1 / 22

Authorized Access Only: Providing Secure Internet Access to Patient Information using Windows 2000 Server

Authorized Access Only: Providing Secure Internet Access to Patient Information using Windows 2000 Server Rex E. Gantenbein, Ph.D. Center for Rural Health Research and Education University of Wyoming Wyoming: “like no place on earth” Geographic distances Natural obstacles

bernad
Télécharger la présentation

Authorized Access Only: Providing Secure Internet Access to Patient Information using Windows 2000 Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorized Access Only: Providing Secure Internet Access to Patient Information using Windows 2000 Server Rex E. Gantenbein, Ph.D. Center for Rural Health Research and Education University of Wyoming

  2. Wyoming: “like no place on earth”

  3. Geographic distances

  4. Natural obstacles

  5. Sparse population, isolated communities

  6. Technological solutions • Telecommunications • Databases • Geographic information systems (GIS) • Internetworking Information Portal

  7. Technological problems • Interoperability • Scalability • Data integration • Quality of service • Privacy and security

  8. Creating a secure information portal • Security requires us to maintain: • Integrity of data • Confidentiality of data (storage and transit) • Availability of data • Authorization of users • Accountability of users

  9. Basis for our solution • NASA JSC Countermeasures and Evaluation Project (CEVP) database • Developed by Wyoming research team • Designed to efficiently disseminate life science data to discipline experts and extramural investigators • Centralized storage and distribution center for NASA life science research data • Provides multi-level security and Internet access to data • Resulting technology now being adapted for a secure health information portal

  10. Internet SECURE LAN Firewall Domain controller Firewall/Router UPS Datamart Hub UPS Data warehouse JetDirect UPS Switch Data warehouse Printer LAN printer Tape backup Desktop workstations UPS Local printer Public Web server www.health.uwyo.edu Creating a secure information portal

  11. Creating a secure information portal • Firewall • 2 NIC Server Cards w/onboard encryption capability, i.e. 3COM 3CR990SVR97) • Microsoft Windows 2000 Server • Microsoft ISA Server, Enterprise Edition • Domain Controller • NIC Server Cards w/onboard encryption capability • Microsoft Windows 2000 Server • Microsoft Access 2000 or Office 2000 w/Access • Microsoft Visual Studio

  12. Creating a secure information portal • Datamart • NIC Server Cards w/onboard encryption capability • Microsoft Windows 2000 Advanced Server • Microsoft Internet Information Server • Microsoft SQL Server • Microsoft Access 2000 or Office 2000 w/Access • Data warehouse • NIC Server Cards w/onboard encryption capability • Microsoft Windows 2000 Advanced Server • Microsoft Internet Information Server • Microsoft SQL Server

  13. Creating a secure information portal • Public Web server • NIC (Server card) • Microsoft Windows 2000 Advanced Server • Microsoft Internet Information Server

  14. Creating a secure information portal • Tape backup unit • HP SureStore robotic tape drive • Seven 80-GB tapes • Networking • 24-port switch for secure LAN • 8-port hub for external LAN • Firewall/router for Internet protection • Printers • Internal printer for secure LAN • Network printer for external LAN • Local printer for public Web server

  15. Supporting secure connections • Secure data storage • Multiple levels of authorization • Virtual private networking

  16. Data warehousing • Public Web server and non-secure machines reside in DMZ (semi-public LAN) • Data warehouses reside in secure LAN • Local (administrator) access only • Physically secure • Can be disconnected from network • Datamart also resides in secure LAN • Accessible from Internet • Stores data authorized for off-site use

  17. DMZ implementation • Internet connections protected by virtual private networking (Windows 2000) • Authorization (ticket) via Kerberos utility • Authentication via passwords • Encrypted communication between server and remote user • IP addresses of servers locally defined • No public DNS names except entry point

  18. DMZ implementation • Firewall is configured to deny all requests from machines outside the network except through VPN • Domain controller acts as Kerberos key distribution center for authentication and public key encryption • These machines cooperate to carry out local network address translation

  19. Virtual private networking • VPN extends the secure LAN over the Internet • Authenticates both ends of the connection and encrypts information passing between them • Built into Windows 2000 Server

  20. Benefits of a secure portal • Improved access to health-related data (overcoming geography) • Increased confidence in use of Internet for health information (overcoming fear)

  21. Center for Rural Health Research and Education http://www.health.uwyo.edu/ Rex Gantenbein, Technical Director Voice: 307.766.6549 Fax: 307.766.6608 Email: rex@uwyo.edu

  22. Thank you very much!

More Related