First, some background: I'm the designated infection control officer of my company, in charge of member records regarding data that is protected by HIPAA, and other laws/regulations. I'm looking to digitize this data, instead of using paper records. Obviously, I need to secure these records against attack. The records do not need to be available online, or by any network connection. Therefore, my proposal is placing them on a computer, most likely a laptop.

Physical Security:
• Physical access to computer is restricted by locking it up in a room with limited access. Only company officers have access to this room.
• The computer itself is secured against attack. BIOS has a user and supervisor password. Any BIOS options to disable networking are set. BIOS is set to only boot from hard drive; all other options are disabled. The hard drive is encrypted.
• Network interfaces that can be removed from the motherboard are removed.
• The solution should be semi-portable, hence the laptop form factor. The laptop may be secured by a Kingston lock under normal circumstances, but if I need to take member records to another location, I would prefer that.

Operating system security:
• iptables is set to DROP all inbound and outbound traffic.
• Networking modules are disabled for any interfaces that are builtin to the motherboard, even if BIOS settings already have covered this.
• TCP/IP/UDP/Layer 4 is restricted/disabled, except where necessary to support services on the machine (ie loopback).
• If member records need to be printed for any reason, a report is run to gather the relevant data; saved to removable media; printed on another, trusted computer with access to a printer; and then the files are securely deleted/destroyed.

My question is thus: I'm familiar with most of the operations necessary to achieve my stated goals, but I'm not as experienced with Linux operations to disable Layer 4 protocols. I'm looking to essentially dismantle the network protocols beyond what the machine needs for local services to function.

Hi there,

I would suggest looking at just disabling all network interfaces except "lo". Possible approaches for this include:

- "ifconfig ifname down detach"
- Removing the kernel modules containing the device drivers for the adapters
- udev rules

1 members found this post helpful.

I can only hope that what you have proposed here is the outcome of the initial risk analysis and that you'll assess HIPAA Security Rule compliance afterwards. To add to what you and cliffordw stated:
- networking devices disabled in device BIOS (but not removable media, so how about an USB Wifi stick?),
- the hard drive is encrypted (are your backups? And if you don't make any: should you?),
- network interfaces that can be removed from the motherboard are removed (not many laptop motherboards allow for that...),
- iptables is set to DROP all inbound and outbound traffic (does Netfilter log traffic? if not how can you audit things?),
- networking modules are disabled (how? custom kernel? modprobe blacklist? who can undo that? would one notice?),
- "ifconfig ifname down detach" (who can undo that? would anyone notice?),
- Removing the kernel modules containing the device drivers for the adapters (what happens on kernel update if any?),
- udev rules (who can modify those? who would notice?).

So in essence I do agree with proposed changes, they should work OK as far as I can see implications, (even though I cringe at hiatus concerning procedurals, location, device choice, storage or transport) there's definately improvement in terms of being able to determine from the comprehensive audit trail no root access, no system modification, no unauthorized access and no unauthorized data access has taken place.