Securing data transmission
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Securing Data Transmission PowerPoint PPT Presentation


  • 53 Views
  • Uploaded on
  • Presentation posted in: General

Securing Data Transmission. Columbus Convention Center - October 1, 2008 Meeting Room E171 James Matheke Greg Perkins. Securing Data Transmission.

Download Presentation

Securing Data Transmission

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Securing data transmission

Securing Data Transmission

Columbus Convention Center - October 1, 2008

Meeting Room E171

James Matheke

Greg Perkins


Securing data transmission1

Securing Data Transmission

Securing Data Transmission is becoming a growing concern for Security Professionals in both private and public sectors especially health related. Business requires that many forms of data be transmitted securely.


Securing data transmission2

Securing Data Transmission

HIPAA

  • HIPAA – Health Insurance Portability & Accountability Act of 1996.

  • HIPAA protects PHI

  • PHI – Protected Health Information

  • Several ODH applications transmit PHI

  • HIPAA Title II – regulates & establishes health care related IT systems.


Securing data transmission3

Securing Data Transmission

When you begin to discuss Secure Data Transmissions there are several questions that need to be ask.

 What data needs secured?

Where is your sensitive data?

Who uses the sensitive data?

How does the data move?


Securing data transmission4

Securing Data Transmission

What data needs secured?

Data transmitted to Business Partners

Data sent via email

Data transmitted internally over the WAN

Data transmitted from Remote Users

Wireless data communication


Securing data transmission5

Securing Data Transmission

  • As you can see Securing Data Communications is a broad topic due to the types of data transmission avenues. So I would like to give you an overview of the various technologies available to assist you with this task.

  • Securing Data Transmission is most likely some part of every IT staff individual’s responsibility. Hopefully if this does not make sense now it will by the time we are finished.


Securing data transmission6

Securing Data Transmission

Focus Points

  • Network Level encryption

  • Securing Remote users

  • External Organization- Secure data transmissions with business partners

  • Application encryption

  • Wireless encryption

  • E-mail encryption


Securing data transmission7

Securing Data Transmission

Network Level Encryption

  • Network level encryption is an easy way to encrypt data without modifying or rewriting your applications. This is all done at the network layer on your organization.

  • This level of encryption enables the security professionals to protect data transmissions at a network layer between entire source networks and destination networks as well as host to host communication.

  • This type of encryption is typically done on networks within an organization across the WAN but not typically between organizations.


Securing data transmission8

Securing Data Transmission

Network Level Encryption

  • Example:

    • Confidential data identified

    • Client/Server Application

    • Data runs across WAN … private point to point T1

    • Why do you still need to encrypt this data? It a private T1.

    • It may be quicker, easier and/or more cost effective to implement network level encryption. This is a good example of how organizations use this technology.


Securing data transmission9

Securing Data Transmission

Network Level Encryption

  • The State of Ohio also utilizes this type of encryption between the Cabinet Level Agencies.

    • Has anyone heard of the Inter-Agency VPN … or State VPN?


Securing data transmission10

Securing Data Transmission

Network Level Encryption

  • ODH utilizes the technology with our Local Health Departments in each County & larger cities

  • Dedicated server farm centrally located.

  • Encrypted all traffic to these server networks

  • Advantage: This allows ease of management.

  • Disadvantage: Obviously it takes slightly more network resources (router CPU etc…) to encrypted traffic but for us (and most organizations) network resources are not the issue.

  • Advantage: Each time an application changes or a new application is put in place it would considerable work to modify the network each time.

  • Advantage: Also we don’t have to worry about miscommunication or no communicate that a new application requires secure communication.


Securing data transmission11

Securing Data Transmission

Network Level Encryption

  • WIC offices – non co-located

  • Inexpensive Broadband for these offices

  • How do secure data transmissions?

  • Encrypt or tunnel all network traffic back from the small office back to the Central Office, across the Internet for access to agency applications.

  • Good small office solution (1-30 users).

  • Local 1.5 Mb broadband access is available for as low as $70/month (w/ 2 year contract).


Securing data transmission12

Securing Data Transmission

Securing Remote Users

  • Remote users create additional security concerns because of where they communicate from

  • Secure Remote users with a VPN solution

  • There are numerous VPN solution products

  • How they typically work: Configured on a security device i.e. VPN concentrator or Firewall as well as adding VPN software to the client PC/Laptop.

  • SSL VPN can also be done without a client


Securing data transmission13

Securing Data Transmission

Securing Remote Users

Concerns/Recommendations:

  • No Split Tunneling. A term for a specific VPN configuration that allows the users to connect to the “users at home” LAN/Internet as well as the organizations network. This possible allows other LAN users to connect via the VPN to the organization resources.

  • Be sure to group your incoming VPN users (say by IP address) so that if you have a security incident that you can identify the individual or group.

  • Migrate RAS dial-up to DMZ and limit access.


Securing data transmission14

Securing Data Transmission

External Organization Data Communication

  • What is external organization data communication

    • Communication with your various business partners

    • i.e. ODH receives various lab results and hospital info.

  • How do we secure data transmissions with our business partners?

    • T1 to every business partner? No.

    • Use the Internet

    • Create “site to site” VPN connections.

      • These connections encrypt the data communication as it flows across the Internet.

  • Like Securing Remote Access this is done with a security device such as a VPN concentrator or firewall at each organization.


Securing data transmission15

Securing Data Transmission

Application encryption

  • Secure Data transmissions with application encryption

  • SSL based html code

  • Examples: Banking, Internet purchasing, personal health related or other sites with confidential data.

  • What if you need to encrypt new data content on your web servers?

  • Load Balancing devices can “encrypted” data


Securing data transmission16

Securing Data Transmission

Application encryption

  • ODH Migration Project from BigIP to NetScaler.

    • Terminate SSL connection on both devices.

      • Communicate via http to back end servers … can encrypt also

      • More efficient and speeds up your web applications.

  • Additional features (off subject)

    • Cache static content (*.gif, *.jpeg, *.pdf, *.css and java scripts

    • Compression of these file types

    • Additional speed with these features.

  • There are also ways to implement a PKI solution to secure/encrypt your applications.


Securing data transmission17

Securing Data Transmission

Wireless Security

  • Wireless networks are increasing as are wireless security issues.

  • Unsecured wireless networks can be a huge vulnerability of an organization.

    • Rouge access points brought in by staff, public wireless access or mis-configured AP’s in an unsecure manner can be a big issue.

    • Secure your confidential information accessed via your wireless network. Hackers can captures data out of the air.

  • Wireless Internet access from Hotel


Securing data transmission18

Securing Data Transmission

E-mail encryption

  • Numerous email encryption applications are available on the market.

  • How do they work?

    • They work by sending a web link to the recipient of the email who then logs into to the secure email server to retrieve the email

  • ODH uses ZIX Corp email encryption which has built in algorithms or dictionaries called Lexicons that inspect outbound email traffic for 1000’s of keywords, phrases including PHI information signatures as well as other confidential indentifying information.


Ohio digital summit

Ohio Digital Summit

Securing Data Transmission

Questions?


  • Login