 |
 |
In a response to Colin Browne, Paul Miller writes > Subject: Re: Select Committee Report > > From: Colin J Browne <[log in to unmask]> > > Subject: Re: Select Committee Report > > > The NWCS has a subgroup which is looking at encryption of messages in > > view of the discussions with the BMA. Yes tehy are trying. The BT > > Syntegra NHSnet has a secure gateway to the internet which would allow > > access to all your favourite sites such as GP-UK. This would be part of > > the connection deal to NHSnet. > > > Is this not meant to be "one way" gateway, thus essentially > restricting it's use. For example, presumably I couldn't download > files by ftp although I could upload ; although I could post to > newsgroups, I couldn't receive. What does "Secure gateway" actually > mean ? The point stands that if we are forced to take all our internet content > through one ISP which is monitoring what we do and what we receive, > we will be paying higher prices for a lesser service. Also, what > about BBSs and big BBSs like Compuserve etc. Will we get access to > them ? > > > > > The LA's Social Services would have to conform to an expensive audit to become > > a *trusted non-NHS body* on the NHS net. This may prove to inhibit development > > of community care which is highly relevant to health in deprived areas > > such as ours and Bridgeton unless it has changed dramatically since I > > was there. > > > Agreed entirely. > > I remain, overall, a little confused by the many issues here. > Security seems to be a priority to all concerned, but it seems to be > being addressed from the wrong angle (alarmingly), and by taking what increasingly > seems like an unworkable and restrictive method of managing it we are > likely to create something of limited value, with as many > disadvantages as advantages. > I suspect that there are two basic flaws in attemtpting to provide security for systems connected to a network by retricting the connections to that network 1 it is very easy to bypass. A small computer with a link to the NWN and to any other network, can very readily bypass the firewalls. It would of course be outside the terms under which the small computer was allowed to be attached to the NWN, but we cannot really expect the criminals to abide by such an agreement 2 the serious risks to security will come from the actions of people within the NHS, whose systems are legitimately attached to the NWN. I am not sure of my figures, but suppose that about 1% of the UK popu;ation have criminal tendecies, that there are about 1 million employees of the NHS, and that the screening at recruitment manages to identify 90% 0f would-be criminals; that means that there are about 1,000 criminals at work in the NHS, all fully able to exploit the NWN. The only really effective way to safeguard an application running on a system is to control who can invoke the application, NOT to control who can connect to the system. Mike Wells ========================================================== Professor Mike Wells Department of Physics, The University of Leeds Leeds LS2 9JT, United Kingdom Phone: 0113-233-2339 E-Mail [log in to unmask] ========================================================== %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%