Thursday, May 29, 2008

How A SSO Implementation Improved Security While Easing On-The-Job Frustrations Of Staff

Some consider security to be beyond the reach of usual measures of return on investment, but most would agree that the costs of a security program should be known and under control. As Southwest Washington Medical Center (SWMC) completed a company-wide project to electronically enable its patient records and organizational data, the IT staff discovered that among all of the benefits that the new system gave the organization (increased security, better organization, ease of information finding, compliance with regulations) the resulting passwords and protocols greatly increased the amount of time staff needed to access records and data.

SWMC is a community-owned, not-for-profit medical institution located in Vancouver, Washington that provides a full range of outpatient and inpatient diagnostic, medical and surgical services to Clark County residents. The region's health care leader and steward for nearly 150 years, SWMC is one of its largest employers and a six-time winner of the Solucient Top 100 Hospitals award. SWMC's employees help support dozens of medical specialty services and programs, focused on cancer, heart, emergency, trauma, neuro-musculoskeletal, family birth and primary care.

The healthcare industry in general presents a significant challenge for internal IT organizations. In the healthcare setting, there are far more users than workstations; the workforce is highly mobile; every worker needs to be able to access an IT workstation from just about anywhere-and be able to securely access a wide variety of applications from it. The challenge for SWMC was to figure out how to both protect patient information and at the same time, find a way to securely provide acute care clinical staff the ability to walk up to any workstation and log into the network to access applications and information that enable them to provide timely care and service to patients.

The password policies in place required staff to use-and therefore remember-a different password for each application. This added strain was compounded by help desk calls to reset forgotten passwords and "adhesive" memory tactics (using sticky notes to remind users of new passwords) that hurt patient privacy far more than the new security programs helped. To make matters worse, even successfully executed logins were taking an average of 30 seconds, adding up to an average of five minutes per day, per employee. For SWMC's more than 3,000 employees that's 25 hours wasted per day, or 150 + hours per week - assuming zero password-related problems that week. With the average hospital cost at $17.00 per hour, the total comes to $2,500 per week, or $130,000 per year-time and money lost to the login process. The system also supports 2,800 clinical and medical support staff of partnering community clinics, making this a cost issue outside the hospital's walls.

It was easy to see that this was something that needed to be fixed quickly, as it was becoming a huge frustration for staff and had the potential to become something that could both hurt retention efforts and ultimately take time away from providing patient care.

As issues around frustrations with the electronic record/information systems came to light, the organization was also dealing with two other concerns: compliance with the Health Insurance Portability and Accountability Act (HIPAA); and staff and physician retention in the highly-competitive healthcare industry.

After thoroughly researching various technologies and options, the IT leadership team determined that a comprehensive single sign-on (SSO) implementation could solve several of these issues: eliminate the password problem, producing significant efficiencies for both the IT team and hospital staff; reduce costs; increase the time spent on patient care; help satisfy HIPAA regulations on patient information protection, user login requirements and workstation time-outs; and enable the IT staff to gain organization-wide, centralized control over all IT access control management.

After looking at companies such as IBM, Novell, CA and Sentillion, SWMC chose to go with Imprivata's OneSign Single Sign-On solution, an appliance-based product that provided an intelligent and affordable solution for password management and user access. In evaluations, the team agreed that there were two major features that set OneSign apart from the other solutions:

(1) It was easy-to-use, meaning care staff would have no problem learning how to use it-and it would not force them to change the way they work, other than limiting the time spent on password logins and logouts; and

(2) It could easily be integrated with existing systems and with a zero-server-footprint. This was especially important for SWMC's situation, as it had information stored in dispersed and different locations, across 160 applications, with multiple authentication schemas (Novell NDS, RADIUS, MS Active Directory)-and were in the process of migrating over to Microsoft Active Directory as the new source of all access authentication. SWMC needed a solution that could easily take information from and seamlessly interface with all of these areas-and OneSign was it.

With more than 3,000 users, 125 departments and 160 applications, the IT staff decided to break the project down into two phases: phase I, the full deployment of SSO with fifty core applications; and phase II, the deployment of the balance of critical applications. Because of the success of phase I, phase II was quickly undertaken and the whole system was up and running within three months.

