"Wi-Fi represents a low barrier for a knowledgeable attacker who wants to directly access a local area network," he says. "Wi-Fi can be a launch pad for targeted attacks. And most local network security controls are designed to address on-the-wire activity."
In an interview (transcript below), Paidhrin warns other healthcare organizations that "a poorly configured Wi-Fi security posture is an invitation to attack and abuse."
In describing the hospital's wireless risk management strategy, the security officer:
- Describes the hospital's use of web proxy filtering to monitor traffic for appropriate use;
- Explains why the organization gives Wi-Fi users a detailed agreement to set expectations, "which goes a long way toward avoiding conflicts with our patients and visitors;"
- Outlines how the hospital uses advanced switching and routing equipment to segment public and private traffic over its high-speed fiber cable network backbone;
- Pinpoints other security technologies that are part of the "defense-in-depth" strategy.
Before joining the 340-bed hospital, Paidhrin worked for many years in IT and business operations in higher education, the private sector and entrepreneurial environments, where he held numerous director-level positions.
HOWARD ANDERSON: First, tell us a bit about your hospital
CHRISTOPHER PAIDHRIN: We have 340 beds and we are licensed to increase that number by at least another 80 in the next year. We have internally about 60 physicians, and we are expecting that to increase to 100 in 2011. We participate in a regional network of providers who are not our employees; that number includes 3,600 medical staff and at least another 600 external physicians. Inside the hospital we have 3,200 employees.
Free Wi-FiANDERSON: We want to talk to you today about the security issues involved in offering Wi-Fi services to patients and visitors. Why did you decide to offer it?
PAIDHRIN: To meet a growing request for free and public access for our patients, visitors and guests. So with a modest infrastructure investment and continuing expense, we decided that the value to our customers, patients, visitors and guests was very high, and it was important to them to remain connected either to their e-mail or to their family and friends while they were visiting us or staying here at Southwest.
Wireless Security RisksANDERSON: What did you perceive to be the key security risks involved in offering this service, and how did you go about addressing those?
PAIDHRIN: Wi-Fi represents a low barrier for a knowledgeable attacker who wants to directly access a local network. Whatever the attacker's motivation or objective, the wireless method represents the most exposed access path to any network. So unless you have an unmanaged live data port that you could plug right into your network, the wireless network represents the greatest risk. So when they are using Wi-Fi to attack us, it's like a launch pad for targeted attacks, and most local network security controls are designed to address on-the-wire activity. A poorly configured Wi-Fi security posture is an invitation to attack, so we address this with several barriers and protections between our public and our private wireless network.
Monitoring Wireless UseANDERSON: Describe your use of web-proxy filtering, how it works and what it accomplishes.
PAIDHRIN: Southwest uses three systems to filter Internet usage. We use a Microsoft ISA server farm -- Internet security acceleration servers. It's a cluster for two purposes, to firewall and to proxy our public Wi-Fi. More simply, the ISA servers screen packets at the circuit level and application level, and that operates like a firewall. Then it also filters for content and appropriate use, and that is the proxy filtering portion. So we set up rules on these ISA servers to limit the kinds of traffic, where it is coming from and going to, and then monitor levels of use as well, and anything that falls outside of our acceptable standards gets flagged and alerts go out. So we're very pleased with our ability to monitor and secure our public Wi-Fi.
Wireless Use AgreementANDERSON: Describe why you wrote a detailed web use agreement for individuals to sign before they use your Wi-Fi network.
Switching, RoutingANDERSON: I understand that your organization uses the same high-speed fiber cable network for its private network as well as the public Wi-Fi access. Please tell us about the technologies you use to separate the public and private traffic.
PAIDHRIN: Southwest makes use of high-speed fiber cable networks to pass vast amounts of data and information across our extended service areas. With advanced switching and routing equipment, we can separate out public traffic from private traffic without ever letting one cross over to the other. And our systems use international networking standards. We segment them at very low levels so that there is no risk of compromise -- just right about the physical cable level. ...
Wireless Security IssuesANDERSON: So far, have any security issues arisen with public use of Wi-Fi in the hospital?
PAIDHRIN: We've been fortunate in that we haven't been targeted by attackers trying to use our wireless networks. We've seen a few cases of attempts to use our Wi-Fi to reach inappropriate Internet based sites, but our controls prevent any excessive use or abuse of service. Back when we started in 2008, there were a few abusers who wanted to leach off of our Wi-Fi ... from the comfort of their cars in the parking lots. But now that Wi-Fi is freely available at coffee shops, libraries and malls, we don't see this abuse any more.
Firewalls, Web FiltersANDERSON: Are there any other security technologies that you're using to protect your wireless network? What advice would you give to other hospitals based on your experience?
PAIDHRIN: We reinforce our Wi-Fi. We back up those ISA servers with a pair of Cisco firewalls, and we filter all traffic for malicious code traffic to unauthorized hosts. They also prevent scanning, probing attempts -- anything internal or external -- regardless of where they are. We also have auditing and alerting tools that give us the assurance that our networks, both wired and wireless, are clean, secure and being used appropriately. We have a security event and incident management solution to oversee everything. So it consolidates and normalizes any and all alerts. It brings to our attention the real threats. And we have a number of network and integrity health monitoring tools. ... We keep adding layers and layers -- that is my recommendation. Use the defense-in-depth concept to, whenever you can afford it, add the next most effective layer around and within the network so that you are as aware as possible of the activity that is going on.