Home page logo

basics logo Security Basics mailing list archives

RE: Re: Secure Intranet?
From: "simsjs" <sims () interex org>
Date: Mon, 04 Nov 2002 11:29:18 -0800

If someone has the time, resources, knowlege and ability to break into your systems, then nothing is going to be secure 
enough. Basically any time you make confidential data available outside your organization or even inside for that 
matter, you have to weigh the risks with the benefits. If the benefits out-weigh the risks then you make it as 
difficult as possible for anyone to get to the data you want to restrict.

HTTPS could be used for this although with information as sensative as medical records, I would try something 
different. You can use VPN access with one time passwords and a high encryption level depending on how many need access 
and how much access they need. Then on your server you have to make sure that is something is compromised, you have 
minimized the damage that can be done. Example, you give only read access to users that don't need to write files. Etc 

For info on one-time-passwords you can check out this site (I am not saying to go with this one, but it has information 
that explains its use) http://www.securecomputing.com/index.cfm?skey=643

have fun.

*********** REPLY SEPARATOR  ***********

On 11/1/2002 at 4:58 PM Surmit Walia wrote:

If HTTPS is not secure enough, than why do banks use them?  Just

---> Using a https server don't seem to me secure enough, but it's the
cheapest solution..

I hope it helps

Arnaud M.

On Thu, 31 Oct 2002 19:44:57 -0800 (PST)
Alan Cooper <imalcooper () yahoo com> wrote:

I have client that would like to have its confidential
data (medical records) available to traveling

What is the most secure way to set this up?  Secure
web site using private certificates?  Go with VPN's?
Tell the client forget the idea because there is no
good way to secure confidential data exposed to the


Thanks for your help.

Al Cooper

Do you Yahoo!?
HotJobs - Search new jobs daily now

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]