Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
First, some background: I'm the designated infection control officer of my company, in charge of member records regarding data that is protected by HIPAA, and other laws/regulations. I'm looking to digitize this data, instead of using paper records. Obviously, I need to secure these records against attack. The records do not need to be available online, or by any network connection. Therefore, my proposal is placing them on a computer, most likely a laptop.
Physical Security:
• Physical access to computer is restricted by locking it up in a room with limited access. Only company officers have access to this room.
• The computer itself is secured against attack. BIOS has a user and supervisor password. Any BIOS options to disable networking are set. BIOS is set to only boot from hard drive; all other options are disabled. The hard drive is encrypted.
• Network interfaces that can be removed from the motherboard are removed.
• The solution should be semi-portable, hence the laptop form factor. The laptop may be secured by a Kingston lock under normal circumstances, but if I need to take member records to another location, I would prefer that.
Operating system security:
• iptables is set to DROP all inbound and outbound traffic.
• Networking modules are disabled for any interfaces that are builtin to the motherboard, even if BIOS settings already have covered this.
• TCP/IP/UDP/Layer 4 is restricted/disabled, except where necessary to support services on the machine (ie loopback).
• If member records need to be printed for any reason, a report is run to gather the relevant data; saved to removable media; printed on another, trusted computer with access to a printer; and then the files are securely deleted/destroyed.
My question is thus: I'm familiar with most of the operations necessary to achieve my stated goals, but I'm not as experienced with Linux operations to disable Layer 4 protocols. I'm looking to essentially dismantle the network protocols beyond what the machine needs for local services to function.
I can only hope that what you have proposed here is the outcome of the initial risk analysis and that you'll assess HIPAA Security Rule compliance afterwards. To add to what you and cliffordw stated:
- networking devices disabled in device BIOS (but not removable media, so how about an USB Wifi stick?),
- the hard drive is encrypted (are your backups? And if you don't make any: should you?),
- network interfaces that can be removed from the motherboard are removed (not many laptop motherboards allow for that...),
- iptables is set to DROP all inbound and outbound traffic (does Netfilter log traffic? if not how can you audit things?),
- networking modules are disabled (how? custom kernel? modprobe blacklist? who can undo that? would one notice?),
- "ifconfig ifname down detach" (who can undo that? would anyone notice?),
- Removing the kernel modules containing the device drivers for the adapters (what happens on kernel update if any?),
- udev rules (who can modify those? who would notice?).
So in essence I do agree with proposed changes, they should work OK as far as I can see implications, (even though I cringe at hiatus concerning procedurals, location, device choice, storage or transport) there's definately improvement in terms of being able to determine from the comprehensive audit trail no root access, no system modification, no unauthorized access and no unauthorized data access has taken place.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.