health
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Health] Securing GNU Health server

From: Luis Falcon
Subject: Re: [Health] Securing GNU Health server
Date: Sun, 30 Mar 2014 16:39:07 -0300 
Hi Vincent !

On Fri, 28 Mar 2014 10:55:15 +0100
Vincent Buijtendijk <address@hidden> wrote:

> Hi all,
> 
> Would anybody be able to share some tips to secure a server running
> GNU Health? Like most of you probably we are dealing with sensitive
> data so I would like to secure it as much as possible.
> 
> I am thinking about an SSL certificate of which I already have found
> some information online, in order to secure the communications.
> 
> However I also would like to secure the actual data without hampering
> user experience too much. Is there a way to encrypt the PostGreSQL
> database ?

There are ways to increase the security for GNU Health, and I would
divide them in two groups .

- External : for example, using Secure Shell (SSH) tunneling for the
  client to the GNU Health Tryton server; using SSL over JSON
  RPC protocol; restricting the connections to postgres
  to localhost and other firewall rules for IP and ports....

- Internal : for example, enforcing specific GNU Health users at
  Operating System, Postgres and Tryton level; creating and assigning
  the right user profiles to delimit the navigation access for the
  users that have access to the system.

Generally, most of the compromises in computer systems come from
"legitimate" users, who have access to the environment, so is key to
put special attention to the "internal" group.

You can encrypt the block device where the postgres datafiles are
located. Current linux kernels allow this. Tradeoff would be in
performance.

What I want to enforce in GNU Health is digital signature and
encryption. From the Tryton client, we could encrypt and/or sign
specific models / records, such as prescription or medical evaluations.
This way, you don't need to encrypt the whole database, but only the
models and records that you or your institution determine. This
functionality will provide, among other benefits, non-repudiation when
the user / health professional digitally signs the document.

Signing / encrypting documents functionality will be valid not only to
GNU Health but to Tryton in general, to any process that requires it.

About having your GNU Health instance in a data center, that decision
is about a trust relationship between you and your data center /
hosting provider. It's something that has to be carefully
thought, due to the sensitivity of the information that you have in a
GNU Health instance. 

Hope it helps, and let us know your thoughts / suggestions.

Best,

> 
> Many thanks,
> Vincent



-- 
Luis Falcon
GNU Health : The Free Health and Hospital Information System
http://health.gnu.org
@gnuhealth
reply via email to
[Prev in Thread] Current Thread [Next in Thread]