September 24, 2008 at 10:20 am
Ok, first off, I am not an SQL guru by any means. I currently have an SQL 2000 server that maintains a db for our Mckesson office software. It contains pretty much everything on all employees, patients, schedules etc. (We are a medium sized home health care agency)
The owner wants to streamline several of the day to day process like scheduling and availability so that employees and patients can run their schedules from the web without having to call into the office and speak to a scheduler.
We will be running .asp login security for users to access the website.
What is the best way to secure the connection from the web server that our apps will be posted on, back to the db which will hold all the data? Web server on a DMZ? Web server with a 2nd NIC coming back into the lan? How can I connect the webserver to the db without allowing any of the HIPAA sensative data to be wide open?
September 24, 2008 at 11:52 am
You might be better off talking to someone in your local area who you can bring in asw a consultant to make sure you're not violating any HIPPA rules or whatnot, but the way I've seen it done and which makes sense to me is...
A Webserver in a DMZ that is only accessible via ports 80 and 443 from the web. On your internal firewall, you would need to configure it so that only traffic coming from the webserver could access the db server preferrably on a non-standard port to make it harder on the bad guys. You also probably wanting to be running SNORT or another IDS, IPS type of solution.
Just remember if your web server ever gets owned there nop real point to any of the other protections cause the bad guys will just use your webserver's connection to the db to mine whatever they need. So patch early and often and make sure someone is reviewing the logs and such. Also be very careful about SQL injection and such on the webserver.
Does Mckesson already have a module you can purchase that may have many of these best practices already put in place, and might be easier to implement?
-Luke.
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply