On Sat, 2004-04-10 at 01:37, Michael D. Weisner wrote: > I have yet to tackle the HIPAA concerns officially, although the VPN is fairly > secure and the home system is password protected and physically locked away.
You realise of course that unless you use an encrypted filesystem, the "password protection" on any machine (Windows, Linux, whatever) is no protection at all if someone has physical access to the machine, or more precisely, its hard disc eg if the machine is stolen from your home (burglaries never happen in your neighbourhood?). By simply rebooting with a CD or floppy disc in "rescue mode" you can completely bypass Windows or Linux (or any other OS) security - no special tools or skills needed. Just Google for "lost root password" or similar. Thus you definitely need to weigh up the risk of such loss of physical control over the machine versus the potential consequences. Windows NT/2k/XP provides an encrypted filesystem which is very easy to use and reasonably secure if you take the extra precaution of setting some registry keys which cause the Windows SAM (the central security repository) to be encrypted with a password which you need to supply at the console at boot time. The default in Windows of not encrypting the SAM still leaves the machine vulnerable even if you use the encrypting filesystem - but if you use a boot time password, everything in the encrypting filesystem is pretty safe from someone with physical access to the machine but who doesn't know any passwords. Google the Microsoft help pages for more details. Note that Microsoft disables the ability to use the encrypting filesystem in various versions of Windows - you may need a server version. There are various ways of implementing encrypting filesystems under Linux, but all involve supply of a boot time password. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
signature.asc
Description: This is a digitally signed message part