At SWMC, the Microsoft Active Directory group policies manage all role-based-access-control at the enterprise level-including internal use, outside vendor access and remote VPN access by coders, transcriptionists and "road warriors." The SSO product then manages the initial application-layer access-which has its own access controls, especially within the clinical systems. Access to Protected Health Information (PHI) is managed down to the screens or menus within the PHI-enabled applications. Each workforce member's access rights are set within an enterprise standard-via a Human Resources job code-which is then mapped to access control groups at the application layer.

Because of this, any user can use any workstation within the network - the security now follows the user. Every workstation is what we call a "fast user switching" workstation that can log a user off of a machine, close all applications and get the machine ready for the next user login in about 15 seconds. This approach gives the needed security to protect patient data-but at the same time eradicates the old hassle of locked workstations and prevents the use of the power switch to unlock the machine, a process which can potentially cause hard disk corruption.

Imprivata's solution provided SSO access, enabling users to get a common log-in across all applications, using either a password or a finger biometric to authenticate. The solution allowed SWMC to create one consistent user interface, one security posture for policy management and one principal authentication store for HIPAA-and did so without requiring any code changes to internal or external applications.

In short, SWMC's SSO initiative has transformed its ability to provide quick access to applications and information for the clinical staff, while enabling them to provide more timely and therefore better care to patients-all while helping the organization meet strict HIPAA guidelines. SSO saves staff 15 to 30 seconds per logon-or roughly five minutes per day, per employee.

The security improvements that the SSO implementation has brought about cannot be overstated. Before, it was difficult to get users to adhere to password policies and change their password every six months or so-especially when the number of passwords grew as more and more workflow at the organization was done electronically. Now, password changes happen when they are supposed to-and the team can easily tell when staff is not adhering to policy and make them change their password.

Feedback has been resoundingly positive. The use of single sign-on is appreciated every time a user walks up to a workstation, which happens thousands of times each day. The staff loves SSO-and now wants it on all of their other (non-core) applications.

SWMC has a new competitor hospital just eight short miles away, so keeping staff happy is more essential than ever. As I alluded to earlier, physician and medical staff satisfaction with their work environment has become a crucial part of staff retention. Providing a positive environment that limits mundane tasks-like repetitively logging in to several applications throughout the day-and freeing up time for patient care are critical components of our organization's retention efforts.

Imprivata, Inc.
10 Maguire Road
Building 4
Lexington, MA 02421-3120 USA

phone: 781-674-2700
fax: 781-674-2760
toll-free: 1-877-OneSign

Friday, May 23, 2008

Threats to Internet Security

Viruses have already become the biggest curse of the internet world, affecting millions of internet users and other business communities. Hackers, Spammers- whatever names you choose to call them, these programmes termed as malwares, have sown the seeds of fear and doubt in the minds of the general internet users. Privacy and security are the most affected segments and to escape from the hassles of the viruses,Up-to-date anti-virus software is essential for all PCs, particularly those that connect to the internet. It helps to prevent viruses, worms and other malicious software infecting your computer. It scans new files and emails, and regularly checks existing files and folders for abnormal behaviour. Computer viruses are a sickness that every computer user encounters sooner or later. In fact, viruses are just one example of a whole group of nuisance programs which are known as malware. Types of malware include,Viruses which like their biological counterparts, these are programs that infect a computer (by various methods) and then spread to other computers when infected files or disks are exchanged,Worms which are similar to viruses but are carried on the Internet and can spread from one computer to another by themselves, with no need for a user to assist the process by giving someone an infected file or disk,Trojans so named after the Trojan Horse of mythology, these are programs that pretend to be harmless and useful, but which in fact do something sinister, like plant a virus in a computer,Spyware that is nothing but a software that tracks your online activity or monitors your keystrokes and sends this information to a remote server,Dialers which are programs that are downloaded to your computer from a web page, which then steal money from you by dialling premium rate phone numbers, Hijackers which are little programs that are usually infiltrated on to your system via email or your web browser, which then hijack your browser settings by (for example) changing your default home page setting.

