By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    stress disorder
    5 Ways To Manage Post-Traumatic Stress Disorder
    October 27, 2021
    Medical device classification and development strategies
    Medical device classification and development strategies
    April 5, 2023
    varicose veins
    Varicose Veins Prevention: 3 Lifestyle Changes to Make Right Now
    May 1, 2022
    Latest News
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
    The Wide-Ranging Benefits of Magnesium Supplements
    June 11, 2025
    The Best Home Remedies for Migraines
    June 5, 2025
    The Hidden Impact Of Stress On Your Body’s Alignment And Balance
    May 22, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Is Your Health Organization Prepared for Accountable Care?
    December 18, 2013
    CMS penalties
    CMS to Begin Implementing Payment Penalties Tied to Patient Outcomes
    July 16, 2014
    Call to Action: America’s Health Rankings Senior Report
    May 20, 2015
    Latest News
    When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
    June 20, 2025
    Preventing Contamination In Healthcare Facilities Starts With Hygiene
    June 15, 2025
    Strengthening Healthcare Systems Through Clinical and Administrative Career Development
    June 13, 2025
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: How Secure are Your Systems?
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > How Secure are Your Systems?
eHealth

How Secure are Your Systems?

ShahidShah
Last updated: August 24, 2017 5:18 pm
ShahidShah
Share
5 Min Read
SHARE

I spend a lot of time talking with CEOs, CIOs, and other senior executives about what HIPAA security and HITECH privacy policies really mean. I hear a lot of naive talk about how systems are secure because “we use SSL encryption” or “we’re secure because we have a firewall”. Anybody who’s been security and privacy work for more than a few months would know how false those statements are. Security (whether it’s for HIPAA, HITECH, or banks) starts with secure operating systems, databases, and other infrastructure elements like proxies and firewalls and the depth of security is really controlled by system admins. Your systems are only as secure as the servers and firewalls they are sitting on so you have to ask yourself: “what have my system admins and security people done to secure my infrastructure?”. Let’s start with a relatively simple question that all CIOs should know the answer to — who has access to root permissions on UNIX / Linux server or “Administration” role in a Windows server across the enterprise? If you don’t have an easy answer to that, then no amount of paper policy will make you HIPAA compliant. All servers require a super user or privileged account to do some of the most important activities like installing applications, creating file systems, and other mundane but important and sometimes dangerous tasks. If you have a policy of sharing a single account (like root in Linux or “Administrator” in Windows) you’ve got serious security flaws. These days proxies and firewalls are often Linux servers as well so your policies about root access are even more important. One thing security professionals like me suggest is to never allow root logins (or Administrator logins). Instead, use security wrapping tools and policy enforcement where a person logs in using their own credentials and then can do specific actions which are logged thoroughly. Windows Server 2008 on up has this policy-style security built-in but on Linux/UNIX you should make sure that you use sudo. This past week we saw the release of Sudo 1.8, an important upgrade which brings pluggable policies to this venerable security utility. Here’s a snippet from the announcements at ServerWatch.com:

This weekend at SCALE, Todd Miller introduced Sudo 1.8, a major update that brings “enterprise” features to Sudo that put it on par with proprietary alternatives. We’re all familiar with the venerable utility Sudo, but its feature set hasn’t kept up with what many companies want for root access control. Specifically, Sudo has lacked support for policy plugins and advanced logging features. There have been a number of proprietary tools that either replace or enhance Sudo for root access control (RAC). But who wants to have to buy an add-on if you can get the features you need as part of the native toolset that comes with your *nix? Sudo 1.8 brings a plugin architecture, with two major types of plugins: policy and I/O logging plugins. The policy plugins are designed to control who can do what on the system. You’re probably used to controlling Sudo via the /etc/sudoers. If this works for you, nothing changes. You’ll still be able to use visudo to edit the file and add users, and set policies the way you always have. Otherwise, it’s now possible to write new policies to comply with things like SOX and HIPAA, or tie Sudo into Active Directory for companies that have standardized on that. Sudo will accept only one policy plugin at a time. The I/O plugins control logging of sessions that take place using Sudo. Sudo has had a “replay” command since 1.7.3, but this release brings much more functionality. Unlike the policy plugin, Sudo can support multiple plugins for I/O, so you could use different I/O policies depending on which users are running Sudo (for example). You can now not only see what commands have been run with Sudo, but also actually replay a session in its entirety if need be (and if you want to log that much).

TAGGED:HIT
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

recovering from injury
Rebuilding After Injury: Path to Physical and Emotional Recovery
News
June 22, 2025
scientist using microscope
When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
Global Healthcare
June 18, 2025
How Therapy Can Improve Your Mental Health and Daily Life
How Therapy Can Improve Your Mental Health and Daily Life
Mental Health
June 18, 2025
healthcare facilities
Preventing Contamination In Healthcare Facilities Starts With Hygiene
Global Healthcare Infographics
June 15, 2025

You Might also Like

Beware of Mobile Health Apps Making False Claims

November 21, 2012

Medscape Releases an Analysis of EHR Use by Physicians

September 14, 2012

Digital Health 2013: Innovating Partnerships for Better Care

January 13, 2013
ZDoggMD
Hospital AdministrationPublic HealthSocial Media

Truth From Comedy: ZDogg Does for Medicine What Late Night Is Doing for Politics

October 12, 2017
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?