Archives
-
► 2013 (8)
- ► February (3)
- ► April (2)
- ► May (3)
-
► 2012 (35)
- ► February (2)
- ► March (4)
- ► April (1)
- ► May (2)
- ► June (5)
- ► July (4)
- ► August (6)
- ► September (2)
- ► October (2)
- ► November (4)
- ► December (3)
-
► 2011 (157)
-
► January (20)
- • Green architecture: Sustainability and IT architecture
- • The HL7 Toolkit
- • Friday - link-day #30 - Ebooks, the world, photography, quake and CG
- • Soft Season
- • Friday - link-day #29 - Security, Study, Dark Surreal Art, Celebrities and bicycle pumps
- • Emotions of a project leader during a project
- • Emotions of an architect during a project
- • What if everything is a dream?
- • Site problems due a (probable) bug in ISAPI_Rewrite 3 revision 0079
- • 3 good pratices for your Joomla site
- • Friday - link-day #28 - Anonimity, rocking, macro photography, open source, science
- • Emotions of a developer during a project
- • HL7 and security
- • Where to begin if you want to start with HL7 in C# or Java
- • Understanding the HL7 piped message
- • How to proof that QA saves money
- • Friday - link-day #27 - Computer generated images, handwriting, PDF, photography and philosophy
- • Interesting facts on common things
- • Romans 4: Where do we go wrong?
- • Happy 2011
-
► February (16)
- • Introducing 0na as a contributor
- • The Beatles perform Smack My Bitch Up
- • Friday - link-day #34 - Happiness, usability, pink princesses, security, photography
- • A classic: Write in C
- • Privacy: I've got nothing to hide
- • Friday - link-day #33 - Unittests, roads, introverts, hack free and photography
- • Green architecture: Social
- • Thoughts on Paradise and the Fall of Man
- • Friday - link-day #32 - Photography, Sounds, Documentary, Programming and Vampires!
- • Removing images using PdfSharp
- • The Art of Intrusion - A review
- • Friday - link-day #31 - Old PC, Lost, Boardgames, Ghosts and DocX
- • Making a threatmodel, part 4: Applying STRIDE and priority
- • Making a threatmodel, part 3: Used technologies
- • Making a threatmodel, part 2: Data Flow Diagram
- • Making a threatmodel, part 1: Business usecases
-
► March (14)
- • Privacy, security and smart phones
- • Privacy, security and the cloud
- • Threatmodels - A video on smartphones
- • Friday - link-day #38 - Life-enhancement, barcode, Atlantis, underwater, nowhere
- • Development and the time to market of software
- • Suckerpunch is almost released
- • Friday - link-day #37 - Linux, meaning, meta testing, home library and vampires
- • Green architecture: Environment
- • Why do soft-skills training matter
- • Why nHapi sometimes parses a message as a generic message
- • Friday - link-day #36 - Philosophy, Art, Concept, Hypocrite or Delusional, Sustainable Computing
- • The results of a pentest
- • Friday - link-day #35 - Badasses, digital art, photography, cows and ideology and assembly
- • The psychology of rites of passage
-
► April (13)
- • We need your input!
- • Friday - link-day #43 - Photography, Browsers, Hacking and Reading
- • Lyrics for this Easter morning
- • How to reset you Kindle 3, even if the slide doesn't work
- • Inside the Kindle 3 (Latest Generation)
- • Friday - link-day #42 - The Geek Edition
- • Friday - link-day #41 - Fork, Berlin, Life, Girls and Microexpressions
- • No need for bashing Microsoft anymore
- • XSS so what
- • Friday - link-day #40 - Pascal, photography, fan films and fear
- • Friday - link-day #39 - War, Creationism, Geek behaviour, photography and Garbage
- • John 8: 1-11 - Punishment and second chances
- • Evangelisation: show your believe through choice
-
► May (15)
- • Joomla RSS Feed stats in Piwik
- • Really cool: Running Linux in your browser
- • Romans 12 - Part 3
- • Romans 12 - Part 2
- • Romans 12 - Our daily lives (part 1)
- • Friday - link-day #47 - Worlds, History, Compilers, Drugs and Intelligence and Personality
- • Development processes and quality code
- • Friday - link-day #46 - Abandoned, Curiosity, Hackers, PirateBox and Apocalyptic
- • Friday - link-day #45 - Luck, Illustrations, Body Language, TrueCrypt, Open Wireless
- • Read SIU messages using nHapi
- • Religion and Crisis: Recognizing and dealing with guilt
- • Friday - link-day #44 - Photography, Werewolves, Bookshelves, Trolls and The Future
- • On tolerance and ignorance
- • Green architecture: Economic
- • Scale a PDF using PdfSharp
-
► June (16)
- • Coffee
- • Green architecture: How green is your internet?
