In the past hospitals were afraid of wireless networking because of the obvious security issues surrounding a hospital wireless network. When you think about it, you’re basically broadcasting a network connection outside your walls so that now a hacker can take a shot at you without even setting foot inside a facility. This can be nerve racking for a CIO and network managers who carry the task of providing the infrastructure the hospital needs to support its many wireless applications (a list that grows everyday), but be able to provide it without allowing health records or other sensitive data to be compromised. There’s no way to dodge the requirement for wireless inside a medical facility today, so how do you provide the highest level of security?
If you start with Role Based Access Control, hospital wireless networks are just as secure as the wired network (our engineers even argue more secure).
So......what is Role Based Access Control?
Role Based Access Control (RBAC) is the process of being able to assign a specific security policy to users or groups of users that connect to the network. Here’s how that works: a user logs onto the wireless network using their normal network credentials, the system sees them in the “Employee” user group, and then assigns them a Security Policy that allows them network access to the email server, web gateway and a limited set of internal servers. Sounds simple, right? You’d be surprised at the amount of wireless networks that don’t do this.
Here’s how you provide Role Based Access Control for your Hospital Wireless Network:
1) Roles and Policies- It helps to think of your user groups in terms of what they need access to. Then consider creating a Security Policy that limits their access to only those systems. The first rule of data security is that you only allow people access to the systems they need to access. For example, an Executive Role would include a Security Policy that allows them access to the financial servers, while an Employee Role would have limited access to sensitive servers.
2) Directory Services Integration- Directory Services Integration is a critical step to provide wireless security by being able to authenticate each user connecting to the network. The credentials created for each person inside your directory services should also be used to authenticate the user on the wireless infrastructure. This means you're only maintaining one database of users accessing the network. This also works to secure someone not in directory services. If they don't have credentials, they don't get access, or you can allow them in a "guest" user role.
3) Wireless Firewalls – Your system needs to be able to segment traffic by user groups similar to the way a LAN firewall segments VLANS. For example, a guest user should be denied all internal servers and only be able to access the internet gateway to surf the web and check email. Each user group you’ve defined should have a Role on the network which correlates to a Security Policy for the network. If the user doesn’t have network credentials, they don't get access, or they get a guess role. Either way, you’re system is secure.
Are hospitals still avoiding wireless networks because of security concerns? Let us know what you think. You can also download our free wireless network design guide that discusses wireless security and wireless network design in more detail.