I don't understand your comments on network pricing, can you translate the management speak?
The simple question is why aren't NHSNet tariffs competitive vs other ISPs many of whom provide the sort of additional services the NHS requires as part of their offering to the corporate Intranet market. Either NHSNet is over engineered, overpriced or both.
You comments about attachments are technically correct but in practical terms are rubbish. I routinely send attachments of 100's of k to a few meg and long ago gave up splitting them in to smaller segments because nearly all ISPs handle them as a single item without problems. Again why can NHSNet do what nearly every ISP can?
There a lots of simple firewalls. Have a look at www.davecentral.com for a long list.
Firewalls become complex when you need to apply complex policies with large numbers of users such as firewall between a corporate Intranet and the Internet which will provide differential access through the firewall for different users or classes of user and allow access to services from the outside with complex IP filtering. Such firewalls are expensive and need highly skilled personnel to maintain them.
The sort of firewall need between a GP practices is simple (This does not mean less secure). It is probably adequate not to allow connections to any services on the local network except from local non-routable IP address. You can still browse through such a set up and send and receive mail to a POP3 mail server. You might want to open up a few services with appropriate authentication and access control behind them but that all.
-------------------------------------------------------------------------------------------------
Ewan Davis
AAH Meditel - Voice +44 (1) 527 579414 Fax +44(1)527 837287
Email [log in to unmask] also at [log in to unmask]
-----Original Message-----
From: John Coulthard [SMTP:[log in to unmask]]
Sent: Sunday, May 03, 1998 10:20 AM
To: [log in to unmask]
Subject: RE: Locality Communications
We seem yet again to have fallen into a binary discussion about NHSnet, my
comments and questions were broader than that. But I would like to pick up
on the points raised.
I believe that no one is being asked to "pay through the nose", networking
costs are never about single issues, they should be viewed within a business
process, if a GP can't save money by using networks to solve clinical
business needs they should not be using any of these networks. If however
they can provide the solution to otherwise unattainable advantage then do
it. For example, is anyone using Epact from the PPA. Has it been useful?
And more importantly has it saved them any money. Anyone using the MIRON
Site to access medical information databases.
I know that the gateway wraps attachments as .dat files, you need to change
the extension back to .doc or whatever. At least the attachment gets
through, some ISPs limit the attachment size and strip it if it is over a
certain size, hence MS Outlook can break attachments into 40k chunks to get
round this.
What is a simple firewall? I have yet to find one, and any kind of decent
one will cost 2K plus a few hundred maint per year.
If, and I tend to agree, the threat lies within the NHS how does encryption
help? The message would remain clear on the screen and hence still open to
abuse, encryption protects the message in transit.
John
-----Original Message-----
From: [log in to unmask] On Behalf Of Ewan Davis
Sent: 01 May 1998 19:12
To: [log in to unmask]
Subject: RE: Locality Communications
I find John's comments rather strange. Are we not already being asked to pay
through the nose for security on NHS (the belt braces and spare pair of
trousers approach to authentication to name but one example) and does not
the security already get in the way of the use of the network (the
attachment stripping gateway to Internet mail for example).
The security model applied to NHSNet is inappropriate seeking as it does to
provide security at the perimeter and assume all authorised user can be
trusted.
Adequate security requires simple firewall protection between the network
and end systems and message content needs to be protected via encryption.
This can probably be provided at lower cost than the current inappropriate
security measures and would allow NHSNet to provide the sort of connectivity
with the rest of healthcare community that will make it actually usable.
We can forget white paper targets until NHSnet is repositioned to recognise
the impact that the Internet has had on wide area networking. A review of
the security model is an important part of this.
----------------------------------------------------------------------------
---------------------
Ewan Davis
AAH Meditel - Voice +44 (1) 527 579414 Fax +44(1)527 837287
Email [log in to unmask] also at [log in to unmask]
-----Original Message-----
From: John Coulthard [SMTP:[log in to unmask]]
Sent: 01 May 1998 16:25
To: [log in to unmask]
Subject: RE: Locality Communications
-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]] On
Behalf Of Paul Galloway
Sent: 29 April 1998 23:33
To: [log in to unmask]
Subject: Re: Locality Communications
Go on, give us a clue to what you think the answers to your eminently
sensible questions are , then I'll argue my corner
(unless of course we agree!)
:-)
Paul Galloway
Unfortunately we agree.
The network was designed to be "open" from a systems point of view, hence
application providers can do what they want, and I am sure they will, and
charge us! If I wanted to add considerably to the cost of any system I
would try to convince the customer that they needed the latest 128 bit
encryption. The fact that they might not need it is neither here nor there
if they THINK they need it. Security, in sales, is about paranoia not
reality.
My point is that until we identify a threat that might risk patient data,
that is network specific, then we should carry on with the current safe
guards.
I am of course not just talking about NHSnet, the same is true of links to
branch surgeries and for that matter home links to the Internet.
My questions stand, can we find a threat that is real and quantifiable that
we can write a business case against it, or are we going to pay through the
nose for security and encryption that would protect the us against nothing
and get in the way of the necessary interaction with patient data.
Do people remember the Zergo Report, try reading it again, if you have a
copy, they could not find the threat and neither can I.
Regards
John
|