Versions Compared

Old Version 5

changes.mady.by.user Grace Potma

Saved on

compared with

New Version 6

changes.mady.by.user Grace Potma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

Table of Contents
minLevel1
maxLevel2
outlinefalse
stylenone
typelist
printabletrue

Table of Abbreviations and Acronyms

...

Below is a diagram illustrating Network Segmentation Segmentation:

...

To protect workloads consider

...

:

  • Group like workloads together (such as databases) into zones.

  • Segmentation - Use tools such as firewalls to isolate some groups from others, this practice can substantially limit exposure and isolate sensitive systems and data.

  • Use Virtual Local Area Networks (VLANs) to separate different types of traffic.

...

Operating system hardening involves configuring the OS to minimize vulnerabilities.

This includes:

  • disabling unnecessary services,

  • applying security patches, and 

  • following best practices for secure configurations.

Server Patch Management

...

Regularly apply security patches and updates, this . This is critical for protecting the OpenMRS server and its dependencies from known vulnerabilities. An effective patch management strategy reduces the risk of exploitation. To be effective always monitor any announcements for critical updates for OpenMRS.

...

  • Strong Authentication

    • Implement multi-factor authentication (MFA)

...

    • for all user accounts.

    • Use strong password policies, requiring complexity

...

    • and regular changes.

  • Password Management

    • Enforce password length and complexity requirements.

    • Implement account lockout policies after a defined number of failed login attempts.

  • Role-Based Access Control

    • Define user roles and permissions based on the principle of least privilege.

    • Regularly audit user access and roles for compliance. 

...

To minimize risks, OpenMRS must be configured in accordance with security with security best practices. This involves turning off superfluous features and ensuring and ensuring security settings are in place.

Module Security

...

Regularly upgrading OpenMRS modules and examining them for known vulnerabilities ensures that the application is safe and resistant to exploitation. Always disable unnecessary modules and features that are not in use.

...

  • Create an incident response strategy that outlines 

...

  • outlines roles, responsibilities, and processes for reacting

...

  • to security issues.

  • Run frequent drills to guarantee preparedness.

...

  • Use security monitoring tools to detect and alert to 

...

  • to questionable activity. Use IDS and log monitoring tools.

Log Management

  • Enable logging on all key systems and apps.

...

  • Ensure compliance with applicable laws and regulations, including HIPAA, GDPR, and local 

...

  • local healthcare legislation.

  • Conduct periodical audits to determine compliance.

...

  • Policies should be reviewed and updated on a regular basis to reflect technological and 

...

  • and regulatory developments.

 Training and Awareness

  • Offer continuing security training and awareness initiatives to all users, administrators, and   

...

  • and developers.

  • Encourage a culture of security throughout the organization.

Tomcat Security 

Tomcat minimum baseline security standards focus on securing the application server and its deployment applications. Key control  points include:

...

  • Enabling HTTP security headers (HSTS, X-Frame-Options, Content-Security-Policy)

NGINX Security

NGINX security focuses on securing the web server and its served content. Key control points include:

  • Configuration:

    • Disabling unnecessary modules

    • Configuring error pages to avoid revealing sensitive information

    • Limiting request headers and body sizes

    • Implementing rate limiting to prevent denial-of-service attacks

  • Access Control:

    • Using IP-based access control lists

    • Configuring strong authentication mechanisms

    • Implementing WAF (Web Application Firewall) rules

  • SSL/TLS:

    • Using strong cipher suites

    • Enabling HTTP Strict Transport Security (HSTS)

...

Apache MBSS

Apache MBSS focuses on securing the web server and its served content. Key control points include:

  • Configuration:

    • Disabling unnecessary modules

    • Configuring error pages to avoid revealing sensitive information

    • Limiting request headers and body sizes

    • Implementing rate limiting to prevent denial-of-service attacks

  • Access Control:

    • Using .htaccess files for directory-level access control

    • Configuring strong authentication mechanisms

    • Implementing WAF (Web Application Firewall) rules

  • SSL/TLS:

    • Using strong cipher suites

    • Enabling HTTP Strict Transport Security (HSTS)

...

Conclusion

Implementing this Minimum Security Baseline for OpenMRS will assist to reduce risks and safeguard sensitive health information. Regular assessments and revisions to this baseline are required to respond to emerging risks and changes in the technological ecosystem. It is a necessity in today’s threat landscape to implement these security practices.

...