ad info
   personal technology

 Headline News brief
 news quiz
 daily almanac

 video archive
 multimedia showcase
 more services

Subscribe to one of our news e-mail lists.
Enter your address:
Get a free e-mail account

 message boards

CNN Websites
 En Español
 Em Português


Networks image
 more networks

 ad info



Network World Fusion

Secure extranet is just what the doctor ordered

January 14, 2000
Web posted at: 12:01 p.m. EST (1701 GMT)

by Ellen Messmer

(IDG) -- The National Board of Medical Examiners (NBME), whose job is to accredit physicians in the U.S., has set up an extranet to provide online access to doctors' test scores and other data.

Medical schools, state medical licensing authorities, hospitals and other organizations need to know how medical students have scored on the tough exams given by the NBME, which also keeps track of whether or not physicians are in good standing.

The NBME decided it could disseminate such information much more quickly over the Web than it could via paper. The NBME's main challenge was finding a way to really be sure of the online user's identity and restrict access to the appropriate information, all housed in an Oracle database.

  Protecting medical records online
  Most hacks are inside jobs
  You've been hacked! Now, what?'s network operating systems page
  Reviews & in-depth info at
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

"Once we decided to use the Web, we needed to have a good way to qualify users online to make sure they are who they say they are," says Steve Lopez, the NBME's director of IT. Simple passwords and IDs, used over and over again, were seen as inadequate because they can easily be compromised through sharing with others, he says.

The better answer for the extranet, Lopez says, was what security experts call "two-factor authentication" - which means generating a one-time password through a software or hardware token given to the user along with a unique PIN number.

Because the NBME was satisfied with the Raptor firewall from Axent Technologies it has been using for a long time, Lopez last year looked at adding two other Axent products - the SecureLink Bridge Server and WebDefender. These two products work inside the intranet to provide the remote user with single sign-on to Web pages.

The Unix-based SecureLink Bridge Server acts as a proxy to the firewall for the remote user - in this case, an individual at a medical school or other organization who wants to obtain physicians' records. The outsider has to prove his identity over the Web by entering a one-time password created by the WebDefender software token issued by the NBME.

The bridge server passes this identity authentication request to the WebDefender server, and if the remote user's identity checks out, WebDefender issues a software ticket. The ticket grants restricted access to a Web application server.

"We have about 130 outside people from medical schools using this to get test-score information from the NBME," says Lopez, who notes the system has been in place since the fall.

The NBME's IT staff made sure to keep the organization's business divisions fully informed about the extranet project to encourage future use of the technology.

The next extranet application under way at the NBME will give college professors a way to discuss testing online rather than in person.

Conflict surrounds IP Security standard
January 4, 2000
Known vulnerabilities are No. 1 hack exploit
December 17, 1999

Protecting medical records online
Firewalls for wherever you go
Arm yourself with security alerts from vendors and industry groups
Password shuffle is inconvenient, causes security problems
Rethinking critical infrastructure security
White-hat hacking: Separating the hype from the reality
Perl scripts can help batten down your Internet hatches
How hackers cover their tracks
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

National Board of Medical Examiners
American Medical Association
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.