Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Web portal security?

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    123

    Web portal security?

    Hello all, I am in the development stages of designing webserver with a employee portal for my domain. I would like for the employees to access this portal internally and externally. After logging in they would have access to email and other things. What kind of security design is recommended? It needs to be something very strong, since this site deals with patient information. All input will be appreciated.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Atleast put the employee part behind SSL and use strong authentication. Like tokens and such.

    Try to seperate the public part and the employee part. Preferably on different servers. Both have different security concerns and it's "easier" to protect both if you seperate them. Also if somebody "cracks" your public site they won't be able to get to the employee site.

    Eventhough you use SSL and strong authentication you still need to make sure the application is secure too. This means input validation, preventing sql injection and XSS to name a few.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Banned
    Join Date
    Jul 2001
    Posts
    1,100
    Greetings:

    SirDice left out one major thing. It set off alarm bells in my head the second I read the word "patient information" in your description.

    If you're in the healthcare industry, and if you're in the US, you need to be compliant with HIPPA. If you're not a security expert, and if you're not familiar with HIPPA, I STRONGLY STRONGLY STRONGLY suggest you hire someone to create this portal for you. (I think you'll find this portal can't be everything you're probably hoping for.)

    With some areas it's fine to be a do-it-yourself learn-as-you-go type of administrator. Dealing with patient information, and making sure you're HIPPA compliant, is not one of those areas.

    You can read more about HIPPA from the US Health and Human Services website at http://www.hhs.gov/ocr/hipaa/

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    251
    JP speaks the truth, there are certain times when you just gotta call in an expert that nows the specific regulations.
    You don't build a house with out first consulting the local building codes, and you certainly don't go putting patient records online without following HIPPA.
    The implications of not are incredible. I read a very scary article one day about how open a lot of doctors offices are in regards to keeping electronic documentation, I wish I had it book marked, but it made you wonder about your medical provider and whether you should expect your identity to get "borrowed".
    Quite scary!!!

    Peace,
    Dhej
    The owl of Minerva spreads its wings only with the falling of dusk. -Hegel

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I'm not a US citizen so I didn't know about HIPPA Good call!
    Here in Holland we have rules and regulations regarding anyone's records, not just the medical ones.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Senior Member
    Join Date
    Aug 2002
    Posts
    123
    Actually, they will not access any patient info. But they will access email and our intranet which is a monthly news letter. i thought this would be something simple to create?

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Everything I've told you still holds up. Except maybe the strong authentication. Normal authentication could be enough but ymmv .
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member
    Join Date
    Aug 2002
    Posts
    123
    Anybody know of a certain website that will help me on creating secure websites?

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    You already found one

    Seriously, have a look through the archives and/or use the search function.
    You can probably pick up a whole list of sites for your reading pleasure
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Senior Member
    Join Date
    Aug 2002
    Posts
    123
    This site is great! But is there a site that dedicates itself to web security?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •