Re: [H] Security
I think step 1 is to evaluate your actual exposure. What are you seeing in terms of hits? Maybe add a notification email for each hit. Doesn't stop someone from seeing the info, but would at least let you know your actual exposure--or when you should consider changing things up. If a basic passcode (make it simple, just a PIN or a few characters, not a full username/password) is too onerous, which I'm not sure I think it is, then maybe you bake it into the URL itself as a subdomain/virtual host. Example: https://pin123.mymedical.info - the key would be to only render if the hostname matches. This would actually be pretty easily - e.g., TLS-only, SNI required (SNI support can now be considered ubiquitous), no fallback, preventing access just by IP address. -Original Message- From: Hardware [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Winterlight Sent: Thursday, November 21, 2019 1:51 PM To: Hardware Group Subject: [H] Security I own a domain and hosting account that is hung on Godaddy. I have a sub domain that has to do with personal medical information. I created it because I live alone and if something were to happen all necessary information is on that sub domain index web page. I don't use passwords or encryption for this page because if I am brought in the ER somebody needs to look at my dog tag and use the address to bring up my info. It is the KISS principle. I use a robots.txt file on both the main and sub domain to avoid searches, and the fact that somebody would have to know the sub domain address in-order to bring it up which is unlikely or that is my theory. I think we have some web developers in the collective so please give me your thoughts. There is always going to be a risk but is this good enough. Thanks w
Re: [H] Security
Then use an app on ur phone & make sure a significant other has access? I just don't think putting it on the web is a safe idea unless u encrypt / password it... Hope I'm helping here On November 21, 2019 4:21:34 PM CST, Winterlight wrote: >At 02:53 PM 11/21/2019, you wrote: >>I'd not use any personal info, > >you can't avoid that and you can't make a mystery out of it.. The >people that will look at it are RNs and administrators. The kind of >people who tell guys like us "I use computers every day at work" but >we know what they really mean. And they need numbers... insurance, >doctors, history, medication lots of stuff. How quickly they get the >info may determine the outcome. I have had the site up for over 10 >years without a problem but things have changed a lot in 10 years. I >am doing a six month update today and thought I should ask the >collective if the risk is greater then I know it to be, and maybe >somebody knows a better way to hide in the shadows. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: [H] Security
At 02:53 PM 11/21/2019, you wrote: I'd not use any personal info, you can't avoid that and you can't make a mystery out of it.. The people that will look at it are RNs and administrators. The kind of people who tell guys like us "I use computers every day at work" but we know what they really mean. And they need numbers... insurance, doctors, history, medication lots of stuff. How quickly they get the info may determine the outcome. I have had the site up for over 10 years without a problem but things have changed a lot in 10 years. I am doing a six month update today and thought I should ask the collective if the risk is greater then I know it to be, and maybe somebody knows a better way to hide in the shadows.
Re: [H] Security
I'd not use any personal info, just list ur medical diagnosis & allergies, meds(amount, how & when u take etc), & maybe "if u got to this site by reading ABC dogtag u r @ the right place." Where ABC r ur initials? On November 21, 2019 1:51:24 PM CST, Winterlight wrote: >I own a domain and hosting account that is hung on Godaddy. I have a >sub domain that has to do with personal medical information. I >created it because I live alone and if something were to happen all >necessary information is on that sub domain index web page. I don't >use passwords or encryption for this page because if I am brought in >the ER somebody needs to look at my dog tag and use the address to >bring up my info. It is the KISS principle. I use a robots.txt file >on both the main and sub domain to avoid searches, and the fact that >somebody would have to know the sub domain address in-order to bring >it up which is unlikely or that is my theory. I think we have >some web developers in the collective so please give me your >thoughts. There is always going to be a risk but is this good enough. >Thanks w -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: [H] Security
I gave that a lot of thought but I think that would just add confusion and slow things down or maybe the reader just doesn't bother or doesn't put it together or gets confused putting in a password or the site doesn't work. We are not talking about nerds like us. it has to be really really simple and accessible very very quickly .which it is. I appreciate the input Chris At 01:41 PM 11/21/2019, you wrote: Easy add a layer of security: Add a password to the site in case someone finds it accidentally. Add the password to your dog tag allowing those who have the dog tag to access the site. On Thu, Nov 21, 2019 at 2:51 PM Winterlight wrote: > I own a domain and hosting account that is hung on Godaddy. I have a > sub domain that has to do with personal medical information. I > created it because I live alone and if something were to happen all > necessary information is on that sub domain index web page. I don't > use passwords or encryption for this page because if I am brought in > the ER somebody needs to look at my dog tag and use the address to > bring up my info. It is the KISS principle. I use a robots.txt file > on both the main and sub domain to avoid searches, and the fact that > somebody would have to know the sub domain address in-order to bring > it up which is unlikely or that is my theory. I think we have > some web developers in the collective so please give me your > thoughts. There is always going to be a risk but is this good enough. > Thanks w > >
