Just as a hacker might target a personal computer through its e-mail program, someone looking to destroy a radiology practice -- its PACS, billing, or medical records support systems -- would attack a system's data-warehouse host servers.
As entry points for user access, host servers are the networks' most vulnerable targets, said Steve Langer, Ph.D., from the radiology and medical education departments of the University of Washington in Seattle. Langer believes that vendors' efforts to develop more standardized hardware in recent years have actually increased the vulnerability of the systems.
"In the days when people had more proprietary products and operating systems, it was difficult for perpetrators to know where the holes were and how to gain access to those systems. Whereas now that we have more open systems based on, say, NT and Unix, those holes are well known -- to the extent that many PACS vendors ... don't take any great care to apply security patches to their products."
Instead, manufacturers often rely on firewalls within the institution to provide security. But when facilities choose not to implement firewalls for legal, ethical or technical reasons, he said, security suffers. But much can be done to protect the systems, and much can be learned from banks, the military and other institutions that have already developed successful solutions, Langer said.
There are four basic perpetrator roles among hackers. These include the data thief, who wants valuable information, such as credit card numbers, bank accounts, or perhaps someone else's identity. The vandal simply wants to harm the enterprise by damaging hardware or software, perhaps by launching denial-of-service attacks or viruses, he said. A third type, the machine thief, wants to gain access to the system to use it for further exploits.
"He's got administrative access to your system, he can do whatever an administrator would do…. What we've seen at [the University of] Washington is that we tend to be used as middlemen for people who like to use our machine to launch attacks on others," such as denial-of-service attacks, he said.
The fourth type, the hybrid perpetrator, might mix and match the first three methods. He may become a data thief to steal the information needed to become a machine thief, for example.
In the TCP/IP data transfer protocol scheme, all services are bound to specific, hierarchically arranged ports, Langer said, and each port is identified by a unique IP address. Penetrating a system might start with access to a supervisor's privileged port that was left open. From there, a perpetrator can enter "Trojan" commands that execute damaging programs immediately or sometime later.
An application known as a "sniffer," can intercept TCP/IP messages by using information in the IP header that contains the name of the source and destination servers, he said. In this way, an Internet thief might intercept Visa or Mastercard numbers sent online, then forward them on to the legitimate Web site without the detour being detected -- repeating the process indefinitely, Langer said.
Other tools include port-sweeping applications with colorful names like "Satan," Saint," and "Crack." These programs can pore through thousands of servers looking for security holes -- machines with specific services that can be exploited. Ironically, the security hole is often publicized by the manufacturer when it releases a security patch, Langer said. Once the program has found a server that has not installed the patch, the program alerts the perpetrator, who then moves in to exploit the weakness.
This points to the importance of carefully monitoring domain servers, and of installing manufacturers' security patches, whether the system administrator is a bookseller or a hospital IT administrator, he said.
System administrators can also play devil's advocate by running "Satan" and his ilk on their own systems to look for weaknesses and fix them.
Denial-of-service attacks often work by overloading a server with normal requests, or eliciting user queries that are never answered, thus leaving the server in limbo, Langer said. Multiple requests overload the server to the point where it can no longer respond to normal user requests, effectively disabling it. This method has been used successfully by political activists who consider it a legitimate form of protest.
Types of security schemes
Network-based security schemes include user authentication, authorization, and firewalls. Firewalls allow only messages from certain sources into a network. Most of them also produce detailed logs of incoming data, which make the data more difficult to intercept.
To avoid possible alteration, log programs should be designed to protect the integrity of data, and the data itself should be stored on safe media, such as optical disks.
"Any log that's writeable and rewriteable has got to be suspect." Langer said.
Systems can also be monitored to detect incoming information from unusual sources, in a process known as intrusion detection, or trip wiring.
While no system is impenetrable, there are several steps that can be taken to reduce the likelihood of a successful attack:
- Install network perimeter defenses, such as firewalls and switch networks.
- Remove unneeded network services from the host computer.
- Encrypt data and forbid users from adding unauthorized software.
- Wrap the remaining essential services to both restrict and log incoming traffic.
- Perform checks of all critical system files, store the results on safe media, and perform routine cross-checks with the live system.
"A practice can be ruined by taking down an entire PACS or RIS database, so no effort is too great to ensure the integrity of the systems," Langer said.
By Eric Barnes
AuntMinnie.com staff writer
September 19, 2000
Click here to view all active PACS Digital Community discussions
Copyright © 2000 AuntMinnie.com
