|
|
|
|
| Author |
|
|
Living in Reality
Join Date: Jan 2004
Location: Chicago, IL
Posts: 5,671
|
Quote:
And oh we have a hell of a budget alright....one of the reasons I love the job! Personally, if I were him, I'd put a stand-alone PC. I agree, most of us don't take our laptops to the doctor. If I needed anything, I'd have my blackberry. It's a nice offering, but I wonder how utilized it will be. However, he could be setting the trend for the future....I dunno.....you can get a lot done waiting what seems like forever for your appointment..... For him, yes, separate network, separate DSL line, etc. There's no need to have production on the WIFI unless the office workers have laptops. The advice contained herein is all accurate. |
||
01-02-2007, 01:42 PM
|
|
|
Registered
|
you guys are all paranoid. Then again, i guess you're running windoze...
At my last two places I have *insisted* on having open wireless (albeit with limited port capabilities). I run my home network wide open as well. If someone wants my bandwidth, have fun...I don't pay by the bit. And I have yet to see a homeless person outside stealing signal or trying to hack govt computers from my bushes. All this draconian stuff is an IT manager's wet dream, and a nightmare for someone who actually needs ubiquitous network access... |
||
|
01-02-2007, 04:39 PM
|
|
|
Registered
Join Date: Mar 2002
Location: My House
Posts: 5,345
|
regarding 802.1x - it is fairly secure but still breakable - though I don't know how to do it and I consider myself pretty high up there in the network security no-how arena. Cool; don't get too full of yourself - the fall when your network is compromised even by accident will be a hard one.
802.1x the protocol is actually very secure but still relies on stupid humans to implement it. So, you have 802.1x implemented - how many client certs are there? 1 for all or 1 for each individual computer? If it is 1 for all then I can bet with confidence that your network is already compromised. If it is 1 for each client then I will still bet that certs are not being revoked properly at termination and thus still useable. All of these things equal insecure. Next question; how secure is the radius server doing your 802.1x authentication? How secure is your port management on your switches? Are all workstation ports set with port fast and bpdu guard enabled? If not; I'll bring over my cheap switch and figure out your VTP domain name, set mine the same with a higher revision number and figure out your authentication and then erase all of your vlans for you. :-) Just for kicks. Still, this guy's not looking for this indepth of a solution. He can do what he wants to do very easily with a second DSL connection and an off the shelf wireless router that supports WPA2. Really, he could leave it wide open but if someone were to do something bad on his network he would open himself up to some liability. If he didn't get releases from his patients and they did something bad with the access he would still be open to some liability. The key here is that if he's in the US he needs to comply with HIPAA and the easiest way to do that is to ensure that these two networks are separate.
__________________
-The Mikester I heart Boobies |
||
|
01-02-2007, 09:35 PM
|
|
|
Registered
Join Date: Jan 2000
Posts: 6,950
|
A stand alone computer seems to be the trick. I've got plenty of outdated ones that I rotated as workstations until they can't handle the next software upgrade. I actually have an extra dsl modem from my home that I have since upgraded to cable. I'm using the same dsl provider in my office. Could a split the phone line thats coming into for the dsl to operated two modems? Then run them separately after this? Thanks again. Geez, this is better then talking to Dell in India!
|
||
|
01-03-2007, 04:21 AM
|
|
|
Gon fix it with me hammer
|
i'de avoid a standalone pc like the plague
for one thing it still needs to connect to "something" and you cannot run it with "internet sharing" one of the existing pc's it's a liability for more reasons then one and will require managing the box, and continious checking if the lock down has not been comprimised... all in all, not a good solution you do not want to be bothered keeping the pc running, with patient and their kids screwing up the box all the time... unless you are a masochist pc hobbyist trust me on this one, you do not want to maintain a public accessible pc they will screw it up if it has anything more then a touch screen with menu options... having wifi enabled from a second dsl line, and then having patients connect with their own laptop or pda's is fine, if they cannot figure out how to connect their own gear to your patient wifi net with the wifi hotspot info posted, then train your people to shrug shoulders and say "i'm not the network geek around here, sorry it works for most people"
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
01-03-2007, 04:36 AM
|
|
|
Registered
Join Date: Jan 2000
Posts: 6,950
|
I think you misunderstood me. I am going to have one computer away from patients that is controlling a wireless router. Thats it. The computer will be a marginal one at best, at least good enough to configure a router
 If I can spit off the modem to seperate, I'm looking at not increasing any monthly fees.
|
||
|
01-03-2007, 04:46 AM
|
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 56,103
|
It is usually possible to use a wireless router as an access point or a router if the router has a few wired switch ports as well as wireless.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa  SOLD 2004 - gone but not forgotten
|
||
|
01-03-2007, 08:17 AM
|
|
|
Registered
Join Date: Jan 2000
Posts: 6,950
|
Quote:
|
||
|
01-03-2007, 08:42 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 56,103
|
Well, technically you can even hook the new wireless router up as a router and just have it assign it's own IP's and NAT/PAT them just as it would any place else.
I've read and re-read your initial post. I guess I just don't understand what you are looking for. I'm betting that there's a 99% chance that you can do whatever you want, but I just don't understand what you want.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa SOLD 2004 - gone but not forgotten
|
||
|
01-03-2007, 11:18 AM
|
|
1979 Porsche 911SC 3.0
BimForce the Third, Esquire