- • Friday - link-day #51 - HDR Images, Monastery, Too clean, Hacking and Photography
- • Use a GPU to crack pasword hashes fast
- • Using SSL over TCP as client and server with C#
- • Friday - link-day #50 - Multitouch, Comic Sans, Sons, Woman, Mugshots and Games
- • How to help open source without coding
- • Really cool: Play Doom in your browser
- • Romans 12 - Part 7
- • Friday - link-day #49 - Books, .Net, Drawings, Technology and Faith
- • Romans 12 - Part 6
- • Romans 12 - Part 5
- • Romans 12 - Part 4
- • Friday - link-day #48 - Photography, Bookcases, Scrum, Illustrations and PDF's
- • Musings on afterlife
- • MonoDevelop
-
► July (17)
- • Wisdom
- • NHapi documentation files
- • Types of rituals
- • The process of a ritual
- • Friday - link-day #56 - Hapiness, Linux, Truth, Worldviews and OS
- • Romans 12 - Part 12
- • Romans 12 - Part 11
- • Friday - link-day #55 - Retro WTF, Blank, disney, Hackers and Beach Art
- • Romans 12 - Part 10
- • Services and protocols aren't the same
- • The paradox of choice
- • Romans 12 - Part 9
- • Friday - link-day #54 - Love, E, MetaData, SLR and Apple
- • Friday - link-day #53 - Shadows, Google, Safety, IPhones and Church
- • Friday - link-day #52 - Computer science, Super Heros, Animation, Rock Paper and Scissors and Blue
- • Romans 12 - Part 8
- • Why modern IDE's aren't the best tools to learn coding
-
► August (10)
- • How to parse the HL7 DateTime with nHapi
- • Friday - link-day #60 - Surreal, Kinect and Blender, IBM, Organ and Mail
- • The Tetris effect
- • Friday - link-day #59 - Thanks, Photo's, Color, DOS and Openness
- • Friday - link-day #58 - Ebooks, Six, Fan Films, Cats and the Moon
- • Getting data from a HL7 ORU_R01 message
- • Using a client certificate with an SSL stream in C#
- • Physical object and rituals
- • Friday - link-day #57 - Disgruntled bomb, Architecture, Belief, Geek behaviour and Simpsons
- • Romans 12 - Part 13
-
► September (9)
- • Friday - link-day #65 - Airplanes, Passwords, Self-Esteem, Code and Girls
- • HL7 event grouping in version 2.4 (nHapi)
- • Friday - link-day #64 - Movies, Faces, Startup times, Resume and Happiness
- • 10 Programming lessons I learned in my 12 years in IT
- • Friday - link-day #63 - God, Art, Keyboard, Faces and Kermit
- • Friday - link-day #62 - Http status, Open PC, Photography, Movies, Illustrations
- • Friday - link-day #61 - Archimedes, Honeypot, Creativity, Elephants and Hackers
- • Social engineering: The wolf and the seven little goats.
- • On why we shouldn't use the term web service.
