Re: [Oscarmcmaster-bc-users] Re Restricting remote access
open source web-based Electronic Medical Record (EMR) system
Brought to you by:
davidhcchan,
jaygallagher
From: Brookbanks, P. <pbr...@re...> - 2012-05-15 14:06:33
|
Thanks for the reply Peter. Sorry, I should have mentioned that we do access OSCAR-CAISI through a secure tunnel. My concern is the possibility that staff might be tempted to access the system using a public wifi or an insecure home wireless network (e.g., WEP). Our provinces' privacy rules do not allow this, so restricting access to a single location eliminates this risk. But it looks like this may not be possible without static ips(?) Paul -----Original Message----- From: Peter Hutten-Czapski [mailto:phc@SRPC.ca] Sent: May 15, 2012 9:49 AM To: The OSCAR UserGroup list Subject: Re: [Oscarmcmaster-bc-users] Re Restricting remote access It is a good idea not to leave the Oscar login vulnerable to the internet, but locked down. I have done this several ways You can clamp down to certain IP's being forwarded to your Oscar port/box -I use this for the hospital so that I can access Oscar from there at any of the dozens or so computers there -as you mention this requires a static client ip You can clamp down all access except for a SSH tunnel that requires a key and passphrase (this is considered quite secure) -our authorized laptops do this so you can access Oscar regardless of IP if you jump through the tunnel -these keys can be revoked -use putty for windoze and terminal for Ubuntu or OSX to establish the SSH tunnel In your case where the ip is not static I have two suggestions -the SSH tunnel -set up client authentication for Tomcat (I have not done this but it has been described for Tomcat) ================ Peter Hutten-Czapski Haileybury Ontario "The attitude that 'if rural people want these services they'll have to come to the city to get them' is simply not acceptable..." (Newbery, 1999) Before printing, think about the environment. Avant d' imprimer, pensez à l'environnement. On 15 May 2012 09:31, Brookbanks, Paul <pbr...@re...> wrote: > Hi everyone, > > > > Is there a way to restrict remote access to an single offsite > location? We have several programs spread throughout the city of > Toronto, so staff need remote access, but I want to restrict this > access to the respective programs they work in. If OSCAR-CAISI can't > limit remote access this way, is there a method to enable this restriction through the individual program computers? > The offsite programs do not use static IPs, and they may have > different ISPs. I thought there might be a way to restrict access via > a static IP (?) but it's too costly to obtain this for each program. > > > > Thanks > > Paul > > Paul Brookbanks > > Case Manager > Regeneration Community Services > > 2238 Dundas St. W, Ste 307 > > Toronto, Ontario > > Canada M6R 3A9 > > Tel 416-535-8501 x2604 (CAMH) > > Tel 416 703 9645(Regen) > > Fax-416 703 9648 > > pbr...@re... > > > > > > This e-mail is intended only for the named recipient(s) and may > contain information that is privileged, confidential and/or exempt > from disclosure under applicable law. No waiver of privilege, > confidence or otherwise is intended by virtue of communication via the > internet. Any unauthorized use, dissemination or copying is strictly > prohibited. If you have received this e-mail in error, or are not > named as a recipient, please immediately notify the sender and destroy > all copies of this e-mail. Please be aware that internet > communications are subject to the risk of data corruption, transmission errors, and privacy breaches. > > > > > > > ---------------------------------------------------------------------- > -------- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions will include endpoint security, mobile security and the > latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Oscarmcmaster-bc-users mailing list > Osc...@li... > https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-bc-users > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Oscarmcmaster-bc-users mailing list Osc...@li... https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-bc-users ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2176 / Virus Database: 2425/5000 - Release Date: 05/15/12 |