Security - We will get there

EMR(Electronic Medical Record)/EHR(Electronic Health Record) is the area I paid close attention to for the past years. Government always takes that as a high priority and companies are working at their hardest to tackle the problem. There are a lot of security related issues (such as this one) and certainly keep learning from the industry best practice will help me better understand and work in this field.

 

I used to have a lot of trouble to deal with spam when I first opened comment to any visitors, it forced me eventually turned off that feature of my site several years ago.

CBC reported the security incident from Alberta health network which an aged virus took control several computers and stole thousands of health records.

I am a fan of nba and check out the score at http://www.nba.com from time to time. I am always amazed by the flashy tech used at the site and impressed with their performance even under the huge load just you can imagine. But today it's different. The home page looks normal but there is connection error when I click the game detail link. Here is the screen shots.

I've been involved into the identity management a while ago and heard OpenID as a "a free and easy way to use a single digital identity across the Internet." 

Basically it's a free, open and distributed framework for user authentication. There is extension to add more value into this framework such as creating user profile automatically by  having additional user information.

I found conflict between Foudnstone and Shavlik when Foundstone reported missing patch while Shavlik reported patch installed. The bad news is you have no clue how Foundstone determines that so I had to call the support. Fourtunately the support is quite helpful and here is the signature they are looking for:

This  nodeaccess module will give me more granular control based on both node type and individual node. The configuration has two steps. To determine which node type has this type of grant capability and grant the node's permission to either role or user.

I have a client running a Linux box with OpenVPN for a while. It passes through my enterprise firewall to get into their own isolated environment. After the upgrade of the firewall last week, the client started to complain they lost the vpn access and my colleague started to look into it.

It took a while for my colleague to go through whole bunch of tests but could not find out why the traffic was broken after established by the firewall. I mentioned the app layer inspection factor of the firewall could be the cause and soon it was resolved.

The client is using port 80 for the SSL VPN traffic which they should not. It tends out to be the firewall is evaluating the traffic more deeply than before after the upgrade as firewall thought it's clear text http traffic. It uses a technology called protocol agent to associate the protocol with evaluation service. By took away the protocol agent, my client's SSL VPN worked again.

In this case, both sides should not be blamed actually. But as a precautions thought, do not run SSL VPN through port 80. Especially more and more firewalls are trying to do more high layer inspection nowadays.

From Firefox 2:

Phishing Protection is turned on by default in Firefox 2, and works by checking the sites that you browse to against a list of known phishing sites. This list is automatically downloaded and regularly updated within Firefox 2 when the Phishing Protection feature is enabled. Since phishing attacks can occur very quickly, there's also an option to check the sites you browse to against an online service for more up-to-date protection. This enhanced capability, and other Phishing Protection settings, can be configured in Firefox's Security settings.

When sites are checked against a local list in default mode, no information is sent to Mozilla or anti-phishing partners. When sites are checked against remote services, the Web site address is sent over a secure SSL connection.

It's great you now have it built into the browser and I like it more because it's very clear you can turn it off completely if you don't want it. And noticed the communication between you and the anti phishing servers is encrypted as well.
The other interesting security statement from Firefox 2 is :

Open Source, More Secure

At the heart of Firefox is an open source development process driven by thousands of passionate, experienced developers and security experts spread all over the world. Our openness and active community of experts helps to ensure our products are more secure and updated quickly, while also enabling us to take advantage of the best third party security scanning and evaluation tools to further bolster overall security.

This is one of the reasons always behind me for my open source security mindset which has www.opensourcesecurity.org as the major community site.

This idea is from the snort.org web site for invisible tap. Basically with a 24 port patch pannel, you can have 6 100M full duplex taps right from it. Each tap will use 4 ports, two ports for host connection and the other two for tap purpose. For example, I have port 1 and 4 for host and 2,3 for tap. I use 4 wires to connect the following 4 pin groups:

1. pin 1 of port 1, pin 3 of port 2 and pin 1 of port 4
2. pin 2 of port 1, pin 6 of port 2 and pin 2 of port 4
3. pin 3 of port 1, pin 3 of port 3 and pin 3 of port 4
4. pin 6 of port 1, pin 6 of port 3 and pin 6 of port 4

After that, you can get traffic from port 2 and port 3, one for sending and one for receiving traffic. Then you can use interface bonding to setup a virtual interface to capture the full duplex 100Mbps traffic. Cool!