Atlantic.Net Blog

What are e-Health Applications?

  • What is e-Health?
  • Practical Uses
  • Examples: Broad Types
  • Example: e-Health Application Hosting Story
  • Writing Your Own Story

What is e-Health?

Electronic health, shortened to either e-health or eHealth, is the electronic form of healthcare. The concept electronic health is often used alongside electronic health records (EHRs), as indicated by the national health programs of Australia and Canada. This idea is often discussed in the public sector as a method to improve population health, while the same agencies limit applications with patient privacy and security safeguards (such as HIPAA Title II).

Read More


Cómo Instalar De Linux, Apache, MySQL, PHP, (LAMP) Con Debian 8

Ariel Beltre June 9, 2015 by under Cloud Hosting 0 Comments

Introducción

En este artículo, le mostraremos como instalar LAMP en un servidor cloud con Debian 8. LAMP es simplemente un paqute de software que consiste de 4 componentes. Linux es la base de la plataforma; todos los componentes son instalados en el entorno Linux. En este caso, vamos a usar Debian 8 para el sistema operativo Linux. Vamos a usar Apache para el servicio web. MySQL se utilizará para la gestión de bases de datos, y PHP sera como el lenguaje de programacion. En total esto forma LAMP, que tambien se llama un LAMP stack.

Requisitos Previos

Un servidor con Debian 8 instalado. Si usted no tiene un servidor ya, usted puede visitar nuestra pagina de cloud hosting y configurar un nuevo servidor en menos de 30 segundos.

Read More


HIPAA API Explained – Should You Set Up an API for Your Healthcare App or Service?

  • HIPAA APIs and The Rise of HIPAA-Compliant Mobile
  • The Essence of HIPAA Compliance
  • An API as a HIPAA Compliance Tool

HIPAA APIs and The Rise of HIPAA-Compliant Mobile

Why set up a HIPAA-compliant API? The third platform of cloud-delivered mobile allows users to pull in data from various locations (whether stored anywhere online or locally) so that they are operating with real-time knowledge. Although all IT decisions must be particularly conscientious in healthcare both because of compliance and the acceleration of hacking, wearables and other smart devices continue to grow in popularity – and setting up a HIPAA-compliant API could help you protect patient health information while also providing authorized access to vital health data.

Read More


Cómo instalar Linux , Apache , MySQL y PHP (LAMP ) en Ubuntu 14.04

Jose Velazquez June 8, 2015 by under Cloud Hosting 0 Comments
Probado y verificado 06/5/15

Introducción

En este Como-Hacer , instalaremos LAMP en un servidor usando Ubuntu 14.04. LAMP simplemente es un  paquete de software compuesto por cuatro componentes, Linux , Apache , MySQL y PHP . El núcleo de la plataforma es Linux y en este caso, estaremos usando Ubuntu 14.04 LTS . Apache es un servidor web y la mayoría de los servidores web en el mundo entero usan Apache. MySQL es un sistema de administración para base de datos que es desarrollado por Oracle . PHP es un lenguaje de programación muy popular que se utiliza ampliamente en el desarrollo de web . En total, esto forma LAMP  o una pila LAMP.

Requisitos

Un servidor con Ubuntu 14.04 instalado . Puedes obtener un servidor aquí, si no tienes uno

Instalación LAMP en Ubuntu 14.04

El primer paso de esta instalacion LAMP, es la instalación de Apache.

Instalación de Apache en Ubuntu 14.04

Instala Apache ejecutando el comando siguiente:

apt-get install apache2

Dale a Enter cuando te pregunte “Do you want to continue?” durante la instalación.

Despues de la instalacion, puedes verificar que Apache este corriendo ejecutando el comando siguiente:

service apache2 status

Tambien puedes verificar que todo esta trabajando bien simplemente abriendo tu navegador y ir a http://tudirecciónIP

Si no sabes la dirección IP de tu servidor, puedes obtenerla ejecutando el comando siguiente:

ifconfig
Un ejemplo del comando ifconfig con la direccion IP 172.20.6.154

Un ejemplo del comando ifconfig con la direccion IP 172.20.6.154

En este caso pondremos http://172.20.6.154 en el navegador para obtener la página siguiente:

Esta es la página por defecto de Apache en Ubuntu 14.04

Esta es la página por defecto de Apache en Ubuntu 14.04

Instalación de MySql en Ubuntu 14.04

Instala MySql ejecutando el comando siguiente:
sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql

Dale a enter cuando te pregunte “Do you want to continue?” durante la instalación.

Durante la instalación , se le pedirá que introduzca una contraseña de root para MySQL. Establece cualquier contraseña que le gustaría a usted . Debe ser una contraseña segura.

