• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
VistA GT.M & Linux Security 062506

VistA GT.M & Linux Security 062506






Total Views
Views on SlideShare
Embed Views



1 Embed 1

http://www.slideshare.net 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    VistA GT.M & Linux Security 062506 VistA GT.M & Linux Security 062506 Presentation Transcript

    • GT.M/Linux Robustness, Security, & Continuity of Business for VistA K.S. Bhaskar Fidelity Information Services, Inc. ks.bhaskar@fnf.com +1 (610) 578-4265
    • Objectives • Correct information and usable functionality is available for those who need it, when they need it – Within limits of the design and implementation • Not available otherwise 2
    • Layers • VistA – separate topic, covered by Dave Whitten • MUMPS [GT.M] • Operating System [GNU/Linux] 3
    • GT.M Security • Daemonless architecture – Processes run with normal user ids – Processes can access database files if they have access permissions granted by the operating system – Enable / control using file ownership & permissions; user & group ids • Use Access Control Lists (ACLs) or SE Linux for finer grained control • Published security model – read it, understand it, use it 4
    • GT.M Database and Routine Access Routine Routine $ZROutines $ZGbldir Process Process global directory shared memory control structures database journal file file 5
    • GT.M Security – ASP Routine Routine $ZROutines $ZGbldir shared memory control structures global directory Process Process database file journal shared memory file database journal control structures file file 6
    • Robustness • Journaling – Use before image journaling in production – Consider journaling even for development environments • NOBEFORE may suffice, unless replicated • Backup early, backup often • Integrity – Trust but verify 7
    • Logical multi-site operation Secondary Primary ... Tertiary 1 primary Secondary ... 16 secondaries Tertiary 256 tertiaries 4096 quarternaries 8
    • Linux security • Use Linux security! – Each user has own user id – Each group has own group id – ssh, xinetd, stunnel, etc. – build on standard security models and tools that the Internet infrastructure is built on 9
    • Encryption • Use the loop-aes file system – Databases – Journal files – Swap files • Remember to encrypt back-ups (e.g., with mcrypt) – Unencrypted backups are perhaps the most overlooked serious vulnerability • You can't stop the National Security Agency from getting your patient data if they want to, but you can make it hard for them 10
    • What gives? • The weakest link – If humans and strong passwords are your weakest link, you have done a good job of security – Absolute security does not exist – you just want to make it not a worthwhile investment of time and effort 11
    • Thank you K.S. Bhaskar ks.bhaskar@fnf.com +1 (610) 578-4265 12