Viruses, worms and trojans cause a nuisance just by spreading their infections, but most of them also do something else, known as the payload. The payload may be something innocuous, like displaying a message or changing the system colours, or it may be something destructive like deleting files or formatting the hard disk. This payload often isn't activated until the virus has infected your computer for a while (giving it a chance to spread) so the fact that you haven't noticed anything unusual doesn't mean your computer is necessarily in good health.If your computer gets infected, whether the payload is harmful or not you want to get rid of the virus as quickly as possible, so as to remove the risk of it spreading to the computers of your friends and colleagues.The only sure way to get rid of a virus is to use anti-virus software. Some viruses can be removed manually, but different viruses need different removal methods and by the time you've found out the correct procedure a software virus scanner could already have done the job.

In a few cases, the virus scanner may not be able to cleanly remove a virus from a file, and the file may be left corrupt and unusable. In this case, your only option is to restore an uninfected copy of the file from software installation disks or a backup.

A good backup system is by far the best safeguard against losing data due to the action of a virus (as well as other disasters). But it must work hand-in-glove with the regular use of a virus scanner, otherwise your clean backup files could be replaced by infected ones before you realise your system has a virus.It's better to prevent a virus from infecting your computer in the first place, than have to remove one after it has. Therefore, it's worth paying close attention to virus prevention measures.

The best all-round system of protection is to install anti-virus software and enable on-access scanning (this is usually enabled by default.) This will work silently in the background, checking files for the presence of viruses. You need not worry about it until it detects a virus and raises the alert.

However, you must remain conscious of the need for virus protection to the extent of remembering to update your virus scanner regularly. These days, daily updates are not too often! New viruses are constantly appearing on the scene, and despite the claims of software vendors, virus scanners are not very good at detecting viruses they don't know about. Updating is the only way to maintain your virus scanner at top effectiveness by ensuring it knows about, and can detect, all the latest threats. Trusted and reliable anti virus programs include McAfee, Norton Anti-virus, AVG, PCCillin, Trend-Micro and many others. Anti-virus programs work on continuous updates of anti-virus definitions and thwart new viruses by managing to keep a few steps ahead of them.

PKP Iyer ,Java Development India

Java Development India is premium Java development Services provider in India

Wednesday, May 14, 2008

Security and the Family Internet Experience

The Internet is all about freedom. It is the freedom to explore, the freedom to learn new things and the freedom to pursue a business that can make money.

There are certain countries that restrict the freedom of their citizens when it comes to online exploration, but the free exchange of information and ideas is what makes using the Internet so appealing to many.

According to each individual's way of thinking there are a lot of strange websites out there. You can find websites that offend and may seem distasteful to your senses. Yet, you will also find many more that will connect with your interests and values.

Some, who may have never used an online entry point, may view the web as a place where evil can be found on every site. If you use a search engine you can quickly find an abundance of sites that will easily offend, but the truth is the Internet is simply a tool that can be useful for either positive or negative purposes.

If you go online in a deliberate attempt to find something negative you will find it, but the opposite is also true. The same logic can be applied to television. The form of media can contain material that is positive and negative depending on your point of view. That doesn't make the television good or bad - it simply causes the user to exercise caution when using this form of media.

When parents discover objectionable programming they can use available technology to block certain channels and use other technology to block any shows with a rating they don't want their family to see.

In the same way there is a form of security for parents when it comes to allowing their children to gain access to the web. In some cases parents who supervise their children online do not have much problem of their children encountering site content that may be objectionable. They may also be able to divert online messaging that could pose potential dangers to their child.

There are programs like Net Nanny that allow parents to gain remarkable control over what their children are allowed to see online. They can monitor where they have been, and they can do this without the need to stay with their child every moment they are online.

A program called Covenant Eyes can also help individuals who may be attracted to material on sites that may not be healthy to an ongoing relationship or finances. This site can help by providing an accountability partner with a report about sites that have been visited. The idea is to help an individual who may have a gambling addiction or may be prone to visit sites with pornography to kick the habit using a trusted friend who can monitor online activity and gently confront the problem.

These and similar programs provide family security online because sometimes we can stumble into a place we know we shouldn't be and decide to stay too long.