Introduzca la contraseña de su elección

Introduzca la contraseña de su elección

Después de introducir la contraseña de root para MySQL , tendrás que volver a introducirla.

Vuelva a introducir la contraseña que estableció previamente

Vuelva a introducir la contraseña que estableció previamente

Continúe con la instalación de seguridad para MySQL ejecutando el comando siguiente:

mysql_secure_installation

Nota: Se le pedirá una serie de preguntas. Sólo tienes que escribir la contraseña de N para el cambio de root y Y para sí en todo lo demas, consulte la captura siguiente en la pantalla:

Un ejemplo de mysql_secure_installation como aparece

Un ejemplo de mysql_secure_installation como aparece

Despues de la instalacion, puedes verificar que MySql esta corriendo ejecutando el comando siguiente:

service mysql status

Instalación de PHP en Ubuntu 14.04

Instala MySql ejecutando el comando siguiente:

apt-get install php5

Dale a enter cuando te pregunte “Do you want to continue?” durante la instalación.

Crea un archivo PHP de prueba llamada info.php en / var / www / html / . En este como-hacer vamos a utilizar el editor de textos nano ejecutando el comando siguiente:

nano /var/www/html/info.php

Inserte el código siguiente en el editor de texto a continuado por guardar y salir:

<?php
phpinfo();
?>

Como hicimos cambios , tenemos que reiniciar Apache para que los cambios tengan efecto ejecutando el comando siguiente:

service apache2 restart

Ahora puedes verificar que todo esta trabajando bien simplemente abriendo tu navegador y ir a http://tudirecciónIP/info.php

El resultado del archivo php.info que hemos realizado.

El resultado del archivo php.info que hemos realizado.

¡Felicidades! Usted acaba de instalar LAMP en su servidor Ubuntu 14.04. Gracias por seguir este Como-Hacer sobre la instalación de LAMP. Visitenos de nuevo para nuevas actualizaciones .


How to: Initial Ubuntu 15.04 Server Setup

Jose Velazquez June 5, 2015 by under Cloud Hosting 0 Comments
Verified and Tested 05/9/15

Introduction

This how-to will help you with your initial setup on Ubuntu 15.04 so that you can successfully secure your server while giving you the peace of mind knowing your server is protected. With any server, the primary goal should always be security. Many users are victims of malicious infiltrations on their servers due to the lack of security boundaries established from the beginning. Let us begin on the right path by laying our foundation with security.

What Do You Need?

You need a Ubuntu 15.04 server that is configured with a static IP address. If you do not have a server already, you can visit our industry-leading Cloud Hosting page and spin a new server up in under 30 seconds.

Server Preparation

To get started, login to your Ubuntu 15.04 server via SSH or the VNC Console located here. Atlantic.Net Cloud servers are setup as minimal installations to avoid having unnecessary packages from being installed and never used. If some software packages that you’re used to using aren’t installed by default, feel free to install them as needed.

Let’s make sure that your server is fully up-to-date.

Update the Ubuntu 15.04 Root Password

By default, your Atlantic.Net servers are automatically set with secure passwords. However, we still recommend updating your password after creating your server and every 60-90 days after that to ensure it remains secure. A minimum of 8 characters, including lowercase, uppercase and numbers are recommended to increase the level of security.

Type the following command to activate your request and follow the on-screen instructions to update/confirm your root password:

passwd

Create a new user with sudo privileges

After successfully updating your password, it’s recommended that you create a new user with sudo/root permissions. Since the common admin user for many Linux Operating Systems like Ubuntu 15.04 is “root”, we’re going to make a new admin user that will be used for day-to-day administration tasks. Creating a new user with root permissions will increase the security in the way your server is accessed.  Individuals looking to target your system are going to target the root user because it’s known the be the default admin account. By creating a new user with sudo/root permissions, and disabling the root user, you are increasing security by using a user that isn’t already publicly known.

