Best posts made by beta

@Grey said in Is texting of pictures HIPAA compliant?:

@beta https://www.wrcbtv.com/story/41974356/hipaa-and-texting-is-sending-a-message-compliant

Thanks. So I think basically you and Scott are in agreement with MY particular situation, no? This would not be advisable and I should look for another way to have the documents sent to us. Or at the very least, it looks like we can inform the client that texting is not a secure form of communication, but if they want to do it they can? I have a feeling a lot of clients honestly wouldn't mind.

@dafyre Oh hi! I feel like I've found the secret club LOL xD

@scottalanmiller yes I just joined xD

Hey folks, I posted over at SW, thought I might as well post here too.

I've got an unforeseen $15k or so (maybe a little more) from an unexpected grant that we need to spend on IT before the end of the year. I think it would be wise to invest towards our network and security. One of my biggest annoyances with our current environment is I really don't have a lot of visibility into our network traffic. I was thinking of investing in a new firewall appliance that can do layer 7 inspection and would also be a UTM with IDS/IPS built-in.

My current environment has an ASA 5512-x at the perimeter with a separate interface for a DMZ segment that hosts a web server used by our business partners. Behind another interface of the ASA is our Cisco 2901 router which routes our internal VLANs (data, voice, telemetry, etc.). Our switches our Cisco 2960 switches. The ASA is configured to block most incoming traffic except a few select ports and I have outbound ports restricted as well to common services like HTTP/S, NTP, DNS, etc. Of course we employ antivirus and antimalware to each endpoint on the corporate LAN. We also use SRP whitelisting and follow best practices of not allowing users administrator rights.

I believe I can buy Firepower services to add to our ASA, but I wasn't sure how well this work as I know Cisco bought Sourcefire and kinda cobbled them together on their ASA platform. Also the 5512-x is already end of sale so I thought maybe it would be a good time to just upgrade the whole box.

We have about 90 users/computers at HQ and 3 users/computers at 2 branch sites we have connected via VPN. Internet pipe at HQ is 50/50.

I think my second priority would be some kind of SIEM to centralize logging and easily correlate events, but I think I should probably start with looking at some UTM or IDS/IPS first? Any thoughts on what you would look at in a similar situation or what you would recommend?

Hello everyone,

As the title mentions, I'm a one man IT shop for a nonprofit with about 100 users (120 or so workstations) and am looking at continuity options to help out when I'm on vacation/sick/need extra help etc.

I'm thinking about looking at a MSP for additional help and was just wondering if this is something MSPs typically do, this "fill the gap" type of support when primary IT is unavailable. I'm concerned I've got my environment setup in a specific way using Veeam for backups/replication and even an AWS site for DR purposes. Will an MSP work with my existing technologies or are they going to want to come in and use their backup product for example?

Also, I'm wondering is it worth it to create an RFP or should I just ring up some MSPs and tell them what I'm looking for and craft a quote based on our conversations?

Really I'm just looking for any advice that can help me to actually step away from work at times (when COVID permits) and not be super anxious that something is going to break down and I won't be available to fix it.