Network: Security Details
Last updated: 2012-01-30 10:03:48 by nj
This document has been accessed 183 times since 2006-12-28 14:16:03
The following is a short view of Telin`s network from a security point of view.
Telin`s Network security features:
For both ASP and local installs we use the same level of security. All network traffic between the clinic and us is encrypted and non-re-playable. The encryption is done with AES 164-bit encryption with both Network to Network traffic, as well as our remote access solution (computer to network). First I will explain Encryption and Authentication in general terms, before I go into the details of our implementation.
Encryption, Authentication and Passwords. All of these work together to create a secure system.
We start with Encryption, if the Data channel is encrypted this means all data traveling through it will be private. This is a very important thing for Banks, Medical Applications and other company records. This alone doesn`t keep unauthorized people out, it only protects the contents of the data of people who are using the system.
Authentication is to allow access only to authorized users. This is done by many ways, including PKI (public key infrastructure), passwords or biometrics. This on it`s own isn`t very secure as the authentication data needs to be encrypted, see above. But when combined with Encryption can make a system very hard to break into, as both the data and the authentication information are encrypted, as well as no access is permitted without one or more of passwords, PKI or other ways to authenticate users.
Passwords are the most common way to authenticate users, it also is very weak. Passwords can be lost, stolen and copied without the knowledge of the user. This is why most systems require you to change your password regularly. When passwords are combined with PKI, the system becomes much more secure.
The security of the entire system is defined by the weakest point, as a-posed to the entire security. An easy way to eliminate this is to add another layer (firewall + VPN) in front of the application, which requires all users to authenticate (and create encrypted channels) before using the application. Assuming you have a lock with a security guard on your front door at your house, but you have a backdoor in you house which is unguarded, the weakest point is the backdoor, and that is where the break in`s will occur. In computer security a backdoor is exactly that. If a properly configured firewall/VPN is in front of your network, with no back doors, your security will be much higher and it will prevent unauthorized use of the system.
Encryption alone will not secure your applications, in other words, if you encrypt an application`s traffic it doesn`t mean your security is any better. This brings us back the the central issue that security isn`t a button to push or program to install, but a mind set. All encryption does is make data that is transferred between two sites secret. Encryption does not authenticate users or do access control to data, this will be covered in a future tip. Encryption is defined as a means to encode data in such a way that a key is needed to decode that data on another side. RSA which is a more common encryption type uses a very large prime number as the base for encoding. This number is run through an algorithm which is the guts of the encryption algorithm. The algorithm in RSA uses very large numbers as it takes powers then divides them backing using Modulus (A mathematical term which means the remainder of division). Data is encrypted using the private key, this is the "password" that you and only you know. Anyone who has the public key (which is derived from the private key) can decrypt your data. Many systems automatically transfer the key (a random public key - to each user which is accessing the system) this way only that user can see the data in transit, but anyone can connect. There is currently no way of getting the private key from the public key.
We use a modified version of OpenBSD, configured as a NAT device and as a VPN server. Clinics are connected back to us, for administrative and support use, as well as connected to each other (different offices of the same clinic). In ASP clinics, the medical data is stored at Telin, and all traffic is encrypted at the network layer between the clinic and the ASP location. In the cases of a Local install, the clinic can use remote access keys, to access their data from outside the clinic. The VPN ensures that no traffic coming into the network is unauthorized, and that all incoming traffic destined for the medical system is encrypted. It also authenticates remote users at this point (see Remote Access Key). The data between the user and the medical system is encrypted, non-re playable and even the headers are encrypted. This means that the data is encrypted, so that other Internet users cannot see the data. Non-re playable means that an authorized user cannot re-play a transaction on the server, even if he/she cannot understand what the data was. And finally since the headers are encrypted, Internet users can`t even see the type of traffic being used, they don`t even see what server they are talking to, and what the contents could be.
A remote access key uses two factor authentication, with AES 192 or 256-bit encryption. The private key stored on the RA key, must be decrypted using a pass phrase. The private key is encrypted with 2048-bits of randomness. Both the pass phrase and the key must be present to log into the network, giving access to the medical data. With a key, only servers that the user is allowed to connect to are configured, thus preventing accidental access to another system. The private key (stored on the RA key) is something you have, and the pass phrase is something you know. The RA key software listens locally to a port on the machine, allowing transparent connections to that port to be encrypted over the Internet and passed to the server needed on the other side (after decryption). The password is used to decrypt the key, so it is not stored on the server (in either encrypted or plain text) so there is no way to get the pass phrase, except by brute force. Telin staff generate pass phrases for keys as they are sent out, this way we can be sure the passwords are random. A 2nd password is required to log into the medical system after authenticating to the network.
In the case of a Local install, Clinic`s can`t access each others system through the network resources. We have the ability to link to clinic`s offices together over the Virtual Private Network protocol, if request at the requirement of both offices, but by default, Local installs aren`t linked together, they are only linked back to Telin`s office. This link back to us allows Telin staff to manage servers as well as provide support remotely over a secure link. Billing data, as well as updates also run over this secure channel.
Telin has implemented a network access monitoring system across it`s network and connected networks, this will be installed on all Telin supplied Security Servers (VPN`s). This is required for all ASP and Local installations that connect back to Telin. Consider using this service, it is really simple to use and gives a large security benefit. We have a equipment list which you can access via the support system which is available within Mediplan or from our website, please contact technical support for access if you do not have access the support system. Clinics can access case history and outage information within this system as well. Remember that monitoring available can be important for security purposes, see security awareness training for more details. This is a weekly email that you should expect once per week, please review it, this is the list of devices that have attached to your network or been changed during that time. If you need the full list, please log into our support system, or email firstname.lastname@example.org to send you a copy. Please review your equipment list on a regular bases and update us of any errors in the lists. This is important for continued security assurance. If you see devices you do not know anything about, it is a good chance that someone is using your network resources, if you don`t know what it is you have the responsiblity to ensure it is authorized on your network. If you need help tracking down these machines, please contact tech support. Please note tech support for this purpose is not included and may be subject to a charge. If you provide information about hosts by email to: email@example.com with as much information as possible about a machine, this is free. This full list can be used as part of your office`s inventory, keeping an inventory of your computer equipment is a requirement as part of the Health Information Act.
Information that you can see within this system: IP address of device (if it has no IP address it will not be detected) Status of entry, usually Inactive (old data) or Confirmed (current and marked by Telin staff) or Unknown (not yet marked by Telin). Category of device: examples are Printers or Desktops (contains laptops) / etc. Description of the device: this is a short description of what we know of the device, if you provide serial numbers they will be documented here. Computer first detected date/time Computer last seen date/time (this is accurate to within a day) Information we have stored on your devices, available upon request: Username/password and type of remote access More accurate (date/time`s) as well as date/time last updated by us Scan details, any results of a security scan done at time of connection of the device Any other comments or old addresses of the computer (including connections to other clinics of that device) Manufacturer of the device (specifically the ethernet card)
In conclusion, Telin`s security system implements proven technologies to provide network security to the highest standards available today. Our remote access solution is at the same level as ASP clinic`s use, and both systems offer ease of use as well as accurate authentication and higher then 128-bit.