安全计算环境现状问题分析

入侵防范-医院信息系统

医院网络中存在许多系统，其中较为重要的比如HIS（包含管理信息系统、临床医疗信息系统、医院信息系统高级应用）、pacs、lis、ICU、OA等各个系统的连接对象以及使用对象之间可能存在双向连接，因此极容易成为病毒和非法入侵者的首选对象。
安全计算环境现状问题分析目前大多数医院的信息系统如图 3.3所示，数据流经过边界安全之后，便可以和信息系统进行交互，我认为存在以下几点隐患：

1 信息系统搭载的平台一般都是Windows server 服务器，Windows server 相对于Linux系统的服务器而言存在较大的漏洞以及不稳定性。
2 信息系统操作不明，无法通过外部的安全设备阻止内部人员的恶意操作、蓄意网络攻击、滥用资源和泄露医疗信息等行为。
3数据安全问题，由于医院信息庞大，在对医疗信息进行操作时可能会出现误删的情况，而存储数据时可能存在丢失和被篡改的分险，数据防护力度不够强，对于数据的有效提取以及利用存在提升空间。
4 门户网站缺乏相应的安全防护，尤其是网页篡改和挂马等。
5信息系统的服务器操作系统采用默认安装配置，没有进行加固与配置，操作系统没有进行补丁升级与管理，普遍存在严重的系统漏洞。
6服务器边界缺乏访问控制，外网与医院内网之间缺乏访问控制。
7所有设备与主机没有开启进行日志审计功能，管理维护人员没有进行安全管理审计。
8 由于服务器的运维众多，无法统一分权限管理，并对第三方的运维无法审计；
9 重要服务器和网络设备，缺乏统一的监控管理。
10 当有攻击事件发生时，需要及时了解攻击发生的过程以及事后的溯源分析，追查攻击。

数据备份恢复-医院信息系统

灾备防护可以说是数据防护的最后一条策略，医院在信息化方面发展伴随着一条条数据的存储和调用，所以数据备份是医院网络安全的重点，也可以说网络安全产业的存在就是为了保护数据。数据备份是医院网络系统出现在南后及时进行补救和恢复的主要途径，也是最后一条道路。存储就意味着需要采购大批存储设备，但是信息的产生每分每秒，存储区域的大小确实固定的。医院在数据备份人员结合数据文件的信息登记来备份上传工作，但是并非所有的数据都需要备份，而是更具数据存储的时间以及数据的存储等级进行存储并对重要数据进行加密。所以某市第二人民医院数据备份中产生了某些数据是否值得被存储以及数据存储的时效性问题。

Analysis of current situation of secure computing environment

Intrusion prevention-hospital information system

There are many systems in the hospital network, among which the more important ones such as HIS (including management information system, clinical medical information system, advanced application of hospital information system), pacs, lis, ICU, OA and other systems may be connected and used between objects There is a two-way connection, so it is easy to become the first choice for viruses and illegal intruders.

![Insert picture description here] (https://img-blog.csdnimg.cn/20200714094714407.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dX_M3A, M3A0 The information system of most hospitals is shown in Figure 3.3. After the data flow passes the boundary security, it can interact with the information system. I think there are the following hidden dangers:

-1 The platforms carried by information systems are generally Windows server servers. Windows servers have relatively large vulnerabilities and instabilities compared to Linux system servers.

-2 The operation of the information system is unclear, and it is impossible to prevent malicious operations, deliberate network attacks, misuse of resources, and leakage of medical information by insiders through external security equipment.

-3 Data security issues, due to the huge amount of hospital information, there may be accidental deletion when operating on medical information, and there may be a risk of loss and tampering when storing data, data protection is not strong enough, and it is effective for data Extraction and use of existing room for improvement.

-4 The portal website lacks corresponding security protection, especially the webpage tampering and hanging horse.

-The server operating system of the 5 information system adopts the default installation configuration, without hardening and configuration, the operating system is not subject to patch upgrade and management, and there are generally serious system vulnerabilities.

-6 lack of access control at the server boundary, and lack of access control between the external network and the hospital intranet.

-7 All devices and hosts are not enabled for log auditing, and management and maintenance personnel have not conducted security management audits.

-8 Due to the large number of operation and maintenance of the server, it is impossible to uniformly manage the authority, and the operation and maintenance of the third party cannot be audited;

-9 Important servers and network equipment lack unified monitoring and management.

-10 When an attack occurs, it is necessary to understand the process of the attack and the traceability analysis afterwards to track the attack.

Data backup and recovery-hospital information system

Disaster recovery can be said to be the last strategy of data protection. The development of information in hospitals is accompanied by the storage and call of data. Therefore, data backup is the focus of hospital network security. It can also be said that the existence of the network security industry is to protect data. Data backup is the main way for the hospital network system to be remedied and restored in time after it appeared in the south, and it is also the last way. Storage means purchasing a large number of storage devices, but the size of the storage area is indeed fixed every minute and second. The data backup staff in the hospital combines the information registration of the data file to backup and upload work, but not all data needs to be backed up, but the time and data storage level of data storage are stored and important data is encrypted. Therefore, the data backup of the Second People’s Hospital of a certain city raises the question of whether certain data is worth storing and the timeliness of data storage.