Type the following command to create your new user replacing “user1”  with your username and confirm.

adduser user1

Fill in the information that applies to the user and confirm the information:

[email protected]:~# adduser user1
Adding user `user1' ...
Adding new group `user1' (1000) ...
Adding new user `user1' (1000) with group `user1' ...
Creating home directory `/home/user1' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for user1
Enter the new value, or press ENTER for the default
 Full Name []: user1
 Room Number []:
 Work Phone []:
 Home Phone []:
 Other []:
Is the information correct? [Y/n] y

Create a password for that user by typing the following command to activate your request and following the on-screen instructions to update/confirm your “user1” password:

passwd user1

Once you have created a new user and created the password for that user, it is time to add the user to the sudo wheel group. In Ubuntu 15.04 once you add them to the sudo wheel group they are automatically assigned sudo/root permissions. Run the following command to add the user to the sudo wheel group.

adduser user1 sudo

Finally when you have created the user with sudo/root permissions,  you can exit your session and log back in with your “user1” to verify the changes that were made. Alternatively, you can run the following command and switch users from root to “user1”  which will then ask you for that users password. It is important to remember that you will then have to use sudo before running any command with the user.

su - user1

Configure SSH Access

In Linux systems, port 22 is the default port for remote connections via SSH. By changing the ssh port, you will increase the security of your server in preventing brute force attacks and unwanted users from reaching your server using the default port. For this tutorial, use Port 5022 as an example.

Open your SSH Configuration file, find the Port line, remove the # and change 22 number to your Custom port Save and exit.

sudo nano /etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 5022

In order for your system to update the new settings from the SSH Configuration file, we must restart the sshd service.

sudo systemctl restart sshd.service

SSH has now been configured to use Port 5022, and if you attempt to login using Port 22, your login will fail. However, do not exit your session as we need to configure the custom port on the firewalls configuration part first, which we will configure in the upcoming steps.

Limit Root Access

Since we’ve created a new user with root permissions and created a custom ssh port, there’s no need keep the actual root user available and vulnerable over SSH on your server. Let us restrict the root users access to be available on the local server and granting permission to the new user over SSH only.

Open the SSH Configuration file, find the PermitRootLogin line, remove the # and change it from yes to no.

sudo nano /etc/ssh/sshd_config
#PermitRootLogin yes
PermitRootLogin no

In order for your system to update the new settings in the SSH Configuration file, we must restart the sshd service.

sudo systemctl restart sshd.service

Note: In making those changes you will now have the root user disabled so you must log into your server with the “user1” that you created. However, do not exit your session, we must configure the custom port on the firewall in the upcoming steps.

Create a Private SSH Key

Private/Public SSH Keys are great additional features that increases security in the method a server is accessed. However, it takes a bit more effort to setup. The question is, Is your server worth the extra security? If you would like to implement the following security features, you can continue with the following steps. Let us proceed and generate the SSH Key.

ssh-keygen

If you want to change the location where the SSH Key will be saved,  you can specify it here. However, the default location where its stored should be OK. Press enter when you are prompted with the following question then enter a passphrase, unless you don’t want one.

Enter file in which to save the key (/home/user1/.ssh/id_rsa):
This is the default page when installing SSH Keys on a Ubuntu 15.04 server

This is the default page when installing SSH Keys on a Ubuntu 15.04 server

Configuring the SSH Key is crucial, we must copy the full key string to a Word/ Notepad Document. The Key can be viewed in the following location with the cat command.

cat ~/.ssh/id_rsa.pub

Copy the SSH key beginning with ssh-rsa and ending with [email protected] into a Word/ Notepad document so we can add it to the config file later on.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNcnc3pMOytM7xgwZHUX0Wi/O78hDvLUmQVtKn8Qk1ijBY82jVftKXKRhf8toNkgm9jaZmfapLa7ynzUG4jbFjyy8H+iEs1R8P7eu+e8/fmGwjorbMFuWdoi7h2CldoqKTdMEb/dMNxjNMzBbovl3XtZviQGm4/TMVO1hHxy85JR8zAtNFu7liaP7IonexNrOGhY8CjqRcBsceQLkl1MlX7cWaWAMqd6jQnAvggTLerI9P286AP8Sk4uColj7GKOljj8X6J/2pcjp9v2IvJOqwC/zLwUKZ6qTEV6SrfdbjopoCVvpXkVhmcbHX5Xv1gwynO+vTkpPFwVTjSnAai71L [email protected]

Once the SSH Key is stored safely the directory for the SSH Keys needs limited permissions that only the owner can read, write and execute the file.

sudo chmod 700 .ssh

Within the SSH directory, a file containing the SSH Key must to be added, simply using your editor (in this case NANO) the following location:

nano .ssh/authorized_keys

Paste the SSH Key then save and exit using the nano format.

Finally, we have to limit the permissions of the authorized_keys file that we just created so only owner can read and write.

chmod 600 .ssh/authorized_keys

We could now verify that the key is working by closing the session and typing [email protected] or your servers hostname in your SSH Console. Furthermore, for more information you can click  “here” to see our How To Generate and Use SSH Keys article.

