Jeff Shockley Roche Diagnostics

Similar documents
Network Services Internet VPN

Ports, Protocols, and Services Management (PPSM)

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Linking 2 Sites Together Using VPN How To

Secure Network Design: Designing a DMZ & VPN

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

WAN Failover Scenarios Using Digi Wireless WAN Routers

Based on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel.

Small Business Server Part 2

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

How To Extend Security Policies To Public Clouds

Virtual Private Networks (VPN) Connectivity and Management Policy

Configuring a VPN for Dynamic IP Address Connections

VPN Quick Configuration Guide. Astaro Security Gateway V8

GPRS and 3G Services: Connectivity Options

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

Remote Access Procedure. e-governance

LAB FORWARD. WITH PROService REMOTE SERVICE APPLICATION. Frequently Asked Questions

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

Preliminary Course Syllabus

Recommended IP Telephony Architecture

Fireware Essentials Exam Study Guide

LAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS

Developing Network Security Strategies

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

H.I.P.A.A. Compliance Made Easy Products and Services

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Howto: How to configure static port mapping in the corporate router/firewall for Panda GateDefender Integra VPN networks

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

L2F Case Study Overview

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Firewall Architecture

APPENDIX 8 TO SCHEDULE 3.3

Next Generation Network Firewall

ICTTEN5204A Produce technical solutions from business specifications

Ancero Backup & Disaster Recovery (BDR) Service Guide

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Service Descriptions

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Guardian Digital Secure Mail Suite Quick Start Guide

REMOTE ACCESS VPN NETWORK DIAGRAM

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

Chapter 4 Virtual Private Networking

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

March

ICANWK406A Install, configure and test network security

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

INTRUSION DETECTION SYSTEMS and Network Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

HOWTO: How to configure IPSEC gateway (office) to gateway

SECUR IN MIRTH CONNECT. Best Practices and Vulnerabilities of Mirth Connect. Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions

White Paper. BD Assurity Linc Software Security. Overview

Hosted SharePoint: Questions every provider should answer

Chapter 5. Data Communication And Internet Technology

A Combat Support Agency

Network Configuration Settings

Delphi 2015 SP1-AP1 System Requirements

A Systems Approach to HVAC Contractor Security

Objectif. Participant. Prérequis. Remarque. Programme. Windows 7, Enterprise Desktop Support Technician (seven)

Best Practices For Department Server and Enterprise System Checklist

GPRS / 3G Services: VPN solutions supported

Polycom. RealPresence Ready Firewall Traversal Tips

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

Cornerstones of Security

Second Line of Defense Virtual Private Network Guidance for Deployed and New CAS Systems

Introduction. Technology background

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון טל' פקס בשיתוף עם מכללת הנגב ע"ש ספיר

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

BlackRidge Technology Transport Access Control: Overview

MSP Service Matrix. Servers

Customer Service Description Next Generation Network Firewall

Local Session Controller: Cisco s Solution for the U.S. Department of Defense Network of the Future

SpiderCloud E-RAN Security Overview

CISCO IOS NETWORK SECURITY (IINS)

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

CradleCare Support Agreement The Peace of Mind Plan

How to access peers with different VPN through IPSec. Tunnel

APPENDIX 8 TO SCHEDULE 3.3

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

Unified Threat Management, Managed Security, and the Cloud Services Model

VPN. VPN For BIPAC 741/743GE

IOS NAT Load Balancing for Two ISP Connections

Table of Contents. Introduction

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

SonicWALL Check Point Firewall-1 VPN Interoperability

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0

Transcription:

Understanding a Networked Laboratory Jeff Shockley Roche Diagnostics 17 May 2011 page 1 2011 Roche

Understanding a Networked Laboratory Objectives Understand the key functional benefits realized by a networked laboratory Understand the B2B Gateway implementation that allowed WAMC to achieve these benefits Understand how to implement the B2B Gateway in your laboratory 17 May 2011 page 2 2011 Roche

Understanding a Networked Laboratory History Roche sells the cobas product line with features that require remote connectivity to Roche, such as automatic download. Remote connectivity for previous installations of Roche Hitachi analyzers was more of a nice to have rather than a requirement for effective operation. In DoD network, medical devices are treated like any other IT system with requirements for patching, anti-virus protection and security hardening or appropriate risk mitigation. 17 May 2011 page 3 2011 Roche

Understanding a Networked Laboratory Benefits Remote Help Desk Session Screen sharing from Roche workstation to instrument Attended session usually in response to user s reported problems Allows Roche to remotely take control of instrument to perform troubleshooting, calibrations, diagnostic procedures, and performance monitoring resulting in the potential for quicker resolution of issues. Data download for e-library Download of instrument parameters, chemistry lot data of reagent / calibrators / controls Download of software patches / upgrades Download of Human Readable Data (electronic Package Insert) Data upload for monitoring On-line Monitoring of Instruments Performance Evaluation Data Delivery to Instruments (e.g. test application setups) 17 May 2011 page 4 2011 Roche

Understanding a Networked Laboratory B2B Gateway Overview Provides authorized MHS Business Partners secure access to DoD Network Connects MHS information systems on Defense Information System Network (DISN) infrastructure and MHS Business Partners on commercial infrastructure in support of DoD healthcare mission Complies with DISN policy Provides support for non-web based applications Supports secure e-commerce for client/server and system-to-system interfaces Enterprise solution Not intended to provide a Secure Remote Access solution for individuals 17 May 2011 page 5 2011 Roche

