On Sat, 2004-04-10 at 08:24, Michael D. Weisner wrote: > Tim, > > I use W2K NTFS with encrypted passwords, which I presume is difficult to > crack, in addition to a physical barrier (a securely locked closet). I use > a bios password, although there is a physical jumper to reset the bios (and > the password). The floppy and CD are disabled from the boot process to > prevent booting an alternate OS.
If an attacker has physical access tot he machine (eg if they have stolen it), then the BIOS protections can be bypassed by a jumper on teh motherboard, as you note, or by simply moving the hard disc to a different machine. The use of W2k NTFS alone offers no protection at all. To see this, download and burn a copy of the bootable Knoppix V3.3 CD, and boot your machine from that. You will see an icon on the Linux (KDE) desktop which is your W2k NTFS disc. Click on this and you can read all your NTFS files, no password needed - unless you have specifically enabled the W2K EFS (encrypting file system) for certain directories, or the whole disc. Furthermore, use need to use the syskey utility as described in this article to properly secure the machine - otherwise the SAM (and teh hence teh EFS) are still vulnerable to someone with physical access to the machine and a few hours to spare: http://support.microsoft.com/default.aspx?kbid=310105 If you take the above steps (use EFS and syskey, and use strong passwords) then your machine is pretty safe against physical theft etc. Still vulnerable to viruses, trojans etc, of course. A Linux machine with an encrypted filesystem is much better in this respect. > > Since the link is made from the remote backup to the server, little > knowledge exists at work as to the location of the backup machine. As Auguste Kerkhoff stated over a century ago that protection through obscurity is only weak protection. For example, this email list (Openhealth) is indexed by Google, so anyone looking for the keywords "medical, data, encryption" can find this thread of messages. Let's see... yup, I have a good idea of where you live (will send you details by private mail). Your cover is blown, I'm afraid. > In > addition, the VPN is encoded so that it should be very difficult to > intercept the data enroute between the two systems. Lastly, I am a firm > believer in being "under the radar" with most things. It is unlikely that a > common thief would target my home (we live in a modest tract home) and in > the event that the backup machine was discovered in a breakin, what interest > would they have in medical records, assuming that they could be accessed? I don't know. Blackmail? Disgruntled or crazy patient wishing to destroy your professional life? General mayhem? Consider the ethical dilemma if your home backup machine were stolen. Would you inform the patients whose records were stored on that machine, or would you keep silent and hope that the thieves were not smart enough to work out was was on the machine (instead they just sell the machine at the local computer market to the 14 year old hacker who is smart enough to realise what s/he has...)? If you do inform your patients, you then need to worry about the class action which one of your patients, who happens to be a lawyer, brings against you for "fear, uncertainty and doubt" on the part of all your patients over potential loss of confidentiality of their medical records - doesn't matter if confidentiality is actually compromised, they can sue for for fear of such a compromise. In court, their attorney asks you "Did you use strong encryption on the filesystem?". Unless you can answer 'yes', you can kiss all your assets goodbye, I suspect. > > My concern was of the legality of storing the records in a personal > residence, here in the US. While I am no longer concerned about our > disaster recovery procedure should the main facility be destroyed, I have my > reservations about warehousing the data at home. Until a better solution is > presented, this will have to do. Personally I think that warehousing at home is quite reasonable, as long as it is officially sanctioned, and as long as you take all reasonable steps to protect the data. "All reasonable steps" includes the use of strong encryption to protect the data on disc, as described above. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
signature.asc
Description: This is a digitally signed message part