Basic Firewall Rules

By default, your Atlantic.Net’s Ubuntu 15.04 Server is not loaded with a firewall. However, depending on your preference you may install any of the following: firewalld, iptables, etc. In this part I will be using Firewalld which uses the firewall-cmd tool in order to configure its rules. We must first install the Firewall service with the following:

sudo apt-get install firewalld

Next, we’re going to add a rule to allow the custom SSH Port 5022 that was created earlier so it can access the server publicly. At the same time, we’re going to remove the previous default rule allowing SSH access on TCP/22.

sudo firewall-cmd --permanent --add-port=5022/tcp
sudo firewall-cmd --permanent --remove-service=ssh

If you have a web server you may want to allow the following rules so your sites could be accessed over the internet.

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

You can use this for similar rules related to any systems you want to be publicly accessible. This test server is setup to host a website and email services, so in addition to the updated SSH  and HTTP(S) rules, additional rules for secure POP3, IMAP, and SMTP have been added.

sudo firewall-cmd --permanent --add-service=pop3s
sudo firewall-cmd --permanent --add-service=imaps
sudo firewall-cmd --permanent --add-service=smtp

For Firewalld to accept those settings you must restart the firewall.

sudo firewall-cmd --reload

Your settings will have been saved and you are ready to proceed. To verify all the services/ports that are available run the following:

sudo firewall-cmd --permanent --list-all
This is the default page after configuring the Firewalld rules on Ubuntu 15.04 server

This is the default page after configuring the Firewalld rules on Ubuntu 15.04 server

NTP Time Sync

The NTP (Network Time Protocol) is  used to synchronize the time and date of computers over the network in order to remain accurate and up to date. Let us begin by installing the NTP(If it hasn’t been installed) and configuring the service to synchronize with their servers.

sudo apt-get install ntp

Once the NTP service is installed, we need to make sure that the service is ON.

sudo /etc/init.d/ntp start

Add Swap File

A Swap file is simply a small amount of space created on a servers hard drive to simulate Ram. In the event that the server is running low on memory it will look at the hard drive and ease the load tricking the system to think it has more memory. We will set up the swap file on the hard drive to increase the performance of the server just a little bit more.

Begin by checking your resources to make sure we can add the file. When you run the following command, you will see the percentage space on your Hard drive that is currently being used.

df -h

When creating a Swap file usually you want to add half of your existing RAM up to 4GB(If you have 1GB of actual Ram then you add a 512MB file). In this part I will be adding a 512MB swap file to the drive. The way that this is calculated is by 1024 x 512MB = 524288 block size.

sudo dd if=/dev/zero of=/swapfile bs=1024 count=524288

Now that we have added a swap file, a Swap file area needs to be created in order to proceed.

sudo mkswap /swapfile

With the Swap file created and the Swap file, area added we can go ahead and add permissions to the file so that only the owner can read and write.

sudo chown root:root /swapfile
sudo chmod 600 /swapfile

Now that the swap file has the appropriate permissions we can go ahead and activate the it.

sudo swapon /swapfile

You can verify your newly added Swap file with the following.

sudo swapon -s

In order to make the Swap file always active even after a reboot, we must configure it accordingly.

sudo nano /etc/fstab

Paste the following command at the bottom of the file save your work and exit.

/swapfile              swap   swap     defaults     0 0

Finally, verify if your swapfile is activated by typing the following command:

free -m
This is the default page after creating a Swap File on a Ubuntu 15.04 Server

This is the default page after creating a Swap File on a Ubuntu 15.04 Server

What Next?

With that, you now have a server with a strong security foundation which will give you the peace of mind knowing that your server is protected. You may now proceed to build your platform according to your needs. Thank you for following along and feel free to check back with us for further updates.

Atlantic.Net is dedicated to providing the very best in technical support for our customers along with offering a full line-ups of cloud hosting solutions for any sized business.


HIPAA Compliant File Storage

How can you take advantage of the incredible power of cloud hosting while still meeting HIPAA data storage requirements at all times?

The best way currently available to store your medical files and share them between various parties is with HIPAA compliant cloud storage. Various cloud apps are designed for filesharing (examples include Box, Dropbox, and Google Drive), which also allows you to back up the files and synchronize data between various devices. However, general technological solutions are not designed for the special case of healthcare – in particular with regard to encryption.

Read More


How to set up a TeamSpeak server on CentOS 6.6

Michael Douse June 4, 2015 by under Cloud Hosting 0 Comments
Verified and Tested 05/19/15

Introduction

In this article, we will go over how to set up a TeamSpeak (v3) server on a freshly provisioned CentOS 6.6 cloud server.

Prerequisites

-You will need to provision a CentOS 6.6 (32 bit or 64 bit) server.

-SFTP Client such as WinSCP.

