@Grey said in Is texting of pictures HIPAA compliant?:

@beta https://www.wrcbtv.com/story/41974356/hipaa-and-texting-is-sending-a-message-compliant

Thanks. So I think basically you and Scott are in agreement with MY particular situation, no? This would not be advisable and I should look for another way to have the documents sent to us. Or at the very least, it looks like we can inform the client that texting is not a secure form of communication, but if they want to do it they can? I have a feeling a lot of clients honestly wouldn't mind.

@dafyre Oh hi! I feel like I've found the secret club LOL xD

@scottalanmiller yes I just joined xD

Hey folks, I posted over at SW, thought I might as well post here too.

I've got an unforeseen $15k or so (maybe a little more) from an unexpected grant that we need to spend on IT before the end of the year. I think it would be wise to invest towards our network and security. One of my biggest annoyances with our current environment is I really don't have a lot of visibility into our network traffic. I was thinking of investing in a new firewall appliance that can do layer 7 inspection and would also be a UTM with IDS/IPS built-in.

My current environment has an ASA 5512-x at the perimeter with a separate interface for a DMZ segment that hosts a web server used by our business partners. Behind another interface of the ASA is our Cisco 2901 router which routes our internal VLANs (data, voice, telemetry, etc.). Our switches our Cisco 2960 switches. The ASA is configured to block most incoming traffic except a few select ports and I have outbound ports restricted as well to common services like HTTP/S, NTP, DNS, etc. Of course we employ antivirus and antimalware to each endpoint on the corporate LAN. We also use SRP whitelisting and follow best practices of not allowing users administrator rights.

I believe I can buy Firepower services to add to our ASA, but I wasn't sure how well this work as I know Cisco bought Sourcefire and kinda cobbled them together on their ASA platform. Also the 5512-x is already end of sale so I thought maybe it would be a good time to just upgrade the whole box.

We have about 90 users/computers at HQ and 3 users/computers at 2 branch sites we have connected via VPN. Internet pipe at HQ is 50/50.

I think my second priority would be some kind of SIEM to centralize logging and easily correlate events, but I think I should probably start with looking at some UTM or IDS/IPS first? Any thoughts on what you would look at in a similar situation or what you would recommend?

Hello everyone,

As the title mentions, I'm a one man IT shop for a nonprofit with about 100 users (120 or so workstations) and am looking at continuity options to help out when I'm on vacation/sick/need extra help etc.

I'm thinking about looking at a MSP for additional help and was just wondering if this is something MSPs typically do, this "fill the gap" type of support when primary IT is unavailable. I'm concerned I've got my environment setup in a specific way using Veeam for backups/replication and even an AWS site for DR purposes. Will an MSP work with my existing technologies or are they going to want to come in and use their backup product for example?

Also, I'm wondering is it worth it to create an RFP or should I just ring up some MSPs and tell them what I'm looking for and craft a quote based on our conversations?

Really I'm just looking for any advice that can help me to actually step away from work at times (when COVID permits) and not be super anxious that something is going to break down and I won't be available to fix it.

Hey all,

Yea, so it's been a while since I bought a new server for our company but the time is coming

I need to replace a 10 year old Dell PowerEdge that was bought new direct from Dell at the time. I know xByte used to get a lot of love on various forums, but like I said, I haven't had to purchase server gear in a while so I just wanted to check in with you all to see if they are still recommended for quality gear? I know some companies change for the worse, just hoping that is not the case with xByte.

And not related to xByte, but might as well ask here, my new server is going to be used to store Veeam backups which means I'm looking at needing a decent amount of storage. I was going to put 8 14TB drives (Dell drives bought with the server through xByte if I go that route) in RAID 6 for 84TB raw storage. Is that size array unwise for RAID 6?

Thanks all!

I need a small managed switch (absolute minimum 8 ports, but preferably a little more for just in case) with POE that can do VLANs and is reliable.

This if for a small branch office with 3 people max and they have no IT closet so it will be sitting on a shelf in the manager's office, so preferably something not too noisy either.

I know Ubiquity seemed to be pretty heavily recommended around here, but I can never remember what line of products I should be looking at for their switches.

Thanks!

@scottalanmiller said

It's always array size, never drive size, that matters primarily.

Just so I make sure I understand, array size meaning total TB or total number of disks?

