With POODLE being in the news recently, I decided it would be a good idea to look at my overall SSL configuration while closing the door to this issue. What better way to do that than by arbitrarily assigning a letter grade to my servers with the Qualys SSL Labs tool.
Looking at an Apache Tomcat 8 server I started with a C letter grade. Vulnerable to POODLE and Forward Secrecy not supported. Continue reading Tomcat SSL Tips
Digital storage of electronic protected health information is a treacherous path for a small company to walk. The health insurance portability and accountability act enforces a number of requirements on the security controls required for the storage of such sensitive data. Unfortunately, the language used in not crystal clear, and I have been able to find no description of actual technical systems used to comply with these controls.
These controls are required in order to ensure the confidentiality, integrity, and availability of all electronic protected health information [that a] covered entity creates, receives, maintains, or transmits 45 CFR § 164.306(a)(1).
I will outline these requirements here. In a future post I will explain the technical systems I propose implementing in order to comply with these requirements in a low-cost manner. Continue reading ePHI Storage Compliance
Earlier this week content distribution provider CloudFlare announced that they would be providing free SSL certificates for all of their accounts, both paid and free. Continue reading Free SSL Certs for Everyone