Install TeamSpeak on CentOS 6.7

First we will need to go download the TeamSpeak Server files. You can find them here. Make sure to choose the correct architecture (x86 for 32-bit, amd64 for 64-bit):

Download TeamSpeak version

Download TeamSpeak version

 

Next we will go download an SFTP client so we can transfer the TeamSpeak Server file to our cloud server. You can download WinSCP from HERE. You can choose either the installation package or the portable version.

Download WinSCP

Download WinSCP

 


Now to open up the required ports in the firewall. These are the default ports we will open:

UDP: 9987 – Default voice port.
TCP: 10011 – Default file transfer port.
TCP: 30033 – Default server-query port.

 

Edit the following with a text editor of your choice. For this article, we will be using “nano”:

nano /etc/sysconfig/iptables

Add the following lines before the REJECT rules:

-A INPUT -p udp -m multiport --dports 9987 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 10011,30033 -j ACCEPT

Add rules to IPtables

Add rules to IPtables

Once you are done, save your changes and exit from nano with CTRL O + Enter, and CTRL X. Then restart IPtables:

service iptables restart

Verify that the rules are in place:

iptables -L -n
Verify IPtables rules.

Verify IPtables rules.

That’s it for the firewall configuration.


 

Time to create a separate user for the TeamSpeak server. Call this user whatever you wish, but for the sake of this how-to, I will be using “ts3srv”:

useradd ts3srv
passwd ts3srv

Now change to the home folder of the user we just created:

su ts3srv
cd

At this point, we will need to upload the TeamSpeak server package we downloaded earlier. Open WinSCP and type your server IP in the “Host name” input box along with the ts3srv username and password you chose. Then click on “Login”:

WinSCP - Connect to your server.

WinSCP – Connect to your server.

 Note: The first time you connect to your server, you will receive a warning that the host is unknown. Don’t worry, click “Yes” to accept the host key.

Host Key Warning - WinSCP

Host Key Warning – WinSCP

Once you are connected, you will be dropped into the home directory of the ts3srv user we created. Just drag and drop the file we downloaded into the main window:

Upload TeamSpeak server package.

Upload TeamSpeak server package.

You can now verify that the file is on the server with the “ls” command:

Verify upload completion.

Verify upload completion.


Time to install the package:

tar xvfz teamspeak3-server_linux-amd64-3.0.11.3.tar.gz
cd teamspeak3-server_linux-amd64

Note: Your command may be slightly different depending the version that you downloaded or if you chose the 32-bit version.

Now start the TeamSpeak server with the following command.

./ts3server_startscript.sh start
Start the TeamSpeak server.

Start the TeamSpeak server.

WARNING: Make sure to copy down all information that is shown. It WILL NOT be shown again.

Once you copy down the Server Query Admin Account password and the ServerAdmin privilege key, you can hit CTRL + C to exit out. The server will remain running in the background.


Now open up your TeamSpeak client and go join your server!

You will need the password and privilege key that you should have copied down in the previous step:

Connect to your TeamSpeak server

Connect to your TeamSpeak server

 

That’s it!  Now go ahead and edit the default channel and/or start adding new channels. Once you are ready, just give your clients the IP address of the server to connect.


How to: Initial Fedora 21 Server Setup

Jose Velazquez June 4, 2015 by under Cloud Hosting 0 Comments
Verified and Tested 05/12/15

Introduction

This how-to will help you with your initial setup on Fedora 21 so that you can successfully secure your server while giving you the peace of mind knowing your server is protected. With any server, the primary goal should always be security. Many users are victims of malicious infiltrations on their servers due to the lack of security boundaries established from the beginning. Let us begin on the right path by laying our foundation with security.

What Do You Need?

You need a Fedora 21 server that is configured with a static IP address. If you do not have a server already, consider a cost-effective server from Atlantic.Net and be up in under 30 seconds.

Server Preparation

To get started, login to your Fedora 21 server via SSH or the VNC Console located here. Atlantic.Net Cloud servers are setup as minimal installations in order to avoid having unnecessary packages from being installed and never used. If some software packages that you’re used to using aren’t installed by default, feel free to install them as needed.

Let’s make sure that your server is fully up-to-date.

yum update

With the server up-to-date, we can continue the process and secure your server.

Update the Fedora 21 Root Password

By default, your Atlantic.Net servers are automatically set with secure passwords. However, we still recommend updating your password after creating your server and every 60-90 days after that to ensure it remains secure. A minimum of 8 characters, including lowercase, uppercase and numbers are recommended to increase the level of security.

