We have helped many pass HIPPA, CISP etc...(for more on that below).
Fiber Internet Center has many HIPPA, VISA, Mastercard customers on our network. All Apps related to confidential data must secured. By secure it must be securely encrypted. The data cable that leaves all office space and colo racks is the open Internet.
This is commonly called the WAN cable is is connected to your router's WAN side. HIPPA would not allow any part of your LAN to be located outside your office or colo rack space. Once a packet leaves your local LAN (Local Area Network) and is switched through your router to travel out the WAN (Internet) connection, HIPPA requires encryption of all data they define as confidential.
The devices using apps related to HIPPA information must be secure within that environment. That is your LAN devices, Servers, Laptops on the LAN side (office or colo rack) need to be secure from theft as well as secure with application specific encryption for data related to HIPPA requirements. The reason this is required is that all Internet connections can be tapped.
A T1 line is considered the WAN (and a T1 can be tapped from the building phone closet or one of many street located phone wire boxes and telephone pole wires).
A Cable TV connection can be tapped from any cable TV outlet in a neighborhood path as all data is transmitted like radio waves on the cable.
Both are easy to tap - as all Internet WAN traffic is to be considered easy to tap. Remember, the WAN side is the Internet. For this reason, the data that leaves on the WAN cable is always treated as the open Internet.
Meaning no HIPPA defined data must travel over the WAN cable without secure encryption.
A Fiber connection is more secure in that it is difficult to tap fiber without breaking street connections and our Network Operations Center (NOC) will notice. As this effects many customers when this happens. You must always encrypt information leaving your LAN even though the Fiber Internet Center's network is more secure in the following ways...
1. All customer traffic is secured by VLANs the same thing banks use to be sure traffic paths so they can not be sniffed easily when mixed in paths with other data. This prevents other customers from accessing your data before it hits a routing device as it begins hopping out to the Internet.
2. Only equipment that can log port down status are used in Fiber Internet Center's network. Meaning if you reboot or unplug your WAN cable from your office router we know it in the logs. If someone comes along and unplugs the WAN to try and tap your VLAN traffic, we logged the port event. In addition, your router device log should also have logged the event.
3. Since Fiber Internet Center proactively manages all customer circuits to the Internet, we monitor all Fiber Internet Center paths and routers every 2 mins. Alarms are generated and such an entry will appear in a log. We usually, tell the customer there is an issue before the customer notices.
4. If you get Internet services from us, we are not the average Internet provider. We auto block many CERT and Microsoft recommend logical ports at our peering and transit routers. We don't block many, but the highest recommended. Other providers charge for this because they want to charge you for the extra bandwidth usage of hackers. We do not as we know customers are less likely to be be hacked and abused. Many customers realize this is added value and we save them labor dollars. We have many customers forget about our blocks and have passed security tests as a result.
One particular security company that tests for Wells Fargo figured this out. They asked us to remove these so they can see if the customer remembered on to block at their router. We said unless the customer requests it it wont happen. We informed the customer. The customer called the security company and said two blocks are better than one and thats why they had been with us for more than 6 years. If their little router got flooded and let data slip by they at least knew some specific logical port data never reached their router.