HIPAA Blog

[ Tuesday, January 25, 2005 ]

 

More seminar-blogging:

We're at the first break, but so far this morning it's very tech-heavy. As usual, it's a lot of horror stories and war stories, along with a lot of advice about how bad things can be, as well as some useful advice about what you ought to do to find out how bad things really are for you. It can seem awfully daunting, especially since you simply can't get perfect protection. Of course, the ultimate lessons are (i) you gotta do something, whatever you can; and (ii) don't let the perfect be the enemy of the good. Do your best to know your system, protect your system, and keep re-doing it. Anyway, here's the news so far:

Tech horror stories:

Does your computer room have drop ceilings and raised floors that could provide access? Do the doors have hinges on the outside, so that someone could take the door off and get in? Does your cleaning crew have uncontrolled access to everything, and do they know not to let people follow them in? Social engineering meets low physical security: the cleaning crew won’t challenge someone who looks like they ought to be there; likewise, someone who is supposed to be there won’t challenge anyone dressed like they are the cleaning crew.

War-call: try to access all of your phone lines looking for modems, and if you find one, try to access it. Look for freeware called "Snort" to help you find them and press them. Your firewall should be preventing you from getting in, particularly by looking at the IP address you're accessing from. But make sure your firewall can't be spoofed by a phony IP address made to look like a legitimate one.

More later.

Jeff [10:12 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template