System Security Functions: Serious Threats and Possible Solutions

• Data in inappropriately disclosed or altered: inappropriate access to a "live" Registry client inherently brings potential for disclosure or alteration of data
  • Develop an information security policy that addresses these concerns, and includes descriptions of appropriate behavior and sanctions for inappropriate behavior.
  • Develop the Registry application security with security profiles to only allow a given user to access and/or modify data appropriate to his or her role in the organization.
  • Promote awareness and good behavior to reduce the occurrence of Registry applications being left unattended in clinical settings.
• An important local file is deleted: desktop computers at provider sites are the least controlled part of the architecture
  • Develop an information security policy that requires regular data backups and compliance to participate in the Program.
  • Purchase and install software (or hardware) to secure Program files on provider site desktops.
  • Encourage sites to install Program software on local file servers which are likely better maintained and backed-up than individual desktops.
• Attack on the server via the Internet
  • Restrict the number of network services that are co-existing with the database
  • Install the most secure version of the basic operating system as possible, and keep all security patches up-to-date.
  • Use one-time passwords
  • Install utilities that require frequent password changes, that enforce rules against easily-guessable passwords, and that scan the system for easily-guessable passwords.
  • Restrict access to the database server from certain network locations
  • Deploy a network firewall to best protect the server from attack.
• Inadequate System Administration: Unix and Oracle are powerful, yet difficult products to learn, master, and properly maintain.
  • Invest in necessary training for all systems staff.
  • Be sure necessary staff are cross-trained to provide sufficient backup for critical skills.
• Physical threats to server or network
  • Locate server in a secure machine room.
  • Provide upgraded environmental conditions wherever the server is located, including uninterrupted power supply, redundant network connections, and redundant systems in different locations.
  • Implement a proper backup procedure, including off-site storage of backup media, to facilitate recovery from a catastrophic failure or accident.
• Promiscuous monitoring of network traffic
  • Encrypt all data as it passes across the network.
  • Restrict database access from the public Internet by providing connectivity between the server and clients behind a firewall.
  • Restrict physical access to the subnet upon which the server is deployed.