Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Internet access in doctors waiting room, what sites to block? 3

Status
Not open for further replies.
Nov 7, 2005
103
US
Hello,

We are setting up two laptops in our waiting room for internet access. They are using wireless connectivity and I am using the shared computer toolkit and have all drives locked among other things. these laptops are using our network to access the internet.

In your opinion are there any particular sites you think I should block? Do you think this is an easy way for viruses to get into our network?

I am using WPA wireless security, hidden SSID and mac address filtering.
 
Seriously, I'd create a firewall (or DMZ those laptops) between your network and them. Yes it could be an easy way for a virus to creep on your network. I'd remove the CD and Floppy drives. Me being the geek I am, I dont care what you block or what OS you are using, if I have physical access to a machine I can do just about anything I want. In fact you might want to use desktops and keep them under lock and key but thats just my opinion.

How are you planning on blocking specific sites? Software or thru a firewall?

Cheers
Rob

If someone helps you, leave them a star. It is just a nice way to say "Thank you"

The answer is "PEBKAC!
 
I'm with Rob.

Separate them from your production network somehow... VLAN, firewall/DMZ, etc.

No physical access... keep them in a cabinet, or under plexiglass.

If you can't, then Remove floppy, and CD/DVD and use something like "devicelock" to disable USB ports so nothing comes in or out via USB memory stick.

If you are in the US, I would block porn only. I think if you're going to put them in a public space, the onus is on you to protect the public from seeing something offensive.

One option is to segment off those machines, and then route that internet traffic through a proxy/filter that's free like and then you can use plugins/addons like dansguardian and block slews of "porn", "adult", "weapons/war", etc. sites that may be offensive to others.

Better yet, send this question back up to management and make sure they've though through the risks before you spend much time on a technical solution.
 
i have all local drives, cd-rom and usb ports disable and inaccessible with the shared computer toolkit.

i was planning on blocking the sites in the wireless access point that we are using for the laptops. Also i have the laptops physcally locked to a table that they are sitting on.

how do schools and libraries allow internet access machines without problems?
 
Here is what I would do if I wanted to make a public accessible computer in a doctors office. I'd use a desktop on a different WIRED network, in fact I'd probably do a seperate DSL or Cable connection than my own office T1 connection. I'd physically lock it so no one has access to USB, CD or floppy. I'd put it on a domain so I can control access to the machine, from there I would use GPO to block EVERYTHING but Internet Explorer and maybe the PC games (Solitaire, etc) I'd make it so the only thing the user gets is the start menu with those two options. Nothing on the desktop. No reboot, no log off. Then I'd use a real firewall and block downloads, streaming music, and adult content and then have it alert the IT staff if someone tries to access any of it.

When it comes to a doctors office you are playing with fire adding PC's on your internal network. There are TONS of federal and state rules about blocking access to patient files. Although WPA, WEP, MAC filtering are good tools to use with wireless connections, they can be cracked with tools anyone willing to do a few Google searches and a couple of hours sitting in the parking lot at 2am. You would have to check your local laws but some states require some REALLY high end security for using a wireless network on a doctors/dentist office.

Even putting a desktop out there on the same network with a VLAN or DMZ, man, I would add so much logging and filtering it almost wouldn't be worth it and that isn't even considering the cost of it all. Good luck!

Cheers
Rob

If someone helps you, leave them a star. It is just a nice way to say "Thank you"

The answer is "PEBKAC!
 
Rob got me thinking about that. I didn't put 2 and 2 together.

Pete, I think you're asking the wrong people here.

Being a Medical facility, you need to talk with someone who is a HIPAA expert...

Quick googling...


Like Rob, I wouldn't touch public wireless (or public networks) at a doctors office for any amount of money.

Too much risk. I like to eat and so does my family. Unemployment isn't an option :)
 
projectpete said:
how do schools and libraries allow internet access machines without problems?

See my post above. That's how they do it. The ones that don't do it that way, wind up on the evening news with those "New 5 investigative report" about how they allow porn to be accessed in a public place or confidential files being accessed.

Cheers
Rob

If someone helps you, leave them a star. It is just a nice way to say "Thank you"

The answer is "PEBKAC!
 
Pete,
A good idea but really not worth the risks that have been outlined here, especially when dealing with HIPAA compliance. Get the wireless off of your production network, it's just not 100% safe and you're putting your business in jeopardy. Also, those laptops are going to be nothing but headaches in a few months when they start to get errors (typical laptop behavior) and mishandled by children or whomever. A nice TV should suffice unless your really dragging your ass with your patients back there. :)

-Chris
 
cjcoyle-i totally agree with you, we already have two tvs out there, i am already thinking that once the laptops get misused in a couple months the whole project will be abandoned anyways.

but all you guys are right, i am going to suggest a $25 a month DSL line just for the laptops. this project was approved by my old IT boss that got fired in the middle of it.
 
That's a better solution. I'd keep it totally separate... as in... don't just VLAN those laptops off yoor corporate infrastructure. Googling for an arp toolkit would allow someone the opportunity to get in your production network.

I'm thinking $25 DSL, Linksys WRT54G, and 2 laptops. That's it.
 
Can I ask what you mean by "shared computer toolkit" ?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top