Re: [H] Security
Easy add a layer of security: Add a password to the site in case someone finds it accidentally. Add the password to your dog tag allowing those who have the dog tag to access the site. On Thu, Nov 21, 2019 at 2:51 PM Winterlight wrote: > I own a domain and hosting account that is hung on Godaddy. I have a > sub domain that has to do with personal medical information. I > created it because I live alone and if something were to happen all > necessary information is on that sub domain index web page. I don't > use passwords or encryption for this page because if I am brought in > the ER somebody needs to look at my dog tag and use the address to > bring up my info. It is the KISS principle. I use a robots.txt file > on both the main and sub domain to avoid searches, and the fact that > somebody would have to know the sub domain address in-order to bring > it up which is unlikely or that is my theory. I think we have > some web developers in the collective so please give me your > thoughts. There is always going to be a risk but is this good enough. > Thanks w > >
[H] Security
I own a domain and hosting account that is hung on Godaddy. I have a sub domain that has to do with personal medical information. I created it because I live alone and if something were to happen all necessary information is on that sub domain index web page. I don't use passwords or encryption for this page because if I am brought in the ER somebody needs to look at my dog tag and use the address to bring up my info. It is the KISS principle. I use a robots.txt file on both the main and sub domain to avoid searches, and the fact that somebody would have to know the sub domain address in-order to bring it up which is unlikely or that is my theory. I think we have some web developers in the collective so please give me your thoughts. There is always going to be a risk but is this good enough. Thanks w
Re: [H] Security question
Yes, as long as it's over SSL. On Wed, Mar 1, 2017 at 9:40 PM Winterlight wrote: > I am at a hotel. The only internet connection I have available to me > right now is the hotel wifi OPEN connection. I want to purchase a one > month VPN to make the open connection safe but I have to pay for the > VPN before I can use it. Once I am on the VPNs secure / locked web > page I can sign up and use a credit card and I am safe because the > page and the transaction is SSL encrypted ...right? Somebody might > be able to see I went to the page but they can't see my transaction? > > -- - Brian
[H] Security question
I am at a hotel. The only internet connection I have available to me right now is the hotel wifi OPEN connection. I want to purchase a one month VPN to make the open connection safe but I have to pay for the VPN before I can use it. Once I am on the VPNs secure / locked web page I can sign up and use a credit card and I am safe because the page and the transaction is SSL encrypted ...right? Somebody might be able to see I went to the page but they can't see my transaction?
Re: [H] security risk?
Well I'm guessing VLANs are what you need. With some routing rules allowing wireless VLAN only talk to the router gateway. With 2 routers you have the multi-subnet thing & rules to partition traffic. A good thread: http://www.experts-exchange.com/Networking/Q_21409942.html Winterlight wrote: I have one computer, besides my laptop, on my LAN, that is running 2kSP4, and connects to my Workgroup from a WAP. I am using all available security = private SSID, non broadcast, MAC address, WPA with AES encryption, everything is fully patched. I only turn the WAP on when I have a need for it. Question One On occasion it would be nice if I could access my primary workstation, which contains my confidential data, from that wireless machine, or my laptop when needed. So I thought I would just use the built in Windows remote access to work on the XP Workstation from the 2k Desktop. I realize that the chance of any exposure is very remote, but, just out of curiosity, would I be better off, security wise, with third party software like PCAnywhere? Question Two I am using a new Belkin Wireless router I have the wireless turned off on the router because I have a Belkin WAP plugged into it, that is mounted in a better location, and that I use for Wireless Access. Is there someway I can set the WAP up so that it provides Internet access thought the gateway, but never sees my Workgroup? Is there a way to set things up so that the router and the WAP are both transmitting, but the WAP doesn't even see my Workgroup but the router does? thanks
[H] security risk?
I have one computer, besides my laptop, on my LAN, that is running 2kSP4, and connects to my Workgroup from a WAP. I am using all available security = private SSID, non broadcast, MAC address, WPA with AES encryption, everything is fully patched. I only turn the WAP on when I have a need for it. Question One On occasion it would be nice if I could access my primary workstation, which contains my confidential data, from that wireless machine, or my laptop when needed. So I thought I would just use the built in Windows remote access to work on the XP Workstation from the 2k Desktop. I realize that the chance of any exposure is very remote, but, just out of curiosity, would I be better off, security wise, with third party software like PCAnywhere? Question Two I am using a new Belkin Wireless router I have the wireless turned off on the router because I have a Belkin WAP plugged into it, that is mounted in a better location, and that I use for Wireless Access. Is there someway I can set the WAP up so that it provides Internet access thought the gateway, but never sees my Workgroup? Is there a way to set things up so that the router and the WAP are both transmitting, but the WAP doesn't even see my Workgroup but the router does? thanks