Simon James wrote:
Hi,
The consensus view of this list seems to be that relying on the encryption
built into Terminal Services connections is not good enough and that SSH or
VPN should be deployed to wrap such connections.
In the absence of this additional measure, the things a hacker would need to
obtain or circumvent to gain access to a practice datafile are:
1. The practice routers external IP
2. The port of the Terminal Services service on the router
3. The Windows user password
4. The practice software database password
Of these, (3) is likely to be the strongest roadblock for a determined
hacker.
My question is, does Terminal Services have any provision for more beefed up
security natively e.g. Certificates, dongles, MAC address restriction, IP
restrictions etc?
In other words, are there any measures that can be deployed other than VPN
and SSH that can beef up the Windows/Terminal Services security.
Simon,
In the absence of Linux boxes in practices I have set-up a number of
VPNs for GPs, from their homes to practices, using D-Link VPN routers
with VNC and/or PcAnywhere running inside the VPN for remote control.
The hardware is cheap, the security is excellent in my opinion, and that
of Paul Crew of Talltrees Consulting who guided me through my first
setups. I also like the fact that, as with firewalls, having a separate
device, running embedded Linux and handling the security, is much
preferable to having Windows servers or workstations involved.
I would not recommend using TS or RDP over the Internet. Similarly, a
number of IT vendors and support companies in Sydney routinely install
the freeware versions of VNC bare on practice computers. I encourage
practices to remove the hosts from their systems and dissuade these
providers from re-installing them
Greg
--
Greg Twyford
Information Management & Technology Program Officer
Canterbury Division of General Practice
E-mail: [EMAIL PROTECTED]
Ph.: 02 9787 9033
Fax: 02 9787 9200
PRIVATE & CONFIDENTIAL
***********************************************************************
The information contained in this e-mail and their attached files,
including replies and forwarded copies, are confidential and intended
solely for the addressee(s) and may be legally privileged or prohibited
from disclosure and unauthorised use. If you are not the intended
recipient, any form of reproduction, dissemination, copying, disclosure,
modification, distribution and/or publication or any action taken or
omitted to be taken in reliance upon this message or its attachments is
prohibited.
All liability for viruses is excluded to the fullest extent permitted by
law.
***********************************************************************
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
