By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    physical health
    5 Ways Playing Games Can Improve Neural and Physical Health
    September 9, 2022
    Reasons For Hair Loss and Its Treatment
    Reasons For Hair Loss and Its Treatment
    February 16, 2022
    healthcare organization
    5 Actionable Strategies For Healthcare Organizations
    August 15, 2022
    Latest News
    7 Most Common Healthcare Accreditation Programs: Which Should You Use?
    August 20, 2025
    Hospital Pest Control and the Fight Against Superbugs
    August 20, 2025
    Hygiene Beyond The Clinic: Attention To Overlooked Non-Clinical Spaces
    August 13, 2025
    5 Steps to a Promising Career as a Healthcare Administrator
    August 3, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Almost Anybody Qualifies for Medicaid in Maine
    November 23, 2012
    ebola and EHR
    Ebola: Are We Relying on EHR to Tell the Story?
    October 24, 2014
    Caitlin Kelly
    How Would You Fix Healthcare? – Question and Answers.
    January 16, 2013
    Latest News
    How Social Security Disability Shapes Access to Care and Everyday Health
    August 22, 2025
    How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
    August 22, 2025
    How One Fall Can Lead to a Long Road of Medical Complications
    August 22, 2025
    How IT and Marketing Teams Can Collaborate to Protect Patient Trust
    July 17, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: How Secure are Your Systems?
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > How Secure are Your Systems?
eHealth

How Secure are Your Systems?

ShahidShah
ShahidShah
Share
5 Min Read
SHARE

I spend a lot of time talking with CEOs, CIOs, and other senior executives about what HIPAA security and HITECH privacy policies really mean. I hear a lot of naive talk about how systems are secure because “we use SSL encryption” or “we’re secure because we have a firewall”. Anybody who’s been security and privacy work for more than a few months would know how false those statements are. Security (whether it’s for HIPAA, HITECH, or banks) starts with secure operating systems, databases, and other infrastructure elements like proxies and firewalls and the depth of security is really controlled by system admins. Your systems are only as secure as the servers and firewalls they are sitting on so you have to ask yourself: “what have my system admins and security people done to secure my infrastructure?”. Let’s start with a relatively simple question that all CIOs should know the answer to — who has access to root permissions on UNIX / Linux server or “Administration” role in a Windows server across the enterprise? If you don’t have an easy answer to that, then no amount of paper policy will make you HIPAA compliant. All servers require a super user or privileged account to do some of the most important activities like installing applications, creating file systems, and other mundane but important and sometimes dangerous tasks. If you have a policy of sharing a single account (like root in Linux or “Administrator” in Windows) you’ve got serious security flaws. These days proxies and firewalls are often Linux servers as well so your policies about root access are even more important. One thing security professionals like me suggest is to never allow root logins (or Administrator logins). Instead, use security wrapping tools and policy enforcement where a person logs in using their own credentials and then can do specific actions which are logged thoroughly. Windows Server 2008 on up has this policy-style security built-in but on Linux/UNIX you should make sure that you use sudo. This past week we saw the release of Sudo 1.8, an important upgrade which brings pluggable policies to this venerable security utility. Here’s a snippet from the announcements at ServerWatch.com:

This weekend at SCALE, Todd Miller introduced Sudo 1.8, a major update that brings “enterprise” features to Sudo that put it on par with proprietary alternatives. We’re all familiar with the venerable utility Sudo, but its feature set hasn’t kept up with what many companies want for root access control. Specifically, Sudo has lacked support for policy plugins and advanced logging features. There have been a number of proprietary tools that either replace or enhance Sudo for root access control (RAC). But who wants to have to buy an add-on if you can get the features you need as part of the native toolset that comes with your *nix? Sudo 1.8 brings a plugin architecture, with two major types of plugins: policy and I/O logging plugins. The policy plugins are designed to control who can do what on the system. You’re probably used to controlling Sudo via the /etc/sudoers. If this works for you, nothing changes. You’ll still be able to use visudo to edit the file and add users, and set policies the way you always have. Otherwise, it’s now possible to write new policies to comply with things like SOX and HIPAA, or tie Sudo into Active Directory for companies that have standardized on that. Sudo will accept only one policy plugin at a time. The I/O plugins control logging of sessions that take place using Sudo. Sudo has had a “replay” command since 1.7.3, but this release brings much more functionality. Unlike the policy plugin, Sudo can support multiple plugins for I/O, so you could use different I/O policies depending on which users are running Sudo (for example). You can now not only see what commands have been run with Sudo, but also actually replay a session in its entirety if need be (and if you want to log that much).

TAGGED:HIT
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

engineer fitting prosthetic arm
How Social Security Disability Shapes Access to Care and Everyday Health
Health care
August 20, 2025
a woman explaining the document
How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
Public Health
August 20, 2025
physiotherapist at work
How One Fall Can Lead to a Long Road of Medical Complications
Health care
August 20, 2025
Common Healthcare Accreditation Programs
7 Most Common Healthcare Accreditation Programs: Which Should You Use?
Health News
August 20, 2025

You Might also Like

the doctor will skype you now telemedicine
Medical InnovationsNewsPublic HealthRemote DiagnosticsSocial Media

The Doctor will SKYPE You Now

March 14, 2012

Use Self-Publishing to Promote Your Brand

September 30, 2014

What Every Doctor & Administrator Should Know About a Physician’s Reputation:

July 30, 2012

Microsoft Data Center Video Tour–Where HealthVault and Other Cloud Services Are Stored And Deployed

August 1, 2011
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?