Type the following command to activate your request and follow the on-screen instructions to update/confirm your root password:

passwd

Create a new user with sudo privileges

After successfully updating your password, it’s recommended that you create a new user with sudo/root permissions. Since the common admin user for many Linux Operating Systems like Fedora 21 is “root”, we’re going to make a new admin user that will be used for day-to-day administration tasks. Creating a new user with root permissions will increase the security in the way your server is accessed. Individuals looking to target your system are going to target the root user because it’s known the be the default admin account. By creating a new user with sudo/root permissions, and disabling the root user, you are increasing security by using a user that isn’t already publicly known.

Type the following command to create your new user replacing “user1”  with your own username and confirm.

adduser user1

Create a password for that user by typing the following command to activate your request and following the on screen instructions to update/confirm your “user1” password:

passwd user1

Once you have created a new user and created the password for that user, it is time to add the user to the sudo wheel group. In Fedora 21 once you add them to the sudo wheel group they are automatically assigned sudo/root permissions. Run the following command to add the user to the sudo wheel group.

gpasswd -a user1 wheel

Finally when you have created the user with sudo/root permissions,  you can exit your session and log back in with your “user1” to verify the changes that were made. Alternatively, you can run the following command and switch users from root to “user1”  which will then ask you for that users password.

su - user1

Configure SSH Access

In Linux systems, port 22 is the default port for remote connections via SSH. By changing the ssh port, you will increase the security of your server in preventing brute force attacks and unwanted users from reaching your server using the default port. For this tutorial, we will use Port 5022 as an example.

Open your SSH Configuration file, find the Port line, remove the # and change 22 number to your Custom port Save and exit.

sudo vi /etc/ssh/sshd_config
#Port 22
Port 5022

In order for your system to update the settings from the SSH Configuration file, we must the restart sshd service.

sudo systemctl restart sshd.service

SSH has now been configured to use Port 5022, and if you attempt to login using Port 22, your login will fail. However, do not exit your session as we need to configure the custom port on the firewalls configuration part first, which we will configure in the upcoming steps.

Limit Root Access

Since we’ve created a new user with root permissions and created a custom ssh port, there’s no need keep the actual root user available and vulnerable over SSH on your server. Let us restrict the root users access to be available on the local server and granting permission to the new user over SSH only.

Open the SSH Configuration file, find the PermitRootLogin line, remove the # and change it from yes to no.

sudo vi /etc/ssh/sshd_config
#PermitRootLogin yes
PermitRootLogin no

In order for your system to update the new settings in the SSH Configuration file, we must restart the sshd service.

sudo systemctl restart sshd.service

Note: In making those changes you will now have the root user disabled so you must log into your server with the “user1” that you created. However, do not exit your session, we must configure the custom port on the firewall in the upcoming steps.

Create a Private SSH Key

Private/Public SSH Keys are great additional features that increase security in the method a server is accessed. However, it takes a bit more effort to setup. The question is, Is your server worth the extra security? If you would like to implement the following security features you can continue with the following steps. Let us proceed and generate the SSH Key.

ssh-keygen

If you want to change the location where the SSH Key will be saved,  you can specify it here. However, the default location where its stored should be OK. Press enter when you are prompted with the following question then enter a pass phrase, unless you don’t want one.

Enter file in which to save the key (/home/user1/.ssh/id_rsa):
This is the default webpage when installing SSH Keys on a Fedora21 server

This is the default webpage when installing SSH Keys on a Fedora21 server

Configuring the SSH Key is crucial, we must copy the full key string to a Word/ Notepad Document. The Key can be viewed in the following location with the cat command.

cat ~/.ssh/id_rsa.pub

Copy the SSH key beginning with ssh-rsa and ending with [email protected] into a Word/ Notepad document, so we can add it to the config file later on.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbFd5OZFm8qDh21f28igkEVVb0rwkvyvxpH+LX9FBIgLfXTYZRz8PhCUi6NtugZMJ3F9vwq4Cq3zTYuwqhdb4Nt8z8MiS6sKX8JpgLyKreEwaxfK9IKBskyAkpln7zc7bHVCYsTJsvr/1B7kTvX4jIa0/EJQS7xvCTGdMDOD+Ux7bGJiA8ohc4DfELfJnlcURfNwB3PZ5ukdoul7/+yeabRsj18rc0yZfJ3/MgaipdSTwK/2mpaR0xlKGQhj47FsERKu6rztBL5lIQXWWZK71L8O2aprgsBBP+G2lKVKNNXeBfd+4Kx+4D980mWZlEdZ8KfgOZqCMXF3Jfjqcpvf0D [email protected]

Once the SSH Key is stored safely, the directory for the SSH Keys needs limited permissions that only the owner can read, write and execute the file.

chmod 700 .ssh

Within the SSH directory, a file containing the SSH Key must to be added, simply using your editor (in this case VI) the following location:

vi .ssh/authorized_keys

Paste the SSH Key then save and exit using the VI format.

