We have already introduced the concept of a physical address as a unique identifier fused into the network card of a computer. Let us now consider a few other terms and see how they all work together to make the Internet the amazing resource that it is (see Figure 3.1):
Physical address
• (also known as a media access control or MAC address) is unique to a computer forever (unless the network card is changed). This is a six-part hexadeci- mal number (e.g., 00-12-3F-52-B5-29).
IP address
• —either static or dynamic—is how the Internet recognizes a computer. This is a number of the form w.x.y.z (e.g., 192.168.1.100).
Hostname
• is a name that a human can use to identify the computer.
Domain name server (DNS)
• relates the hostname to the IP address (e.g., 68.105.28.11);
usually, there is more than one, in case one fails. Humans remember names much better than numbers. Computers like numbers much better than names. DNS trans- lates (maps) names to numbers (IP addresses) like Google.com to 74.125.45.100; this is a system much like a phone book. Important Web sites (like Google and the PDB) have more than one IP address in case one fails.
Subnet mask
• limits the search space to resolve IP addresses. IP addresses are really two addresses combined into one. These two addresses are a network address and a host address. The network address defines a group of computers (like the PDB) and the host defines a computer within the group. This is much like the mail I receive at
30 ◾ Philip E. Bourne
my home (the network address), some of which is for me and some for my wife or chil- dren (host address). The subnet mask is used to separate an IP address into its network address and host address components. An example of a subnet mask is 255.255.255.0. In order to communicate over the Internet, a computer must have an IP address linked to the MAC address fused into a network card. There are two types of IP addresses: static and dynamic. Static IP addresses are assigned to a computer and never change; this is use- ful if other computers, such as a print server or a file server, always need to know where the user is. However, most computers are assigned (leased) an IP address from a pool of addresses when they start up. When a computer is turned on, the network interface card communicates with the Internet service provider (ISP) asking to borrow an IP address for a while. The ISP then selects an IP address from a pool and leases it to the requestor while the computer is working. When the requestor disconnects from the Internet or shuts down the computer, the address is returned to the ISP to be allocated to someone else.
Beyond identifying a computer on the Internet, consider how information gets trans- ferred, such as when an e-mail message is sent. The message is sent as a series of packets of information; each can be uniquely identified with respect to where it has come from and where it is going, as well as the sequence of the packets such that the information can be reassembled in the right order. These chunks of information may not travel by the same route and certainly may not arrive at their destination in the right order, but the underlying Internet software knows how to interpret them because they use an agreed- upon protocol.
The protocol is a type of contract between sender and recipient. Different forms of trans- mission use different protocols. For example, Web pages are transferred using hypertext transfer protocol (http), which Web browsers recognize. Protocols such as http are layered on top of the basic transmission control protocol/Internet protocol (tcp/ip). Details of the
FIGuRE 3.1 Details of an Internet connection as shown by the command ipconfig/all on a Windows XP system.
protocols are beyond the scope of discussion here, but a basic understanding of Internet transmission helps us understand what might go wrong. For example, security violations as a result of “packet sniffing” may occur. On a wired connection, someone can maliciously read your packets as they go by; packets sent from a laptop in a coffee shop on a wireless network can be siphoned off and interpreted by a malicious third party more easily. We will see how to safeguard your transmissions as part of what is termed information assurance.
3.5 InFORMATIOn ASSuRAnCE
In a nutshell, information assurance is ensuring that your information is where you want it, when you want it, in the condition that you need it, and available only to those that you want to have access to it. Clearly, this is an important issue with respect to patient privacy and confidentiality and we will revisit this issue a number of times throughout this book. Here, we are concerned with the core fundamental issues of ensuring the integrity of infor- mation as it relates to the basic components used to maintain the information.
Figure 3.2 illustrates the components that must be considered. Let us go over them one at a time, further breaking the components into smaller parts.
3.5.1 network
We have already seen how the network can be compromised. A typical means of preventing packet sniffing is to encrypt the information. However, let us start at the level of the net- work itself. Institutions like hospitals and pharmacies typically have a firewall to prevent unwanted access. A firewall can be hardware, software, or both and has the job of fending off unwanted intrusions. Such intrusions can come from a user or an application program. Firewalls typically limit the users and the applications that can pass through from the external to the internal network. In this way, information can still flow freely around the internal intranet, but information coming from the Internet is very carefully scrutinized.
If the organization seeking to protect itself is small—a doctor’s office, for example—it may not have the opportunity to maintain a separate intranet. In these instances, it is pos- sible to establish a virtual private network (VPN). The VPN uses the same infrastructure as the regular Internet, but encrypts the data just on that part of the network that resides within the organization.
People Application
Host Network
Defense-in-Depth
32 ◾ Philip E. Bourne
3.5.2 Host
The host refers to any computer on the network containing information that must be kept secure. This ranges from a personal laptop to large, central, patient database servers. Regardless of the computer, a few fundamentals are highlighted here. Although it appears obvious, physical security is often what is violated. Maintaining passwords that are diffi- cult to guess, having secure user accounts on laptops, and not storing passwords, including those maintained by the Web browser for common applications, are good steps to take when information assurance is needed. Computers with sensitive data should not allow public access, but rather require all users to log in on their own accounts.
Likewise, vulnerabilities in the host operating system, whether it is Windows, MAC, Linux, or another operating system, are constantly being discovered. It is important to check for updates (“patches”) constantly. On laptops and desktops, such checking is easily supported and should be enabled. On hosts accessed by multiple users, it is important to monitor access daily. Logs are provided for applications as well as for users accessing the system and they need to be reviewed carefully for signs of intrusion.
