Within the scope of conducting vulnerability assessment to identify compliance and security gaps, be sure to include an audit of your firewall system, especially the internet firewall. For example, the firewall audit may result in findings such as:
Finding #1: Simple Encryption passphrase.
Risk Level: HIGH
Description: The firewall encryption passphrase should be complex.
Impact: A malicious user can gain un-authorized access to the firewall by breaking the shared secret and establishing a VPN.
Solution: Set a complex passphrase for virtual tunnel access using recommended strong password components.
Finding #2: Ports Open
Risk Level: HIGH
Description: Many of the ephemeral ports are open.
Impact: Many Trojans and other malicious software use these ports.
Solution: Regularly ensure that only required ports are open.
Finding #3Review newest versions of ASA code/software
Risk Level: HIGH
Description: Older versions of the ASA firewall code have known vulnerabilities which are corrected in newer versions.
Impact: Known vulnerabilities are highly documented and publicly available. These enable unauthorized parties to carry out malicious activities on the device.
For a customized proposal to audit your firewall system, please contact Lorna Waggoner, Director of Business Development at 877.899.9974 x17 or at Lorna.Waggoner@ecfirst.com. We spend no more than 2 days on-site and balance of work is executed off-site to develop a comprehensive report about the state of your firewall system’s security.
Get HIPAA Certified On-line! CHP Exam is Now On-line!
HIPAA Academy, the industry’s leading provider of HIPAA training, certification and consulting, has made available on-line the content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified HIPAA Security Specialist (CHSS). Recent clients include many hospitals, long term care organizations, BCBS, several business associates and leading firms such as IBM, HP, E&Y, Kaiser Permanente and others. For a Review the content and take the exams on-line. Get certified. For details, please visit www.HIPAAAcademy.Net.
For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net
HIPAA Tip
Compliance Portal Delivers 1-Click Access to Regulations!
ecfirst, the industry’s leading provider of compliance training, certification and consulting, has launched the industry’s most comprehensive compliance and security portal. Please visit www.ecfirst.com and click on Compliance Portal. Compliance Portal provides one-click access to all major information security and associated compliance requirements including HIPAA, PCI DSS, ISO 17799:2005 (ISO 27002), FISMA and many others. Now access the National Response Framework document from The Department of Homeland Security at www.ecfirst.com/complianceportal.
Managed Compliance Services Program for HIPAA
ecfirst is the first organization in the world to offer a scalable and flexible program to manage all your compliance and security requirements. If your organization is impacted by HIPAA, PCI DSS, Sarbanes-Oxley or other legislation, then find out how you can ensure compliance over a 36-month period with fixed monthly payments with minimal impact to your staff. Contact Lorna Waggoner, Director of Business Development, at 1.877.899.9974 x17 to learn more about the program. Or download a PDF copy of the Managed Services Compliance Program from www.ecfirst.com.
E-learning Courseware
For a free e-learning demo of ecfirst courseware in the areas of Professional Compliance, Corporate Compliance, HIPAA Compliance, Research Compliance, Accreditation or Quality Improvement , please contact Lorna Waggoner at Lorna.Waggoner@ecfirst.com.