-
► October (8)
- • Friday - link-day #69 - Ghosts, Words, Linux, Fantasy and Lazarus
- • Ezekiel: The Pulp Fiction Verse
- • Friday - link-day #68 - Reflections, Linux, Spelling, Friends and X.509
- • Ezekiel 37
- • Friday - link-day #67 - Portraits, Gossip, Cool pictures, Design patterns and Privacy
- • Is it HTTP response splitting
- • Choices and age
- • Friday - link-day #66 - Animal, Guitarists, Locks, Pixels and Fridge
-
► November (10)
- • Ayn Rand and lotteries
- • Friday - link-day #73 - Passwords, Intelligence, Rain, Photography and Scared people
- • Friday - link-day #72 - Gifs, Movie descriptions, Symmetry, Architecture and Mario
- • The Great Dictator
- • A social network with respect for privacy
- • Snowwhite the trailer
- • Friday - link-day #71 - Life, Images, Tetris, Witches and Beacon
- • Security in IT-projects: The Story of the Three Little Pigs
- • Friday - link-day #70 - Bios, Future, God, 1% and Security
- • The Hl7 Implementation Support Guide
-
► December (9)
- • Almost Christmas: consumerism
- • Friday - link-day #78 - Colors, Mythical, Girls, Smurf and Pictures
- • Friday - link-day #77 - Searching, Microsoft, Music, Hacking and Volcanoes
- • Friday - link-day #76 - st. Nicolas, IE, Disney, Grandmother and Games
- • Best of 2011
- • Santa
- • Friday - link-day #75 - Photography, Forgiveness, Games, Colors and Computer science
- • YaCy: P2P search engine
- • Friday - link-day #74 - Creationism, Memmories, Bossie award, Easter and Contrast
-
► January (20)
-
► 2010 (174)
-
► January (11)
- • Forgiveness: the cost of forgiving
- • Security rule #7: Dont't let the ends outweigh the means
- • Security rule #6: Help users protect themselves
- • Security rule #5: Security starts at business level
- • Security rule #4: Try to use standard solutions
- • Security rule #3: It's all about data and risk
- • Security rule #2: You can't outsmart an attacker
- • Security rule #1: Don't trust data
- • Unbelievable: biblical text on weapons
- • Security: session management the right way
- • 20 wise programming lessons
- ► February (6)
-
► March (18)
- • How to define a good service interface
- • Changing imperonation user at runtime
- • Coding fun: statistical problem
- • Easter and new years resolutions
- • Easter eggs and security
- • .Net and Oracle webservices
- • Why use MQ instead of webservices in webinterface backoffice communication
- • In basis all religions are the same. Is that true?
- • The security dilemma revisited.
- • How to create an application supporting multiple HL7 version using nHapi
- • Really cool: run java on .Net with IKVM
- • Pay it forward
- • How do you see other religions
- • The Baseballs make really bad songs sound really good
- • Comics and theology
- • On why christians should vote left-wing
- • Thinking like a hacker
- • Flyleaf
-
► April (22)
- • nHapi example
- • The new OWASP Top 10
- • The theology of Caprica
- • Perron11.nl a site using the MVC framework
- • HL7 version 2.3 problem with too many Patient ID's
- • Single sign on with openid
- • Security isn't all about defending
- • Movie: Son Of Man
- • A song for Easter: Thief
- • Slovo - Nommo
- • How to build quality appllications: learn from UNIX
- • REST and SOAP: what and when
- • Do all religions essentially come down to the same thing (part II)
- • Design changes
- • The beginning of prayer is silence
- • Security is a quality attribute
- • Good Friday - Lacrimosa
- • Integrating webapplications and sites
- • Leadership style: behavior versus result
- • Bypassing the .Net ValidateRequest filter
- • The value of good documentation
- • Software architecture and new technology
-
► May (14)
- • New phishing attack
- • German court convicts someone for having a wireless network without a password
- • HL7 escape characters and nHapi
- • The theology of Sophie Scholl: Die letzten tage
- • IBM MQ Reason codes
- • Two extension methods
- • Nostalgia: my first password cracker
- • Wifi with Mandriva 2010.0
- • Are Christians allowed to be rich?