Finally, we have to limit the permissions of the authorized_keys file that we just created so only owner can read and write.

chmod 600 .ssh/authorized_keys

We could now verify that the key is working by closing the session and typing [email protected] or your servers hostname in your SSH console . Furthermore, for more information you can click  “here” to see our How To Generate and Use SSH Keys article.

Basic Firewall Rules

By default your Atlantic.Net’s Fedora 21 Server is loaded with a default firewall named firewalld that uses the firewall-cmd in order to configure its rules. We must first start the Firewall service with the following:

sudo systemctl start firewalld

Next, we’re going to add a rule to allow the custom SSH Port 5022 that was created earlier so it can access the server publicly. At the same time, we’re going to remove the previous default rule allowing SSH access on TCP/22.

sudo firewall-cmd --permanent --add-port=5022/tcp
sudo firewall-cmd --permanent --remove-service=ssh

If you have a web server, you may want to allow the following rules so your sites could be accessed over the internet.

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

You can use this for similar rules related to any systems you want to be publicly accessible. This test server is setup to host a website and email services, so in addition to the updated SSH  and HTTP(S) rules, additional rules for secure POP3, IMAP, and SMTP have been added.

sudo firewall-cmd --permanent --add-service=pop3s
sudo firewall-cmd --permanent --add-service=imaps
sudo firewall-cmd --permanent --add-service=smtp

For Firewalld to accept those settings you must restart the firewall.

sudo firewall-cmd --reload

Your settings will have been saved and you are ready to proceed.
To verify all the services/ports that are available run the following:

sudo firewall-cmd --permanent --list-all
This is the default webpage after completing the Firewalld rules on a Fedora21server

This is the default webpage after completing the Firewalld rules on a Fedora21server

NTP Time Sync

The NTP (Network Time Protocol) is used to synchronize the time and date of computers over the network in order to remain accurate and up to date. Let us begin by installing the NTP(If it hasn’t been installed) and configuring the service to synchronize with their servers.

sudo yum install ntp

Once the NTP service is installed, we need to make sure that the service is ON.

sudo systemctl start ntpd

Now that the service has started lets enable the NTP server so that it will constantly update the server’s time from the NTP server.

sudo systemctl enable ntpd

Add Swap File

A Swap file is simply a small amount of space created on a servers hard drive to simulate RAM. In the event that the server is running low on memory it will look at the hard drive and ease the load tricking the system to think it has more memory. We will set up the swap file on the hard drive to increase the performance of the server just a little bit more.

Begin by checking your resources to make sure we can add the file. When you run the following command, you will see the percentage space on your Hard drive that is currently being used.

df -h

When creating a Swap file, usually you want to add half of your existing RAM up to 4GB(If you have 1GB of actual Ram then you add a 512MB file). In this part, I will be adding a 512MB swap file to the drive. The way that this is calculated is by 1024 x 512MB = 524288 block size.

sudo dd if=/dev/zero of=/swapfile bs=1024 count=524288

Now that we have added a swap file, a Swap file area needs to be created in order to proceed.

sudo mkswap /swapfile

With the Swap file created and the Swap file, area added we can go ahead and add permissions to the file so that only the owner can read and write.

sudo chown root:root /swapfile
sudo chmod 0600 /swapfile

Now that the swap file has the appropriate permissions we can go ahead and activate the it.

sudo swapon /swapfile

You can verify your newly added Swap file with the following.

sudo swapon -s

In order to make the Swap file always active even after a reboot, we must configure it accordingly.

sudo vi /etc/fstab

Paste the following command at the bottom of the file save your work and exit.

/swapfile              swap   swap     defaults     0 0

Finally, verify if your swapfile is activated by typing the following command:

free -m
This is the default page after creating a Swap File on a Fedora21 Server

This is the default page after creating a Swap File on a Fedora21 Server

What Next?

With that, you now have a server with a strong security foundation that will give you the peace of mind knowing that your server is protected. You may now proceed to build your platform according to your needs. Thank you for following along and feel free to check back with us for further updates.


Format Guide for Atlantic.Net What-Is Articles

Atlantic.Net NOC June 4, 2015 by under Cloud Hosting 0 Comments

Introduction

If you think you’d like to write for Atlantic.Net, you should start by completing our signup form, if you haven’t already.

What Is articles for Atlantic.Net should conform to the standards indicated in the sections below:

Sections (including Introduction, Target Audience, and the Tutorial itself)
Format (Markdown or simple HTML)
Images/Screenshots
Original Work

Please also review our style guide for additional guidance.