3.5.3 People
People are probably the weakest link in the security triangle and yet the component that gets the least attention. Students likely signed an agreement for acting so as to maintain the security of information, yet few of us remember doing so and even fewer of us could recall details of what we agreed to do. The same could well be true when working for a company where information security is important. The most obvious aspect is maintain- ing passwords that are difficult to guess and changing passwords frequently. Most systems and applications force this upon us in any case. Keeping passwords difficult to guess and changing them frequently make them easy to forget; however, we must resist the tempta- tion to write them down anywhere near the computer.
3.5.4 Applications
Information assurance vulnerabilities associated with applications are most often associ- ated with applications that are part of the computer operating system and come in various well-publicized forms. A virus is a self-reproducing application that spreads by inserting copies of itself into other applications or documents. There have been some devastating examples of viruses; one of the most well known, the “I Love You” virus, cost an esti- mated US$5–10 billion in damage worldwide. Beyond money value for me were some pho- tographs that I had not backed up and thus were destroyed. Worms are a subclass of virus that can travel without help from a person and “tunnel” into a system. Last, a Trojan horse tricks the user into willingly, but unknowingly, letting a computer be infected, as were the people of Troy.
Dealing with such infiltrations is a constant battle between the perpetrator and the soft- ware manufacturer against which the attacks are aimed. New vulnerabilities are tracked by the computer emergency response team (CERT) as they are discovered. Maintainers of data centers constantly monitor CERT advisories and decide on what actions to take.
Makers of antivirus software do the same. An individual’s best defense is to maintain up- to-date antivirus and antispyware software. Such software will identify these new vulner- abilities and usually prevent such intrusions from reaching a computer.
If a computer does get infected, these programs will isolate (quarantine) the infected files so that they do not do any damage. Damage can range from the need to erase the disk completely and reinstall the system software to making a computer perform slowly. Either way, this can be a serious waste of time. Operating systems define the appropriate levels of security to enforce and, depending on the importance of the information, the appropriate level of security should be enabled.
3.5.5 Encryption
With the need to protect patient privacy and hence the information about that patient maintained by the hospital or pharmacy, it is important to raise awareness and at least instill a basic understanding of encryption. The increasingly distributed nature of the healthcare system means that private information is flying around with and without wires. We have already seen how such information can be snagged by malicious intruders intercepting the information via packet sniffing. Encryption simply means, “Okay, so you have got the private information, but we are not going to let you interpret it.” Encryption is almost as old as information itself; it implies a contract between the transmitter and receiver of information that allows them, and only them, to interpret the information being transmitted.
Pharmacists are likely to encounter the products and terminology of encryption such as secure socket layer (SSL) and Web addresses of the form “https://.” Perhaps the most common form of encryption is public-key encryption, which uses a combination of a private key and a public key; the keys provide the means to lock and unlock the infor- mation. Only the computer knows the private key, but it gives the public key to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. A very popular public-key encryption utility is called “pretty good privacy” (PGP), which allows encryption of almost anything. More information about PGP can be found at http://www.pgp.com, but the basic idea is shown step by step in Figure 3.3.
The bottom line in this approach is that a message is never sent to host B until it indi- cates that it will receive an encrypted message by sending a unique public key. When that public key is returned as part of the session key, only the private key for host B can decode it.
The question that remains is how to know that computer A can be trusted. Digital cer- tificates are familiar to most computer users who download from the Internet. A digital certificate is maintained by a third party and computers A and B would need to register and be known to that third party for the message to be transferred. The need to be identi- fied and trusted by the third party removes the possibility of communication with a bogus computer. Many of us accept trusted certificates from parties such as Sun Microsystems for Java applications and Microsoft for its applications.
34 ◾ Philip E. Bourne
3.6 SuMMARy
Our three basic lessons were that (1) understanding of information technology varies widely, (2) it is impossible to predict the future of information technology, and (3) bad things will happen. Here are a few basic rules for any laptop or desktop user to abide by to help keep a computer working efficiently and productively. Most of this information is just good practice whether it is applied to pharmacy informatics or not:
Keep alert to changes in information technology that will likely have an impact the •
practice of pharmacy.
Be able to restore an operating system and major applications from their original •
media should the need arise through disk failure or virus intrusion.
Make regular backups of any files that cannot be lost. It helps to think, “What will I •
lose if the disk fails?” because, sooner or later, it will fail. Make sure that the software firewall is turned on. •
Make sure that the latest operating system patches have been obtained, unless there •
is a compelling reason not to allow for automatic updates.
Purchase antivirus software and run it at least once per week. This will protect against •
new viruses as they are released.
Install antispyware software, particularly if data exist that others should not read. •
Have a password set on the computer to prevent physical access by others. • Computer A Public Key Public Key 4. 1. 2. 3. 6. 7. 5.
Session Key EncryptedMessage
Decrypted Message Private Key Computer B Public Key Public Key
Session Key EncryptedMessage Private
Key
Private Key
FIGuRE 3.3 Encryption: (1) Computer A prepares to communicate an encrypted message to com-
puter B. (2) Each computer has both public and private encryption keys. (3) The public key is sent to computer A, which is going to send the message. (4) The public key is converted into a session key, which contains the public key for just that one session and the encrypted message based on that public key. (5) The encrypted message and session key are sent to the computer for which it is intended. (6) Receiving computer B’s private key is then used. (7) The message is decrypted.
Keep browser security settings high (for Internet Explorer, select default level) or, at •
a minimum, medium.
Never open mail attachments unless the sender and content are known. •
Do not click on pop-up ads. They can download software (e.g., Trojan horses) to •
a computer.
Do not download any applications that cannot be trusted. •
REFEREnCE
1. Brockman, J. E. The next fifty years. Science in the first half of the twenty-first century. New York: Vintage Books, 2002.
37
4
C h a p t e r