On Thursday 21 September 2006 09:00, Andrew Cameron wrote: > > If you actively participate on the net, you will have two way > > network traffic. > > Even if you don't have any ports open, you can get hacked - > > As you have found out using your'e so secure linux boxes. > Now was that an inherent vuneribility or Bad management ? :)
That was a server hosting exclusively open source projects, with multiple people having remote access and software installation privileges, where somebody exploited a vulnerability in a wiki program that allowed the intruder to install file sharing software in the /temp directory. This intrusion was detected quickly, and now the /temp directory is set to non-executable (meaning you still can copy files onto that directory, but you cannot execute any programs on that directory) so that the same exploit cannot happen again in the future In a practice you never would allow remote users to create themselves a user account (as is necessary for such open wiki) without vetting the user first You can't have a car accident without driving in one, and you can't have web accidents without interacting on the web. I see great benefits in web interaction, so I have to minimize the risks but accept that they will never be zero. In the future, I plan to offer web services to patients *neccessarily* from within the practice network (eg realtime online appointments as opposed to the system we currently have where the receptionist still has to ring back to confirm, realtime access to the patient's own record at the discretion of the patient (as opposed to currently being able to request an online health summary) etc. So I have to gain experience in the possible exploits, and once we go live, monitoring will be constant. I'll probably install a "security dashboard" on my own computer (or whoever administers our practice network at that time) where the logs scroll in realtime and get colorized by an analyzing script like logcheck (such software, e.g. nagios, of course already exists in the open software world) Those who do nothing think they cannot fail - but they have already failed in the worst sense anybody can fail - they have become irrelevant and inconsequential. Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