Understanding a Networked Laboratory B2B Gateway Overview MHS Business Partner DISA MCiS VPN Team.Mil Location Montgomery/Columbus ` Procurement of VPN and Internet Service Provider. Manages their LAN Manages VPNs at MHS Business Partner location, DISA DECC Montgomery and Columbus Manages MHS VPN domain. VPNs between DISA Columbus and the.mil location Manages their LAN 17 May 2011 page 6 2011 Roche

Understanding a Networked Laboratory B2B Gateway - Security Features Controlled access to the Non-classified Internet Protocol Router Network (NIPRNet) Encryption Triple Data Encryption Standard (3DES) Internet Protocol Security (IPSec) VPN Contractor site to gateway Gateway to DoD destination Traffic/transaction inspection Address translation simplifies DoD traffic filtering User authentication to the Gateway Audit capability 17 May 2011 page 7 2011 Roche

B2B Gateway Implementation Roche teams with Womack Army Medical Center to become first IVD manufacturer approved for remote network connectivity with DoD via B2B Gateway. The B2B approval process is quite rigorous because of our strict security protocols, but the benefits are well worth the effort. Having remote access to the analyzers will enable Roche to identify and resolve potential issues faster, and for us it will eliminate the need for a lot of our manual data entry, which can help us save time and reduce the potential for error. - LTC Linda Guthrie, Former WAMC laboratory manager 17 May 2011 page 8 2011 Roche

B2B Gateway Implementation Stakeholders - DoD TMA Falls Church Joint Medical Information Systems Program Office (JMIS) Defense Health Information Management System Defense Health Services Systems (DHSS) Military Health System Cyberinfrastructure Services (MCiS) -Formerly Tri-Service Infrastructure Management Program Office (TIMPO) Information Assurance (IA) Program Office Military Medical Departments/MTF Defense Information System Agency (DISA) Commercial Partners i.e. Roche 17 May 2011 page 9 2011 Roche

B2B Gateway Implementation Stakeholders Vendor perspective Strong Gov t Sponsor Commitment Strong Vendor Commitment Project Management Application Engineers Network Administration Security Management Legal Human Resources Instrumentation SMEs Call Center / Service 17 May 2011 page 10 2011 Roche

B2B Gateway Implementation High Level Requirements B2B Gateway Questionnaire Approved by DISA / MCiS 17 May 2011 page 11 2011 Roche

B2B Gateway Implementation Contract / SOW Fairly Straightforward Contractor responsible for their VPN Hardware & ISP access Background Checks for all resources accessing systems 17 May 2011 page 12 2011 Roche

B2B Gateway Implementation CON / DIACAP Sub-requirement for B2B Gateway Requirement may be different per site or branch CON vs DIACAP Proposed Mitigations SME Analysis (ports, protocols, restrictions) 17 May 2011 page 13 2011 Roche

B2B Gateway Implementation Vendor Personnel Security Process Establish POC in Security Office Business Partner (BP) employee completes DD85P (Works directly with security office) BP employee provides finger prints to security officer on DoD supplied cards / IA Training Certificate Security officer submits package to OPM BP employee completes DD2875 System Authorization Access Request (SAAR) Annual Information Assurance Training (Recurring) 17 May 2011 page 14 2011 Roche

B2B Gateway Implementation Vendor Personnel Security - Considerations Phased / Batch Approach US Citizens vs. non-us Citizens Annual Security Awareness Training 17 May 2011 page 15 2011 Roche

B2B Gateway Implementation Overall Process 1. B2B Kickoff 2. Vendor completes B2B Questionnaire Submitted to WAMC System Performance Requirements VPN Implementation form Network Infrastructure diagrams Vendor IP adresses / port usage CON/DIACAP & Vendor Security (in parallel) 3. WAMC reviews/updates B2B Questionnaire Submitted to MCiS POC Information Local IP Addresses 4. VPN Device Procured & Shipped to DISA for configuration 5. VPN Device Returned & Installed 6. Front-end Connectivity Testing (Between DISA and Roche) 7. End-to-End Testing (brings MTF into testing) 8. Site Live 12/15/2010 17 May 2011 page 16 2011 Roche

B2B Gateway Implementation Going Forward Setting the Foundation Contract modification (may be required at each site) CON / DIACAP (may be required at each site) Vendor Personnel Security (typically no changes/ possible adds) B2B Gateway Documentation (minor modifications) IP addresses change to new site.mil POC information updated Government sponsor name update 17 May 2011 page 17 2011 Roche

MCiS Point of Contact Christopher McDonald KSJ & Associates, Contractor Program Management Support Military Health System Cyberinfrastructure Services (MCiS) 5205 Leesburg Pike, Suite 1301 Falls Church, VA 22041 703-399-2276 Fax: x2260 Christopher.McDonald.ctr@tma.osd.mil 17 May 2011 page 18 2011 Roche

Questions?

Thank you for your attention. Roche Diagnostics 9115 Hague Rd Indianapolis, IN USA COBAS and LIFE NEEDS ANSWERS are trademarks of Roche This presentation is our intellectual property. Without our written consent, it shall neither be copied in any manner, nor used for manufacturing, nor communicated to third parties. 17 May 2011 page 20 2011 Roche

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information