Securing the i2b2 server
Below are some tips for securing your i2b2 server. Please note that these are only recommendations and not a complete guide. Please consult your IT department if you want to go online with real patient data.
It is highly recommended to activate the firewall on your Linux system. For Ubuntu Linux, the firewall software is UFW and can easily be configured. We recommend to block all ports, except those that have to be accessed (SSH, HTTP and maybe JBoss). By default, the firewall blocks all incoming connections. However, to allow incoming traffic on port 22, which is necessary if you use SSH, type:
ufw logging on
tail -f /var/log/syslog
It is also highly recommend to install fail2ban, an intrusion prevention software framework which protects computer servers from brute-force attacks. This handy tool automatically blocks IP addresses that have - unsuccessfully - tried to log into your machine after a couple of attempts. On an Ubuntu machine, type
sudo apt-get install fail2ban
to install fail2ban.