@dustinb3403 Well I looked up Dell drives and the 3.84 SATA read-intensive drives are going for ~$1800 a piece (before any discounting).

@pete-s How much are two 3.84TB enterprise SSDs going to cost me again?

@dashrender Based on what I've seen re:IOPS usage of my current VMs I believe it will.

I guess my other concern with RAID 6 in this case is if the array is getting too big? The individual disks themselves at 600GB I don't think are a problem, but 12 in a single array?

Hear me out...I have a Dell server that I use as a Veeam replication target. This host is used as a backup in case my primary server dies - I just turn on the replicas and run from it until primary host is repaired.

This backup host currently has OBR10 comprised of 10 600GB 10K SAS drives. I'm running up against storage capacity limitations and have ordered 2 additional 600GB disks to add to the array, but I was thinking while I am in the process of rebuilding this array, maybe I should change it from OBR10 to RAID 6? My concern is that while I am pretty sure the OBR10 will give me enough space to last until I schedule a complete replacement of the server, the margin will be very slim whereas the RAID 6 I'm sure will give me plenty of extra breathing room until the server is replaced.

Would this be crazy to do? Or should I just stick to OBR10? Thanks!

Hello everyone,

As the title mentions, I'm a one man IT shop for a nonprofit with about 100 users (120 or so workstations) and am looking at continuity options to help out when I'm on vacation/sick/need extra help etc.

I'm thinking about looking at a MSP for additional help and was just wondering if this is something MSPs typically do, this "fill the gap" type of support when primary IT is unavailable. I'm concerned I've got my environment setup in a specific way using Veeam for backups/replication and even an AWS site for DR purposes. Will an MSP work with my existing technologies or are they going to want to come in and use their backup product for example?

Also, I'm wondering is it worth it to create an RFP or should I just ring up some MSPs and tell them what I'm looking for and craft a quote based on our conversations?

Really I'm just looking for any advice that can help me to actually step away from work at times (when COVID permits) and not be super anxious that something is going to break down and I won't be available to fix it.

Hey everyone,

I hope it's OK if I x-post this as I'd like to get as many opinions as possible.

We are evaluating finally moving to O365 and I had a scenario in my mind I'm not quite sure how to address and wanted to see what others are doing or if I am worrying about this too much.

I have a group of users who need to follow HIPAA compliance. I'm concerned that by going to a cloud platform where users can access files/email from any device anywhere in the world, that they could accidentally download sensitive info to unsecured devices.

For example, if a user logs in to OWA from their home computer and opens an attachment, that attachment is downloaded to their local temp files which is technically now on an unencrypted hard drive right?

Or say a user logins in to their OneDrive and downloads a file with sensitive info to their home computer. You now have that data stored in an unsecure location right?

Are there ways to mitigate these risks that I should be taking? In practice do you do anything to mitigate these risks?

I've done a lot of searching and when I look at compliance issues related to HIPAA, folks seem to say E3 licenses are sufficient to cover your bases because you get some DLP features and email encryption, which I suppose is good to stop people from accidentally emailing sensitive info outside the org or for sharing files on OneDrive or Sharepoint outside the org, but what about the situations I described above? Am I being too paranoid? Should we just come up with a written policy that says users should not download files to their personal computer?

I raised this issue with the company we are looking at using for help with the migration and he mentioned a lot of orgs usually issue company equipment for this type of access. Which I agree is good to do, but I'm still concerned that a user would figure out they could sign in from their home device and open up files without them even knowing that those files are then stored locally on their unprotected machine. Also, it would be nice if people could work from home using the online versions of Office without us having to issue them company equipment during this whole worldwide pandemic thing.

Any feed back is appreciated. Thanks!

Do any of you have any experience with the Unifi APs in a warehouse environment? Don't know if it matters, but the detail I forgot to add is these will also be deployed in a 30k sq ft warehouse (might be bigger). I know the Ciscos we are using here are designed for "external" use with external antennas as well. I'm assuming the Ubiquity line has something similar?

Also, since someone mentioned NVRs earlier, instead of starting a new thread, I'm wondering what you all are using for camera systems. This new location is probably going to need 5-10 cameras. At HQ we use a Genetec system for CCTV/access control which is great and it would be nice to be able to tie that system into this new system, but that probably won't be possible due to bandwidth limitations so we'll probably have to put a local device at this new location.

Thanks for your help as always!