A Secure Vendor Environment (SVE) was created to protect radiology modalities from network intrusion, worms, viruses, and other forms of damaging attacks. Many vendors do not attempt any form of network security and if an institution demands a non-standard and secure installation, a future system upgrade could and frequently does eliminate any security measures installed during the initial installation. The SVE isolates the vendor equipment behind a virtual firewall on a private network that is invisible to the outside world. All interactions must go though a device containing two network interface cards called an Application Processor that acts as a store-and forward router, performs DICOM repair, proxies modality worklist, and isolates the vendor modalities. A small VPN appliance can open the device temporarily for remote access by vendor engineers. Prior to the routine installation of the SVE, vendor equipment was often attacked by hostile network intruders and viruses or worms, sometimes rendering the equipment unusable until the vendor could reload the system. The resulted in considerable clinical downtime and loss of revenue. Since the relatively low cost SVE solution has routinely been installed with all new equipment, no intrusions have occurred, although our network sniffers and intrusion detectors indicate that we are constantly being scanned for vulnerability.
Purpose: To provide a secure network for vendor equipment in a PACS environment while allowing vendor access for upgrades and system repairs.
Method: The network administrators at our university believe that network security should be implemented at the machine level rather than relying on a firewall. A firewall solution could conceivably block unwanted intrusion from outside the university network, but would still allow literally thousands of potential network users to get through to the PACS network. All the PACS archive, display and routing systems are individually protected from intrusion, but vendors of image producing modalities such as CT, MRI, and CR typically do not protect their equipment from network intrusion. Most vendors use the same user-ids and passwords for their service and administrative accounts which makes it easy for them to get to their systems for remote repairs and upgrades, but also makes it easy for hackers and other unwelcome intruders to gain access.
We use a device with two network interface cards to isolate the vendor network from the main PACS / university / hospital network. This device is a store and forward PACS routing device, a DICOM repair device, a modality worklist proxy device, and a de-facto firewall. This device is named an Application Processor (AP). In addition, a small virtual private network (VPN) device is placed on the system that can be controlled only by the PACS administration. If a vendor engineer needs remote access to upgrade or service the equipment, a temporary connection is enabled for only the computer the engineer is using at the time, then is closed when he/she has completed their work.
Results: The secure vendor environment (SVE) consists of a computer and a VPN appliance and costs approximately $2,000 USD to build. With software, the total system costs approximately $2800 - $3500. The SVE is typically deployed as part of every equipment installation. Since the SVE has been used, we have had no intrusion and no downtime due to hackers, viruses, worms, etc. This is now a part of every project plan for equipment that will become part of the PACS.
New work: The SVE is a unique and new work by our group, developed as a solution totally within our group.
Conclusions: Our results have convinced our administration that this small cost to protect vendor equipment is well worth the investment. Prior to developing this solution, there were numerous occasions where intruders invaded our equipment and rendered it unusable until the software could be reloaded, sometimes resulting in the loss of a day or more of clinical use.