Firewall Wizards mailing list archives
Re: Secure site for medics
From: Adam Shostack <adam () homeport org>
Date: Mon, 7 Dec 1998 08:59:51 -0500
Be sure to get the proceedings of the first conference on Personal Medical Information, edited by Ross Anderson. There are a *lot* of issues in handling medical data, many of the best thinkers on the subject have papers in this volume. I suspect that you will find a firewall is not what you need, but I don't know if there is a mailing list that covers medical security. Adam On Fri, Dec 04, 1998 at 02:01:23PM +0000, Alex Melichar wrote: | | Hi, | | I've been asked to come up with a recomendation for a secure medics | site. I'm posting in the hope someone can point out major holes in my | thoughts. Thanks in advance. | | The aim of the proposal is to have a database that contains sensitive | patient data. This database is to be accessed by about 30-50 users | (maybe more later) - all non-literate users (please think of users who | ask what icons are. I'm meaning to deride them just that the solution | has to be transaparent and secure). Their are several different | locations they will be accessing the database from but will have | Window (95 or NT) machines. The last part is the hardest: The | administrator will have who printed what. | | So how does one provide a secure server? My thoughts are. Use Caldera | Linux (comes with Sybase SQL server). Get Apache, get the SSLeay | modules and use the server as a web server. As the UK has no | restrictions on key size we can use 128 bit (thereby making it secure | for sometime, important for patient data). Make the whole weeb site | user-authorisation access only. To solve the print problem use a | non-print friendly html page when information is asked for (say a | patients records) and have print friendly pages where prescriptions | can be printed from (given that people log in a list of who asked for | what pritn page can be compiled). | | Where is this solution weak (in terms of how can patient data be | accessed by unathorised users - this server will be left in a lecked | location so i'd prefer answers of how someone can get at it from the | outside not the inside)? | | Personal thoughts: | | Given that the server will only be a web server (no mail, no ftp, | etc.) and nothing else, i can't see any immediate holes. Also there | will be only a very small turnover of users and as this is patient | data, human engineering is unlikely to work (doctors are used to | junkies asking for free prescription pads etc). As access will be | using only SSL (v3?) i can't see leaks when data is going over the | net. Essentially i think this will work. However i have this feeling | of "I'm missing something *huge*". | | As this is a firewall mailing list, something more on topic: What | firewall protection do need to implement? I hope that i don't need to | as i'll only allow ssl connections....If i need to can it done cheaply | and what do people suggest? | | Thanks in advance. | | Alex | ------------------------------------------------------------- -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- Secure site for medics Alex Melichar (Dec 04)
- Re: Secure site for medics Bennett Todd (Dec 07)
- Re: Secure site for medics Steve George (Dec 07)
- RE: Secure site for medics Shawn Stevens (Dec 08)
- Re: Secure site for medics Adam Shostack (Dec 07)
- Re: Secure site for medics Kent Hoxsey (Dec 07)
- <Possible follow-ups>
- RE: Secure site for medics Alex Melichar (Dec 07)
- RE: Secure site for medics James D. Wilson (Dec 07)