Manualshelf

Installation guide

ManualsBrandsCyberGuard ManualsComputer equipmentSG570
12345678910
6
Other security measures
Even with a firewall in place, you still need to take other security measures to protect your internal computer
systems, including:
arrangements to control people’s access to the computer system and the types of
information they access.
a means for uniquely identifying and authenticating each authorised user of the computer
system, such as a user ID and password, a smart card and PIN, or biometrics.
audit and monitoring tools to detect intrusion and other forms of misuse.
regular off-site backup of the system data for disaster recovery.
physical security to prevent after-hours access to facilities that house the computer system
and associated data storage media (CD, disks, etc).
arrangements for the proper erasure of patient data prior to disposing of obsolete computer
hardware and data storage media (i.e. complete data removal procedures).
virus scanning and SPAM filtering of incoming email.
encryption services, such as a Virtual Private Network (VPN), to protect communications with
other health systems and to allow GPs to securely access their practice systems from home,
when visiting patients, or when working from other health facilities.
For more information on practice computer security refer to the GPCG Computer Security Guidelines and
Checklist.
What if your ISP already provides a firewall?
Find out what your ISP offers
The quality and effectiveness of Internet Service Provider (ISP) firewall services varies from provider to
provider. Some ISPs offer firewall capabilities at their network gateway, which sits between the Internet and
your access service (referred to as a network firewall). Others offer firewall capabilities in the network
access device (router or modem) that is connected your LAN (referred to as a LAN firewall). In the case of
network firewalls, some ISPs may provide the same service, or ‘single ruleset’, for all customers. While this
may provide adequate network security it may also restrict your business if the ISP is inflexible about
modifying its rulebase to allow you to use non-standard application services. Other ISPs may have a very
‘open rule’ policy to accommodate all customer requirements, resulting in a lower network security regime,
which may not be adequate for your business.
If you are uncertain about the capabilities of your ISP’s firewall service, consider switching your service to
a provider that specialises in secure services. Some ISPs offer a Defence Signals Directorate (DSD)
approved firewall service that meets government standards, albeit at a higher cost.
For more information on Australian Government firewall standards refer to
www.dsd.gov.au/infosec/index.html.
Have several layers of firewalls
In line with the ‘defence in depth’ security principle, it is good practice to have multiple layers of firewall
capability at different points in your network. For example, you may wish to use:
the network firewall service at your ISP gateway.
a local LAN firewall.
firewall software on each computer connected to your LAN (personal firewalls).
Personal firewalls should always be considered for computers that are used away from the practice (e.g.
laptops), particularly if those computers have remote access into your LAN via wireless or dialup Internet
services.