The Internet is not evil, but we could all use a little help in making sure we are comfortable in using it wisely.

Make A Website in minutes with HighPowerSites.com or Build A Website with BuildAGreatSite.com. Start a HOME BUSINESS and Resell Ebooks at BooksWealth.com.

Thursday, May 8, 2008

Denial Of Service Attack

A Distributed Denial of Service (DDoS) is an attack on a network which is designed to bring it to a halt. This is done by sending useless traffic to a specific service/port on a server. The amount of traffic sent would overwhelm the service, so that legitimate traffic would be dropped or ignored.

DDoS attacks have developed from the basic DoS attacks that were in the wild in 1997. These attacks originate from one source and can emerge from 100’s of locations around the world. The most visible attacks were those in February 2000, where high traffic sites (eBay/Amazon/Yahoo/CNN/Buy.Com/Datek/ZDNet) were faced with the task of handling huge amounts of spoofed traffic. In recent days, there have been attacks on Cisco which resulted in considerable downtime. Some public blacklist have also been targeted by spammers and taken out of business.

The following are different types of attacks.

Smurfing: The culprit sends a large amount of ICMP echo traffic at IP Broadcast addresses, all of it having a spoofed source address of a victim. This multiplies the traffic by the number of hosts.

Fraggle: This is the cousin of the smurf attack. This attack uses UDP echo packets in the same was as the ICMP echo traffic.

Ping Flood: The culprit attempts to disrupt service by sending ping request directly to the victim.

Syn Flood: Exploiting the flaw in the TCP three-way handshake, the culprit will create connection requests aimed at the victim. These requests are made with packets of unreachable source addresses. The server/device is not able to complete the connection and as a result the server ends up using the majority of its network resources trying to acknowledge each SYN.

Land: The culprit sends a forged packet with the same source and destination IP address. The victims system will be confused and crash or reboot.

Teardrop: The culprit sends two fragments that cannot be reassembled properly by manipulating the offset value of the packet and cause a reboot or halt of the victim’s system.

Bonk: This attack usually affects Windows OS machines. The culprit sends corrupted UDP Packets to DNS port 53. The system gets confused and crashes.

Boink: This is similar to the Bonk attack; accept that it targets multiple ports instead of only 53.

Worming: The worm sends a large amount of data to remote servers. It then verifies that a connection is active by attempting to contact a website outside the network. If successful, an attack is initiated. This would be in conjunction with a mass-mailing of some sort.

With the current TCP/IP implementation, there is very little that companies can do to prevent their network from being DDoSed. Some companies can be proactive and make sure all their systems are patched and are only running services they need. Also implementing, Egress/Ingress filtering and enable logging on all routers will disable some DDoS attacks.

“Egress filtering is the process of examining all packet headers leaving a subnet for address validity. If the packet's source IP address originates inside the subnet that the router serves, then the packet is forwarded. If the packet has an illegal source address, then the packet is simply dropped. There is very little overhead involved, therefore there is no degradation to network performance.”


- Cisco Website

Below you will find a simple SYN attack detection script that could be set to run every 5 minutes via a cronjob. In case of an attack you would receive and email with IP information; remember the IP information is usually spoofed.

#!/usr/bin/perl -w

#Simple Script to monitor syn attacks.

$syn_alert=15;

$hostname=`hostname`;

chomp($hostname);

$num_of_syn=`netstat -an | grep -c SYN`;

if($num_of_syn > $syn_alert)

{

`netstat -an | grep SYN | mail -s "SYN ATTACK DETECTED ON $hostname" admin@yourcompany.com`;

}

else {

}

exit;

Conclusion: DDoS attacks are very difficult to trace and stop. New hardware appliances are being manufactured specifically for these types of attacks. Many dedicated server providers simply unplug the server that is being attacked until the attack has stopped. This is not a solution this is a careless and temporary fix. The culprit will still exist and has not been held accountable for their actions. Once an attack is detected hosts should immediately engage their upstream providers.

About The Author

Edwin Gonzalez is the founder of Datums Internet Solutions, LLC (http://www.datums.net) based out of New York. In addition to dealing with day-to-day operations, he works on building his library of shell one-liners