I have a Lan, 192.168.1.1, I have a Netscreen Firewall/VPN box connecting the LAN to the internet and some remote modalities (Ultrasound machines). Some of the imaging machines on my network are CT and MRI made by Toshiba. Toshiba wants direct access through VPN to these machines. However, they want me to setup VLAN with those machines on the VLAN. Then let them put a box on the network that will connect to this VLAN and run a point to point through my Firewall to Toshiba. My network will have to have access to these Modalities but can't access Toshiba or their VPN box.
What type of box are the proposing to put on your network? Do you have routers capable of supporting VLANS or are you hoping to use the Netscreen? Is the Netscreen Firewall/VPN appliance your company's property?
Lacking more info, here is a suggestion. Install a PC on your existing network and sign up for services from gotomypc.com. This service is designed and operated by Citrix and will not cause you to make any network design changes. The can remote into the PC from any machine on their network that has a compliant web browser. This way you are maintaining control over the machine and not exposing your network whie protecting their's. Create a security/usage agreement with Toshiba as to who in their company will have access to this resource and the username/password. Also spell out if they need to contact your organization before using. Have a lawyer put it into legalease and make 'em sign on the dotted. Protect your assets not their's.
You could also do the samething with PCanywhere or another remote control product but you would have to create rules on your firewall to make it more secure.
Never give a vendor control of your network unless they are willing to support the whole thing.
Off to grab some brew...
needcoffee
Disclaimer:
I have not worked with gotomypc.com yet but am thinking about using it at my workplace to provide remote vendor connectivity to restricted machines.
I understand what you need, but I am not familiar with Netscreen. I looked Netscreen up, and it appears that it will do both VPN and VLAN from the router, but I couldn't tell you how to config it specifically. What needcoffee suggested may not work if they need to telnet into these machines.
My facility is setting up a similar system with a combination of GE Cath, Phillips MRI/CT, Kenedx US, and Siemens NM.
All the vendors we have talked to take one look at the ancient building and say they must have their own physical LAN. They relent once we say gigabit backbone – and settle for the VLAN.
To make this work we will upgrade our core (4506) switch to provide the routing needed and use Cisco VPN client with rules to set rights and restrictions for vendor/MD access. We have an access agreement policy/form we are using now for MD’s to access financials and have adapt it for image access.
Anyone know a source (or willing to share) templates of agreements/policies, as they must be reviewed every three years?
I would like to here more about “go to my pc.com” as I have a small staff and favor anything that will ease the workload while still giving us the control we need. (I kind of shrugged it off when I heard Bill Handle, on KFI, pitching it)
Will only agree to two different ways of doing this. One is proposed by NEMA and the other by Toshiba. Toshiba's way is a proprietary VPN box that sits on the inside of my Firewall and has access going out of my firewall to Toshiba's VPN. I am to put my MRI, CT, etc on a VLAN with the proprietary VPN box.
The Netscreen is a VPN / Firewall box that is a very robust little box with its own memory, cpu, av, etc. They just got bought by Juniper.
Nema's solution is to revamp the whole network and I don't have space to give their solution that was agreed upon by HIPPA.
Gotomypc as per my experience with it, is that it leaves you open to the world. Plus the fact that you are inviting in a connection that a hacker can come in on with your permission to the network. Off of this machine, in order for Toshiba to work on their modalities, this machine would have access to the servers as well as the Modalities. The encryption is not that high either....Unless they improved it from when I tried it, when it first come out.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.