Skip to main content /TECH with IDG.net
CNN.com /TECH
CNN TV
EDITIONS


Cancer center halts wireless plan

Computerworld

By Bob Brewin

ASPEN, Colorado (IDG) -- The MD Andersen Cancer Center in Houston last week abruptly put on hold an 18-month effort to provide wireless LAN access to 11,000 users on its five-building campus due to security concerns.

IDG.net INFOCENTER
IDG.net
Related IDG.net Stories
Features
Visit an IDG site


IDG.net search



Ernest Teves, research and development director at the facility, said research has shown "it is so easy to crack" the built-in security of industry standard 802.11b wireless LANs, the Wired Equivalent Protocol (WEP). Speaking here at a Delphi Group wireless conference yesterday, Teves said that as a result of that research -- some of which was conducted by a student at Rice University, located just five minutes from the center -- he decided to put the ambitious wireless LAN project on hold.

Teves said he doesn't believe WEP will meet the stringent security requirements of the federal Health Insurance Portability and Accountability Act (HIPAA). He said he has asked Cisco Systems Inc. in San Jose, which has already performed an extensive site survey of the MD Andersen campus, to help beef up security.

Teves said additional security measures could throttle down real throughput on the wireless LAN from 7M bit/sec to 4M bit/sec. If that's true, Teves said, the wireless LAN installation could be stalled until manufacturers release products that provide 54M bit/sec. of raw throughput in the 2.4-GHz frequency band, an industry standard known as 802.11g.

John Pescatore, an analyst at Gartner Inc. in Stamford, Conn., said security concerns about wireless LANs and WEP are justified because of the vulnerability of the over-the-air interface.

"Our basic advice to clients is to treat wireless like the Internet, not like a LAN. Encrypt the data you send over it. Firewall your connection to it. Essentially, run a VPN [virtual private network] or [Secure Sockets Layer] over all connections over [wireless LANs] until second-generation standards are stable," which will probably be in the first quarter of 2003, he said.

C. Brian Grimm, a spokesman for the Wireless Ethernet Compatibility Alliance (WECA) in Mountain View, Calif., said that since HIPAA requires end-to-end security, running a VPN would satisfy any concerns a health care provider would have about WEP.

Phil Belanger, marketing director for WECA, said the industry group also recommends additional security measures, such as a VPN.





RELATED IDG.net STORIES:
RELATED SITES:
• Health Insurance Portability and Accountability Act

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top