- • Measuring code quality
- • Estimation and politics
- • This code should be removed
- • Legal and free music with Jamendo
- • God exists Quietly
-
► June (12)
- • VS2008 project using private unittests don't build with TFS2010
- • Blenders open movie projects
- • Java forever - the movie trailer
- • Persistent messages with IBM MQ
- • Gnoosic helps you find new bands
- • Back from the Holy Land
- • Judging doesn't have to be negative
- • Less posts due vacation
- • The need for postmodern thinking in software development
- • Robtex - internet swiss army knife
- • Listen to your user... Or not?
- • Jars of Clay - Flood
-
► July (14)
- • SDL: Threat Modeling tool vs. Threat Analysis tool
- • Friday - link-day #4 - GUID in debate, philosophy problems, types of believe, code quality, rainbowtables
- • Confessions on life, death and God
- • Hole 196: WPA2 security vulnerability
- • Friday - link-day #3 - UI based scripting, view states, caffeine, blow dryers and money for bugs
- • New review process for Firefox Addons
- • Friday - link-day #2 - Cloud security, quick coding, atheism and photography
- • Remembering strong passwords
- • Downtime
- • Should unit tests use a database connection to test stored procedures?
- • Friday - link-day #1
- • How secure is your password really?
- • Psalm - hope in dark times
- • Grooveshark - Online free music
-
► August (13)
- • Microsoft puts SDL under a Creative Common license
- • Social Steganography: A different way of privacy control
- • Creating Hl7 ORU_R01 messages with NHapi
- • Friday - link-day #8 - open source, photography, playing Doom, thinking about God, security and usability
- • Why use the fire and forget pattern?
- • Are woman better at social engineering?
- • How to show possibilities in AutoCompleteExtender without user input
- • Friday - link-day #7 - view states, nature photography, classical music, NTLM and religion and kids
- • Why do people work on open source?
- • Friday - link-day #6 - battleground God, negative thoughts, photography, jokes and one time passwords
- • How to render SSL useless
- • Required password change policy - still a good idea?
- • Friday - link-day #5 - comic, executable packer, e-books, security, ice-cream
-
► September (24)
- • Staring at the sun - a must read for pastors
- • TFS2010: Hotfix for error TF270015
- • Problems with comments
- • Evolution vs. Creationism is a non-discussion
- • Elevation of Privilege: The Card Game
- • The tenth of october 2010: 42-day
- • What is coaching? The difference between coaching and mentoring.
- • Friday - link-day #12 - Parable, Bed and society, before death, penguin dieting and a game
- • Microsoft free e-book for moving to VS2010
- • Architecture and coaching
- • This is overreacting to a field trip to a mosque
- • Social-engineering report from DEFON 18
- • New site for Slot and Partners
- • The pratical use of a Sequence Diagram
- • Friday - link-day #11 - viruses, Linux, security and DOS, photography, makeup and face-detection and sacred text
- • Own your space - a security book for teens
- • Are woman better at social engineering? Revisited.
- • Friday - link-day #10 - hitchhiker's guide, online tools, academics and games, reading and forgiveness
- • Crowd-sourced Radiohead live DVD
- • Microsoft released Enhanced Mitigation Experience Toolkit v2.0
- • CLASP and SDL compared
- • Red heifer, the Good Samaritan and morals
- • OWASP CLASP and Secure Coding Practices
- • Friday - link-day #9 - Linux gaming, keyloggers, secure filemount, Microsoft loves open source and science and a Stradivarius
-
► October (11)
- • Friday - link-day #17 - Trust, security, music and learning, documentation and social experiments
- • Open source threat modelling tools
- • How to verify the security of your application: the OWASP standard
- • Friday - link-day #16 - distributed, programming, SSID in hiding, movies and scores
- • Downtime
- • Friday - link-day #15 - exploits, great developers, movie and smartness
- • Usb-drive as a threath for security
- • Correct and usefull error messages - one of the hardest things in software development.
- • Friday - link-day #14 - Games, open source, Linux, programs and idleness
- • Friday - link-day #13 - lockpicking, beep, Sartre, peanuts, photography and biometrics
- • Happy 42-day!
