Abstract
As health care organizations continue on the path toward total digital operations, a topic often raised but not clearly understood is that of computer security. The reason for this is simply the vastness of the topic. Computers and networks are complex, and each service offered is a potential security hole. This article describes for the lay person the fundamental points of computer operation, how these can be points attacked, and how these attacks can be foiled—or at least detected. In addition, a taxonomy that should aid system administrators to evaluate and strengthen their systems is described.
Key Words: computer security, encryption, RSA, public key, Satan, Tripwire, Virtual Private Networks
Full Text
The Full Text of this article is available as a PDF (2.1 MB).
References
- 1.Makris L, Argiriou N, Strintzis M. Network and data security design for telemedicine applications. Med Informatics. 1997;22:133–142. doi: 10.3109/14639239709010886. [DOI] [PubMed] [Google Scholar]
- 2.Willenberg C. Strategy for securing medical documents by electronic signature and encryption. Radiology. 1997;37(4):305–312. doi: 10.1007/s001170050216. [DOI] [PubMed] [Google Scholar]
- 3.Summers R. An overview of computer security. IBM Systems J. 1984;23:309–325. doi: 10.1147/sj.234.0309. [DOI] [Google Scholar]
- 4.Wouters P. Designing a safe network using firewalls. Linux J. 1997;40:32–38. [Google Scholar]
- 5.Thomas RO. Haunted by the ghost of smurfing. Sys-Admin. 1999;7:63–64. [Google Scholar]
- 6.Stewart D, Maginnis P, Simpson T. Who is at the door: The SYN denial of service. Linux J. 1997;38:12–16. [Google Scholar]
- 7.Brotzman L. Wrap a security blanket around your computer. Linux J. 1997;40:17–23. [Google Scholar]
- 8.Corcoran D, Sims D, Hillhouse B. Smart cards and biomentrics: Your key to PKI. Linux J. 1999;59:68–71. [Google Scholar]
- 9.Garfinkel S: PGP: Pretty Good Privacy. Sebastopol, CA, O’Reilly & Associates, www.oreilly.com
- 10.Scott C, Wolfe P, Erwin M: Virtual Private Networks (ed 2) Sebastopol, CA, O’Reilly & Associates, www.oreilly.com
- 11.Garfinkel S, Spafford G: Practical UNIX & Internet Security (ed 2). Sebastopol, CA, O’Reilly & Associates, www.oreilly.com
- 12.Stallings W. Network and Internetwork Security Principles and Practice. Newark, NJ: Prentice Hall; 1995. [Google Scholar]
- 13.Schneier B. The IDEA encryption algorithm. Dr Dobb’s J. 1993;18:50–56. [Google Scholar]
- 14.Stallings W. Pretty good privacy. ConnecXions. 1994;8:2–11. [Google Scholar]
- 15.Giles B. Encrypted file systems. Linux J. 1997;51:64–67. [Google Scholar]
- 16.Mauriello E. TCFS: Transparent cryptographic file system. Linux J. 1997;40:64–68. [Google Scholar]
- 17.Richter J, Cabrera L: A file system for the 21st century: Previewing the Windows NT 5.0 file system. Microsoft Systems J November 1998
- 18.Whalin G. Virtual private networks. Sys-Admin. 1999;7:21–26. [Google Scholar]
- 19.Stein JG, Neuman C, Schiller JL: Kerberos: An Authentication Service for Open Network Systems. USENIX Conference Proceedings, Dallas, TX, Winter 1998
- 20.Fenzi K, Wreski D: Linux Security HOWTO, 1998. http://metalab.unc.edu/mdw/HOWTO/Security-HOWTO.html
- 21.Havelt R. SATAN: Analyzing your network. Linux J. 1997;40:77–78. [Google Scholar]
- 22.Ali S. Freeware based security. Sys-Admin. 1999;8:39–44. [Google Scholar]
- 23.Fenzi K. Tripping up intruders with tripwire. Linux J. 1997;40:75–76. [Google Scholar]
- 24.Russinovich M. NT vs. UNIX: Is one substantially better? Windows NT. 1998;4:121–132. [Google Scholar]
- 25.Hare C. IT Security coming of age. Sys-Admin. 1998;7:57–64. [Google Scholar]
- 26.Epstein MA, Pasieka MS, Lord WP, et al. Security for the digital information age of medicine: Issues, applications, and implementation. J Digit Imaging. 1998;11:33–44. doi: 10.1007/BF03168723. [DOI] [PMC free article] [PubMed] [Google Scholar]