Your employer already has your SSN. But yes, there are better ways of using challanges and secret keys, or what ever. --
RFC 1149 Compliant. ""Brian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > That is un friggingbelievable, I give my social to my bank and other > parties I have a financial arrangement with, thats it. There must be a > better way using keys, a challenge response or something like that. > > Bri > > On Wed, 27 Feb 2002, Chuck wrote: > > > don't even get me started on this. I work for an organization that uses > > employee SSN numbers for validation purposes in a lot of instances. So when > > I call the Help Desk to complain about e-mail ( an ongoing problem ) I am > > asked to provide my SSN to the folks there. In these days of rampant and > > easy identity theft, how smart is it to allow access to a large database of > > valid SSN's to practically everyone who asks? > > > > HIPAA??? isn't that on hold for review? You know, I was reading through > one > > of the drafts and I thought I saw something that floored me - the > regulators > > were stating that multiplexed links such as frame relay and ATM were > > considered unsecure because different organizations were "sharing" > circuits. > > The implication was that healthcare organizations would have to move to > > point to point technologies - most of which end up passing through ATM > > backbones anyway. Sheesh. > > > > Longer term I believe that security solutions will involve end to end > > encryption - server to host, on the LAN as well as the WAN, in addition to > > what is already done on VPN's. > > > > I always liked the HIPAA provision about management responsibility and > > management fines and jail time for failure to comply. Wish that were so in > a > > lot of other industries where I have worked. ;-> > > > > Chuck > > > > > > > > ""William Gragido"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > The only difference is that those organizations (physicians as well), > will > > > held accountable for violation of HIPPA and face fines and potentially > > jail > > > time :-( > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, February 27, 2002 12:30 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: Security Design - PIX or Whatever [7:36677] > > > > > > > > > Lets not forget politcal concerns when trying do a reasonable level of > > > security. I worked a healthcare provider and boy, you should have heard > > the > > > Docs squawk about passwords and pin codes for access to the primary > > > LAN/WAN... to the point that admin overruled the IS dept and special > > > *permission* not to use the security procedures... happens every day.. > > > > > > MikeS > > > ' Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36701&t=36677 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
