HomeForumsimplementationImplementation discussion

SSL securing Tomcat and OpenVPMS

Submitted by larsrikart on Sun, 03/03/2013 - 21:07
in

Is it possible to configure OpenVPMS to use ssl for having a more secure OpenVPMS installation?

Is this just a question of using Tomcat SSL instructions?

Are there a best practice for implementing security for the OpenVPMS deployments?

 

Lars

‹ Accredited OpenVPMS Service Providers How to access customer account type in reminder letter? ›

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: SSL securing Tomcat and OpenVPMS

Submitted by tanderson on Mon, 04/03/2013 - 16:43.

Yes; you just need to follow Tomcat's SSL instructions.

An alternative approach is to put it behind a VPN.

One thing to be aware of when making OpenVPMS publicly accessible is that it has no restrictions on password strength, nor a maximum no. of attempts to get a password incorrect before being blocked.

Until this is rectified, your best bet is to use a private network or a VPN solution.

-Tim

Re: SSL securing Tomcat and OpenVPMS

Submitted by tgething (not verified) on Mon, 04/03/2013 - 16:52.

Tim A - what is your attitude to 'put it behind the firewall and map the port so that external access is not to port 8080 but say 23481' ?

Regards, Tim G

Re: SSL securing Tomcat and OpenVPMS

Submitted by tanderson on Mon, 04/03/2013 - 19:44.

I suppose you still risk port scanners finding the port.
It would be fine if OpenVPMS rejected access after a few failed attempts, but then you wouldn't need to map the port in the first place.

-Tim

Re: SSL securing Tomcat and OpenVPMS

Submitted by bencharlton (not verified) on Wed, 06/03/2013 - 16:26.

The simple answer here is use either IP addressed based firewalling or mac based firewalling..

IE only clients with the correct IP/MAC get passed via the portmap through the firewall to the server.

 

I have 4 ports open through the firewall to allow my home, 2nd workplace and my holiday house access to the instance of openvpms....although i think i need to kill the holiday house access....

Mobile access has problems as most providers use dynamic Ip meaning u need to use MAC address. So you need a firewall that supports its. Alternative and this is risky u can map the entire IP range used by the service provider....but then u need good solid password and user security which in my opinion Open lacks...ie there are no password validation rules or password rotation. and you would definitely want to use SSL.

 

Re: SSL securing Tomcat and OpenVPMS

Submitted by tony on Wed, 06/03/2013 - 10:18.

Hi,

If you deploying a cloud version of OpenVPMS I would definitely use an IPSEC VPN to connect the practice network to the Cloud network and a PPTP or similar VPN to connect mobile/other devices.  This also allows you OpenVPMS server instance to see other network devices such as printers, pacs servers etc.  

Cheers Tony

Syndicate content