Charles T Suitor MS, Presenter: Nothing to Disclose

Kevin William McEnery MD, Abstract Co-Author: Nothing to Disclose

Emil Patel BA, Abstract Co-Author: Nothing to Disclose

With the evolution of Picture Archive and Communication Systems (PACS) into filmless clinical enterprises, the all digital department is even more dependant upon a robust functioning network architecture. Imaging networks are not immune to external computer virus threats such as Blaster and Sobig viruses and Slammer and Netsky worms which have been estimated to result in billion of dollars of damages to private businesses. So called “blended” threat viruses, using email to allow a computer virus or worn to enter an otherwise secure network are becoming ever more common. Many companies seek to combat these viruses by ensuring that computers are secured with the latest software patches. However, imaging modalities and PACS workstations often lag in their ability to have the latest patch available as venders struggle to ensure the patch does not adversely affect the clinical functioning of the modality. In this context, we discuss a network security strategy which has allowed our network to efficiently function over the past four years without outages due to virus or worm attacks. The implemented security architecture involves an integrated approach to network security that includes multiple firewalls, modalities placed on non-accessible network segments, up-to-date virus definitions, and e-mail scanning not only for known virus threats but for any suspicious e-mail attachments. Finally, intrusion detection software completes the secure network environment. All threats are automatically addressed. As part of our security strategy we will discuss our policy to limit access to commercial email services (Hotmail, Yahoo, etc) which may not have the most recent virus updates but blocking attachments by blocking access to these email services to ensure that outside email cannot bypass central scanning. Finally, all faculty and staff computers which access the network are connected via Virtual Private Network (VPN) but only after ensuring that the connecting computer has the latest virus protection software and remote computer firewall protection activated.

-understand that simply patching computers as a main security focus is an inadequate means of providing robust network security -understand the benefits of tiered security architecture -appreciate the that non-scanned email poses an ever increasing threat to compromise computer networks

Suitor, C, McEnery, K, Patel, E, Beyond Patching: Implementation of Robust Security Architecture Supporting Diagnostic Imaging.  Radiological Society of North America 2004 Scientific Assembly and Annual Meeting, November 28 - December 3, 2004 ,Chicago IL. http://archive.rsna.org/2004/4415555.html