• Do you struggle with monitoring your environment to ensure HIPAA compliance?
  • Do you have an authorized policy to compare PCs and Servers against, and if so, is it an efficient process?
  • Can you quickly identify the impact of business services or applications when they don’t function properly?
  • How soon would you know an application or service isn’t working correctly?
  • Would you know if a user on an unauthorized computer was accessing your systems?
  • How long would it take to realize a computer configuration was changed thereby creating a policy breach?
  • Can you identify which systems a change might adversely affect?

Most businesses think they’ve already mitigated such problems as those above. However, one should realize that change is necessary in every IT infrastructure for one reason or another, but with changes come problems, and identifying or recognizing the problems exist presents an entirely new challenge. Consequently, managing those changes can become overwhelming in large environments and organizations struggle to remain compliant with the increasing complexities of network infrastructures. Thus, ConfigureTek, Inc. is taking a leading step forward to ease the burdens of information systems security compliance with HIPAA by introducing a better solution.

A Highly Useful Custom Tool

Universal Configuration Management Database (UCMDB) solutions provide a very powerful tool known as the Topology Query Language (TQL) that enables administrators to build models and query the entire infrastructure for any type of information one needs. Just as an example, the following three sections illustrate how to use UCMDB and TQL to identify non-compliant issues for huge enterprise networks consisting of even 1000s of devices.

QUERY AND VIEW ALL NODES WITH MODEMS INSTALLED

Dial-up phone connections are not secure and cannot be easily monitored. They bypass network security, firewalls, content filtering programs, and other security measures. Consequently, all healthcare related businesses are encouraged to mitigate this risk by removing modems from any PC or server.

Using UCMDB you can create a view that enables system administrators to quickly identify any system that has a modem connected anywhere on the network in minutes.

IDENTIFY ACTIVE DEFAULT USER ACCOUNTS AND RENAME ADMINISTRATOR ACCOUNTS

Microsoft has been fairly good about providing “hot fixes”, “patches” updates and “Service Packs” to plug discovered holes in web server security, and un-patched web server is not only subject to be attacked and compromised, but can also be used to attack other servers as well. Therefore, organizations can greatly enhance security just by ensuring servers and PCs are not using default accounts and others (i.e. guest) are disabled.

Once again, UCMDB provides the functionality to query 1000s of systems at once and provide a report of every computer violating such a policy. Additionally, it just so happens this IS a requirement for HIPAA compliance.

DISABLE UNUSED WINDOWS SERVICES

Similar to default user accounts, many times the services on a Windows-based server can introduce another potential vulnerability that could allow one to gain unauthorized access to an organization’s system(s).

Using the reporting features of UCMDB enables administrators to quickly elicit a comprehensive list of all services on any node that are NOT currently in use. Granted, some services do not always remain active. However, this provides a quick way to identify those that shouldn’t even be enabled. Again, this is yet another requirement for HIPAA compliance and implementing all three of these queries and reports takes only a few minutes.

Implementing Baseline Policies

Another valuable analysis tool is Configuration Manager (CM) that provides the ability to define baseline policies by identifying one or more systems compliant with an organization’s standard configuration. Then when any system changes CM recognizes the change(s) and generates a policy breach alert. However, in some cases, the breach may be intentional such as an OS upgrade, but the administrator can authorize the change thereby making it part of the authorized baseline policy.

When an unauthorized change occurs CM will generate alerts so the Service Desk can address such issues. Now, take for example a user that installs a new piece of software the company does not know about. Without CM this software may go undetected for days, weeks, months, or forever. Furthermore, because large networks consist of dozens or even hundreds of systems, the risk of such occurrences increases significantly. With CM, the administrator will receive a notification almost immediately and the issue can be resolved right away.

Impact Analysis

The Universal Configuration Management Database (UCMDB) product also enables one to define impact analysis rules. Using these rules an administrator can quickly elicit the information to identify the problems that are really symptoms and what is the root cause thereby eliminating any guesswork. This significantly reduces downtime and allows the Service Desk to escalate incidents in a timely manner to those capable of resolving the problem and eliminates a large portion of the duplicated efforts that occur with such systems in place.

Conclusion

Without a product such as UCMDB administrators could easily spend days, weeks, or months collecting the same information this article presents. With UCMDB the Nodes with Modems, Default  User Accounts or Not Renamed Administrators Accounts, and Not Disabled Windows Services reports can be done in 10 minutes, and the other features implemented basically within a day at most. Thus, anyone should easily concur and recognize the usefulness and move to implement these solutions mentioned above now.