 

Sections

Each What-Is article should begin with the Target Audience section, indicated with H5 headers. Target Audience should specify what level of experience and/or what knowledge you assume the reader should possess to understand the topic you will be writing about. Any topics which assume that a reader is familiar with material covered in another Atlantic.Net article can be linked here. The minimum experience level for the Target Audience of a What-Is article should be entry-level IT professional.

Example:

Target Audience

This article assumes you are familiar with the basic concepts behind the Public Key Infrastructure (PKI). For a refesher, check out this primer on the basics of public key cryptography.

 

After the Target Audience should be the Introduction section, which briefly describes the scope of the article. The word “Introduction” should be contained within H3 headers.

The bulk of the article follows the Introduction.

 

Format

What-Is articles for Atlantic.Net can be submitted in Markdown or simple HTML.

Supported text formatting: header text, code blocks, inline code (for commands and keystrokes), italics (for variables), and bold (for emphasis).

 

Headers

H1 should be used for the title of the article. The title should always be the first part of any article.

H2 should be used for major sections of the article.

H3 should be used for “Introduction”, “Target Audience”, and subsections.

 

Code Blocks

What-Is articles should avoid the use of code or code blocks (this usage is more prevalent in a How-To article). However, if you are highlighting what code related to your topic looks like, then it should be enclosed in a code block.

 

If referencing code inline, you may use the code tag. This use should be confined to referring to a portion of code whose form or function is relevant to the topic. Bear in mind that the goal of most What-Is articles is not to teach someone how to accomplish a task but to explain in a more general sense a concept related to technology.

Example:

The common heritage of UNIX that many subsequent operating systems share is evident in some of the commands that they all share, such as cp for copy.

 

Variable/custom information format

Variables or host-specific information should be rare in a What-Is article. However, if the need arises, variables or custom configuration entries (such as hostnames) should be italicized. Our parser will also tint all italicized entries green.

 

Emphasis

If you’d like to indicate emphasis, use bold.

 

Keystrokes

When it comes to referencing keystrokes inline with the text, enclose them in a code span. Again, this sort of inclusion should be infrequent in a What-Is article.

Example:

The Enter key may still be called the Return key on some keyboards, harkening back to its usage on typewriters to indicate a carriage return.

For keystrokes requiring multiple keys to be pressed simultaneously, use a plus sign (+) between keys.

Example:

The keystroke combination of Ctrl+Alt+Del gained, in some circles, the moniker of “the three-finger salute”.

 

Images

We encourage the use of images and screenshots to help illuminate many of the points that may be brought up in a What-Is topic. Images should have a maximum width of 730 pixels. You may create the image yourself or use an image that is clearly licensed for reuse under a license such as Creative Commons, for instance.

Include a link to the image using the URL where it is currently hosted. Articles accepted for publication will have all associated images downloaded and hosted on our servers. Along with images, we require the following:

Image Name: format anet-articlename-## (where the ## is replaced by a number, e.g., anet-what_is_a_vpn-01).
Alt Text: a brief description of the image, in case it does not load.
Caption: a brief description appearing beneath the image.
Attribution: if using an image licensed for re-use include the approrpriate attribution information (title, author, source, licence, etc.)

Any uniquely identifiable information should be obscured, preferably through the use of obvious placeholder names (such as “example.com” or “192.168.0.2”).

 

Original Work

All articles written for Atlantic.Net must be original works. Atlantic.Net will not tolerate plagiarism nor the re-use of previously existing work.

Similarly, all images and screenshots should also be unique, excepting those images whose use properly abides by an appropriately attributed license.


What Is the Penalty for a HIPAA Violation? Can You Get Jail Time?

  • Example of HIPAA Violation
  • Legislative Basis
  • Consequences of HIPAA Violations – Civil Penalties
  • HIPAA Criminal Penalties – Can You Be Imprisoned?
  • Covered Entities & Individual People
  • “Knowingly”
  • Exclusion & Upholding the KLaw
  • Choosing a Compliance Partner

Example of HIPAA Violation

Those who follow Healthcare IT news will often see stories about large HIPAA settlements by the US Department of Health & Human Services, such as the $4.8 million HIPAA fines against Columbia University and New York Presbyterian Hospital in early 2014. No situation is the same, and not all settlements will be as severe as that one. In the Columbia University case, PHI was actually posted to the public Internet, with patient files accessible directly through search engines.

Read More


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

Resources

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies in our updated Privacy Policy. If you continue to use this site, you consent to our use of cookies and our Privacy Policy.