-
► November (11)
- • Is Atheism purely rational?
- • Bacterial based storage: store your data on E-coli
- • Diaspora open to invitees
- • Friday - link-day #21 - Linux and domination, security verification, steampunk girls, autumn and liars
- • Abuse, Violence, Gender and Submission
- • Linux will soon become much faster
- • Friday - link-day #20 - Mono, lockpicking, sanity, portraits and penguin diet
- • Power - the way to deal with it
- • Friday - link-day #19 - processes, Ubuntu and Windows 7, Photography, love your Pastor and passwords
- • Friday - link-day #18 - Skills, Linux and Microsoft, OO, Strangers and being from Mars
- • Content Security Policy - A new countermeassure against XSS and CSRF
-
► December (18)
- • Calvin and Hobbes on parenting
- • Coaching: Choosing the right test
- • What is HL7 and nHapi?
- • Broke 1000 unique visitors
- • A movie for Christmas: Eternal Sunshine of the Spotless Mind
- • Suckerpunch
- • Our Daily Bread
- • Friday - link-day #26 - Problems, sound sculptures, zombies, numbers and therapy
- • Friday - link-day #25 - Conformism, musicscores, programmers, domination, photography
- • Best of 2010
- • Evangelism on Internet, part 3: What's next?
- • Friday - link-day #24 - Hacking, photography, pac-man, myths and doubters
- • Evangelism on Internet, part 2: How?
- • Evangelism on Internet, part 1: Why?
- • Friday - link-day #23 - Design, Word format, Sound recordings, Photography, Theoretical museum
- • IE's protected mode broken
- • Dealing with the insider threat
- • Friday - link-day #22 - Steampunk, Coin tosses, Tetris and flashbacks, Vulnerable Linux and Photography and the Law
-
► January (11)
-
► 2009 (12)
- ► November (8)
- ► December (4)
Which topics would you like us to cover more?
Latest comments
-
Save attachments from Oulook t...
Great information
By Dennis -
Social engineering from India
Hm. I am in the U.S but never heard of scams origi...
By Indian -
Social engineering from India
Hi! Ok, so some nuance is in order, I guess. The g...
By Bas -
Social engineering from India
Hi, Interesting.. I am from India and in IT domain...
By Indian -
How to reset you Kindle 3, eve...
Hi Mai, Did you try to connect the kindle to a PC?...
By Bas -
How to reset you Kindle 3, eve...
Hey, guys. I know this topic is a bit old already ...
By Mai -
How to reset you Kindle 3, eve...
Hi Desiree, The back cover comes off. There are mu...
By Bas -
How to reset you Kindle 3, eve...
How to I take the back off? I really need my kindl...
By desiree
Home 
Architecture, security and coding HL7 and security
Architecture, security and coding HL7 and security
| HL7 and security |
| Written by Division by Zero |
| Tuesday, 18 January 2011 14:25 |
|
HL7 transports a lot of (privacy) sensitive data. As a security minded person, this is a real issue. Most of the data transmits on a corporate network, but the basis of HL7 with MLLP is a plain text protocol. Anyone can sniff the data and get sensitive information. Luckily I’m not the only one thinking about these security issues. The organization behind HL7 offers guidance on how to identify and solve security problems. They are using the Risk Management Lifecycle to do this. I hope that any organization is aware of these issues and draw up some plans to mitigate any security issue they possibly can identify. Besides the process of identifying security issues, there is not a lot of explanation on how to solve these issues on a technical level. There are multiple ways to deal with security in communication. Two good ways are offered. The first one is to use SSL to encrypt communication between applications. This way it will be harder to sniff the HL7 network traffic. Besides making it harder to steal information, unauthorized communication must be addressed. Some form of authentication and authorization should be applied on the HL7 services. One way to implement this is using EDI (Electronic Data Interchange). Here are some resources on helping you to identify security risks:
This document will help you with technical implications of the identified risks: Related Articles
|
Beware of bugs in the above code; I have only proved it correct, not tried it. - Donald E. Knuth
