[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnumed-devel] Re: GNUmed (debian) servers and security
|
From: |
Andreas Tille |
|
Subject: |
[Gnumed-devel] Re: GNUmed (debian) servers and security |
|
Date: |
Mon, 28 Jan 2008 13:38:40 +0100 (CET) |
|
User-agent: |
Alpine 1.00 (DEB 882 2007-12-20) |
On Sun, 27 Jan 2008, James Busser wrote:
1. The server needs adequate physical protection. Even if the room in which
it resides can be accessed by thieves it would be good to have some
additional physical lockdown of the machine. I understand that it is not
unusual for thieves to bring boltcutters with them, therefore special
hardened chain that cannot be severed with bolt cutters be must instead be
cut with a grinder may be better for this situation.
Encrypt your hard disk. In case a thieve takes away the box chances
are good that the data remain unaccessable. You can choose encrypting
the hard disk during the installation process (which worked perfectly
on my laptop without any problems). On the other hand this
requires physical access to the machine on reboot (at least I do not
know an other way).
2. Debian etch - what should be done with it to make it more secure? Does it
comes with services that should be removed or turned off? What manner of
things (like Bastille Linux?) should be activated? Is there any set of
practices we would encourage and anywhere to be pointed to?
You just found
http://www.debian.org/doc/manuals/securing-debian-howto/ch1.en.html
I think following those hints is a very good idea.
3. The server medical data (Postgres cluster for GNUmed, dumps, downloaded
HL7 messages etc) should live on an encrypted partition. Truecrypt seems to
have become the standard for multi-OS encryption but its license does not
qualify for direct Debian distributions. Is it still wiser / better to use
it, over (say) cryptmount?
http://www.debian-administration.org/articles/506
I would stick to the default encryption method that is used at installation
time. I admit I did not cared what actually is used. (I only care about
things that do not work as I want them to work and there was no need to
worry about anything so far.)
BTW, regarding GNUmed server packages: It is not that I would not like to
build thos packages but I feel that they require a certain amount of time
to test any make sure that everything works fine. I'm currently not able
to spend much time in a row that I expect to be needed. I really hope
(but only _hope_) that it might become better soon. If you would like
to speed this up you might perhaps try to prepare some packages and I
will verify / test / enhance them.
Kind regards
Andreas.
--
http://fam-tille.de
[Gnumed-devel] Re: GNUmed (debian) servers and security, James Busser, 2008/01/27
[Gnumed-devel] Re: GNUmed (debian) servers and security,
Andreas Tille <=
Re: [Gnumed-devel] GNUmed (debian) servers and security, Karsten Hilbert, 2008/01/28
Re: [Gnumed-devel] GNUmed (debian) servers and security, Dave Cramer, 2008/01/28