Beruflich Dokumente
Kultur Dokumente
Objectives
Define encryption and explain how it can be used to secure information Describe the vulnerabilities and protections of wireless networks List the different remote access technologies Explain how to securely dispose of a document
Encryption
Cryptography
Transforming information into a secure form while it is being transmitted or stored Information is scrambled to prevent unauthorized persons from accessing it
Basic Cryptography
Defining cryptography
Origins date back centuries Used by Julius Caesar
Encryption
Changing the original message into a coded message
Decryption
Decoding the message back to original form
Cleartext data
Data stored or transmitted without encryption
Introduction to Healthcare Information Technology 5
Algorithm
Procedures based on a mathematical formula used to encrypt the data
Key
Mathematical value entered into the algorithm to produce ciphertext (scrambled text)
12
Asymmetric cryptography
Also known as public key cryptography Uses two keys Public key is known to everyone and freely distributed Private key is known only to one individual
Introduction to Healthcare Information Technology 14
Private key
Should be kept confidential
Both directions
Document encrypted with a public key can be decrypted with the corresponding private key, and vice versa
Introduction to Healthcare Information Technology 15
Applying Cryptography
Cryptography frequently used to protect data in one of two states
At rest
When data is being stored
In motion
As data is transported through electronic communications
17
Software products
Pretty Good Privacy (PGP) GNU Privacy Guard (GPG)
19
Hardware encryption
Cannot be exploited like software cryptography
21
22
IP Security (IPsec)
Transparent security protocol
No need to install or configure software
Introduction to Healthcare Information Technology 23
E-mail
Encrypted using PGP or similar application
Chat
No single standard exists for encrypting chat Some clients use SSL or PGP
24
VoIP
Encrypted using standard LAN encryption technologies
Smartphone
Encrypted with an application installed on the phone
25
FTP sites
FTP using Secure Sockets Layer (FTPS) Secure FTP (SFTP)
26
Wireless Security
Wireless networks have been vulnerable targets for attackers Vulnerabilities of IEEE 802.11 security
MAC address filtering Wired Equivalent Privacy (WEP) encryption
27
28
32
Site surveys
In-depth examination of a proposed wireless LAN site Determine the number and placement of access points, and types of antennas needed
Introduction to Healthcare Information Technology 34
35
36
37
Remote Access
Security for remote access connections is important Three typical types of remote access
Virtual private networks Terminal emulation Remote control applications
38
Endpoint
End of the tunnel between VPN devices Can be software on a local computer, or a dedicated hardware device
Introduction to Healthcare Information Technology 39
40
Terminal Emulation
Software application that allows a desktop computer to function as a terminal Telnet protocol
One of the most widely used applications
42
44
Secure Disposal
Securely destroying sensitive documents:
Important to prevent unauthorized retrieval from the dumpster
Types of records
Public records Private records Legal health record
Documentation of healthcare services provided to an individual Contains various types of information
Introduction to Healthcare Information Technology 46
Sanitizing
Removing only sensitive information from a document May involve blacking out text
Degaussing
Used with electronic records Resets magnetic charge to a neutral state
48
Summary
Cryptography transforms information into a secure form so that unauthorized persons cannot access it Symmetric cryptography uses a single key to encrypt and decrypt a message Asymmetric cryptography uses two keys: a public and a private key Cryptography can be applied through hardware or software Encryption can protect data that is stored or being transmitted across a network
Introduction to Healthcare Information Technology 49
Summary (contd.)
WPA2 and IEEE 802.11i are foundations of wireless security protections today A virtual private network uses tunneling protocols to communicate over a public network as if it were a secure private network A legal health record is the documentation of healthcare services provided to an individual Legal health records may be disposed of by shredding, sanitizing, or degaussing (for electronic records)
Introduction to Healthcare Information Technology 50