulnerabilities and deter those with the capability and intent to harm business infrastructure.

Examples of layers of technology that can be deployed as part of the defense-in-depth security architecture include:

  • Firewall systems
  • Intrusion Detection and Prevention Systems (IDS, IPS)
  • Strong authentication solutions such as biometrics, smart cards, tokens
  • Access control solutions such as Role Based Access Control (RBAC)
  • Encryption solutions

The combination of the implementation of these layers of security technology will make it highly unlikely that unauthorized individuals gain access to vital systems.

Pabrai Presents Digital Healthcare Challenges: Compliance Complexities and Rising Threats at the Indiana Security and Privacy Network’s Technology Fair on November 15. In this brief, Pabraiexamines several important compliance requirements such as SOX, PCI DSS, FISMA, HIPAA, FFIEC that impact the security priorities of businesses across industries. He then walks-thru key security frameworks and standards such as ISO 17799:2005, NIST, and COBIT. More information is available at www.inspn.org or visit www.ecfirst.com or contact Lorna Waggoner at 1.877.899.9974 x17.

 

 

Last updated: November 16, 2007