Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

VistA GT.M & Linux Security 062506

1,035 views

Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

VistA GT.M & Linux Security 062506

  1. 1. GT.M/Linux Robustness, Security, & Continuity of Business for VistA K.S. Bhaskar Fidelity Information Services, Inc. ks.bhaskar@fnf.com +1 (610) 578-4265
  2. 2. Objectives • Correct information and usable functionality is available for those who need it, when they need it – Within limits of the design and implementation • Not available otherwise 2
  3. 3. Layers • VistA – separate topic, covered by Dave Whitten • MUMPS [GT.M] • Operating System [GNU/Linux] 3
  4. 4. GT.M Security • Daemonless architecture – Processes run with normal user ids – Processes can access database files if they have access permissions granted by the operating system – Enable / control using file ownership & permissions; user & group ids • Use Access Control Lists (ACLs) or SE Linux for finer grained control • Published security model – read it, understand it, use it 4
  5. 5. GT.M Database and Routine Access Routine Routine $ZROutines $ZGbldir Process Process global directory shared memory control structures database journal file file 5
  6. 6. GT.M Security – ASP Routine Routine $ZROutines $ZGbldir shared memory control structures global directory Process Process database file journal shared memory file database journal control structures file file 6
  7. 7. Robustness • Journaling – Use before image journaling in production – Consider journaling even for development environments • NOBEFORE may suffice, unless replicated • Backup early, backup often • Integrity – Trust but verify 7
  8. 8. Logical multi-site operation Secondary Primary ... Tertiary 1 primary Secondary ... 16 secondaries Tertiary 256 tertiaries 4096 quarternaries 8
  9. 9. Linux security • Use Linux security! – Each user has own user id – Each group has own group id – ssh, xinetd, stunnel, etc. – build on standard security models and tools that the Internet infrastructure is built on 9
  10. 10. Encryption • Use the loop-aes file system – Databases – Journal files – Swap files • Remember to encrypt back-ups (e.g., with mcrypt) – Unencrypted backups are perhaps the most overlooked serious vulnerability • You can't stop the National Security Agency from getting your patient data if they want to, but you can make it hard for them 10
  11. 11. What gives? • The weakest link – If humans and strong passwords are your weakest link, you have done a good job of security – Absolute security does not exist – you just want to make it not a worthwhile investment of time and effort 11
  12. 12. Thank you K.S. Bhaskar ks.bhaskar@fnf.com +1 (610) 578-4265 12

×