- By Jesse Erdmann

This month, Jesse Erdmann, Certified Information Systems Security Professional (CISSP), explains how to segregate services for internal versus external usage, as well as approved HIE to HIE communication versus public dissemination of information.

Security systems, like castles of yore, are designed in concentric circles of protection. Each ring should be more restrictive as to whom is allowed access and more difficult for attackers to bypass. On the outermost ring, everyone is allowed as long as they don’t misbehave and there are some general controls as to what the milling masses have access to. In our castle example, people from outside of the castle are allowed in to visit shops and trade services, but the guards generally frown on people fiddling with the lock to the stores or treasury. In a network security scenario, the same principles are applied in such a way that anyone can access a web server via the standard web protocol, but they cannot access the administrative protocol. Users that display certain poor behavior, port scanning, password guessing, etc can be sanctioned as appropriate.

In the next ring, privileged users are granted access to a few more services, but have a few more hurdles to clear. Merchants and other select persons have their housing and stores within the next ring of the castle. In the network, users from specific addresses on machines that provide an acceptable digital signature are allowed read only access to restricted data sets. For instance, an organization might select reportable, de-identified data for the CDC from their master database and publish it to a restricted, smaller database outside of their core infrastructure. When a machine from the approved CDC address range that provides digital credentials matching the appropriate certificate from the CDC it is allowed to query the restricted database for the de-identified case information. Likewise in an HIE to HIE setting, specific machines from HIEs that have established business agreements could access whatever information has
been approved for exchange without allowing those business partners access to the innermost core network infrastructure.

Finally, only the most privileged users are allowed access to core infrastructure. To conclude the castle example, only the king, his family, personal guests and personal guard are allowed access to the throne room. In the network example, machines access core infrastructure can be required to have physical access to the local network, a non-internet routable address, provide appropriate credentials and require the user of the machine to provide their own personal credentials. None of these requirements on their own is enough to grant access, but all of these factors combined can provide a high enough level of certainty to allow access. Depending on the needs of the organization, different users can be granted access as appropriate for their role.

It is important to keep in mind when designing a security system that traditional security methodologies are not all that different from modern digital security methodologies even though the details of implementing the methodologies are drastically different. Prized assets should be positioned nearest to the center of the security infrastructure with the most layers of controls and the fewest people with access. As assets become less valuable and need to have greater access the controls can be peeled back. Also, never lose sight of the fact that a network’s digital security is only as strong as its weakest point, including physical security. An attacker with physical access can, with time, bypass practically any software controls put in their way.