SSH, VPN: Are these secure over a wireless connection?

[skyking]

My brother is a mobile X-ray tech, uploading files to doctors via a 28.8 modem. His employer would like to speed up the process, but the company must be very careful regarding any personal patient information. I have not examined The Health Industry Privacy Act for specifics on data transmission yet, but security is a must.
His employer is willing and interested in setting up DSL accounts in a few locations for uploading, but I think an aggreement with an existing company and network can be made.
If my brother could wheel up to a business that they have an aggreement with, and upload via 802.11B from the parking lot, it would be so much more convient than going inside and plugging in. I am the biggest proponent of using copper when at all possible, but this is a case where wireless has its advantages.
Is the encryption in SSH or VPN good enough to reasonably secure those files over 802.11B?

 

[Crypticburn]

If that is what he currently uses to broadcast the data over the internet, it will most likely suffice for a WLAN as well...

Crypticburn

 

[hjo3]

Should be, but I'd use maximum bit size WEP too if the data's that sensitive. Of course, ppl could still theoretically capture his sent material and eventually decrypt it... dunno what the HIPA has to say about that.

 

[skyking]

Originally posted by: Crypticburn
If that is what he currently uses to broadcast the data over the internet, it will most likely suffice for a WLAN as well...

Crypticburn

Currently, they use dialup and 28.8 modems. Theoretically, that could be compromised, but not likely. It is just very slow to send out a few Mb images.

 

[gunrunnerjohn]

Originally posted by: skyking

Originally posted by: Crypticburn If that is what he currently uses to broadcast the data over the internet, it will most likely suffice for a WLAN as well... Crypticburn

Currently, they use dialup and 28.8 modems. Theoretically, that could be compromised, but not likely. It is just very slow to send out a few Mb images.

I think SSH and wireless LAN WEP would be more than sufficient to meet the regulations you're worried about. They want you to protect patient records, but they're not national security secrets!

 

[ScottMac]

He should be OK with either if they're properly implemented. Between a dynamic WEP and the tunnel encryption it'd be pretty solid.

I believe SSH (at least Secure CRT/SFTP by VanDyke) can do up to AES256 ... I think that'll meet (or exceed) HIPPA. Both endpoints must be at the same level of capability - the Security Association will be detrmined by the priority assigned at the "server" side of the connection (The server will try to the #1 choice, then the second choice, etc until the client agrees).

Heavy encryption will slow things down some, but I'm sure it'll ultimately be way faster than a modem.

Check out VanDyke's site for the server side, or, of course, OpenSSH.org (I believe thier server is *nix only), or SSH.COM.

Good Luck

Scott

 

[skyking]

Thank you, Scott. I will also add MAC addy filtering to the mix, and he will connect to these networks so infrequently, sniffing will be difficult at best.

 

[tgillitzr]

As far as I know, the Data security portion of HIPPA does not go into effect until 2005 or 2006.

I would think a SSH or VPN tunnel within a WEP secured WLAN would be fine.

 

[skyking]

I am thinking so too. I will be meeting to formulate a plan of action later on this month.

 

[Nothinman]

OpenSSH.org (I believe thier server is *nix only),

It runs under cygwin, I have no idea what kind of speed decrease it'll give though because a lot of things run a good bit slower under cygwin.

 

[skyking]

If I can implement a 'nix server at all, I will

 

[p0lar]

How many different sites does he have to manage?

If it's less than a half-dozen, I'd recommend going with a hardware VPN solution. 3DES is usually de-facto, sufficient for HIPA, and won't totally blow his gains from DSL/Cable/Whatever his broadband-du-jour is. If he were to run a SSH tunnel through the VPN connection, it's highly improbable that the mode of communication will be the weak point of data capture.

This way, he never has to leave his office either. I mean, if he's going to drive all the way over there, why not just drop off a CD? The office can microwave it when it's done and that's that.

Technology is cool, but don't let it eclipse feasible practicality!

 

[JackMDS]

Quote: "SSH, VPN: Are these secure over a wireless connection?"

It is much easier to Tap into Wireless than into wire. Using Wireless is like putting a Switch on your front yard (or Hallway) so that people can plug in (and decipher if they can).

However the protocols, SSH, VPN by themselves are not more secure or less secure than on Wire.

P.S. This not for you Skying. Just is a general Public statement.

 

[skyking]

Originally posted by: p0lar
How many different sites does he have to manage?

If it's less than a half-dozen, I'd recommend going with a hardware VPN solution. 3DES is usually de-facto, sufficient for HIPA, and won't totally blow his gains from DSL/Cable/Whatever his broadband-du-jour is. If he were to run a SSH tunnel through the VPN connection, it's highly improbable that the mode of communication will be the weak point of data capture.

This way, he never has to leave his office either. I mean, if he's going to drive all the way over there, why not just drop off a CD? The office can microwave it when it's done and that's that.

Technology is cool, but don't let it eclipse feasible practicality!

these are roving techs who send images to one central location for interpretation. The currently borrow a phone connection wherever they are, and twiddle their thumbs while it goes out at 28.8!
I am looking into setting up a few connection points that they can drive to along the route, and quickly send out. These may be a DSL connection arrangement at some doctor's office or nursing home, and the wireless would simply speed up the process, eliminating bringing in your laptop, getting a door opened late at night ( on call 24/7/365 )