Pugh-Killeen Logo

UNIX-Linux Security and HIPPA Requirements

Home | Contact Us

Description

The Health Insurance Portability and Accountability Act (HIPAA) requires security and privacy of medical records. The security requirements involve the computer systems used to maintain electronic medical records. Many organizations use Unix or Linux as their operating system. This course covers security facets of these operating systems and how these facets correspond to the HIPAA requirements. It also includes background information on topics such as encryption and networks. (3 days)

Who Should Attend

Unix/Linux system administrators, security personal, security managers, network managers

Prerequisites

  • Experience with using a Unix / Linux system
  • Knowledge of basic system administrator tasks

Objectives

By the end of the course you will be able to:

  • Understand the security aspects of a Unix / Linux system
  • Explore the processes for managing security
  • Examine ways to improve security
  • Appreciate the security threats to a system

Outline

  • Security Concerns
    • Authentication
    • Access control
    • Privacy
    • Data integrity
    • Availability
  • Authentication
    • Passwords
    • Kerberos
    • Digital certificates
  • Access Control
    • Access permissions
    • User-based
    • Role-based
    • Access control lists
  • Encryption
    • Message authenticity checks (MAC) (e.g. MD5)
    • Symmetric keys
    • Asymmetric keys
    • Public Key Infrastructure (PKI)
    • DES, RSA, PGP
  • Network topologies
    • Firewalls
    • Proxies
    • Routers
  • Network security
    • Trusted hosts
    • Configuring Internet services (e.g. TCP Wrappers)
    • Monitors and packet sniffers
    • Network layer - IPSec
    • Transport layer - SSL
  • Remote access control
    • Remote Access Dial-In User System (RADIUS)
    • Terminal Access Control Access System (TACACS )
  • Audit and Accounting Trails
    • Setting up audit logs
    • What to audit
    • Log analysis
  • System backup and disaster recovery
    • Data backup
    • Data recovery
  • Security considerations and common problems
    • Configuration
    • Working as root
    • Virus checking
    • Secure shell (SSH)
  • Security tools
    • Password cracking (e.g. Crack)
    • File system auditing (e.g. Tripwire)
    • Monitoring traffic (e.g. Tcpdump)
    • Network analysis (e.g. SATAN)
    • Security leaks (e.g. COPS)
  • Intrusion detection & security incidents
    • Types of attacks
    • Analysis
  • Security policy
    • Who is allowed to access system
    • System monitoring methods
    • Response to suspected security breaches
    • Certification process

Copyright (c) 1996-2007 Pugh-Killeen Associates

Home Services Solutions Classes Resources About Us Contact Us Legal