Security is important to us here at Johns Hopkins. In order to make your website externally available it is imperative that you successfully pass your security scans.
Accunetix is the service that we utilize for security scans on websites. in order for your site to become externally available it must pass an acunetix scan. a few ways you can ensure a clean scan are as follows:
Please keep in mind that custom code could be vulnerable and in that case maybe flagged during your acunetix scan
Nessus Teneble is the product that Johns Hopkins utilizes to scan servers and other high value systems. Any server in the DMZ or that is externally facing must be scanned before release. Any server to be scanned must meet the following qualifications:
Depending on the Product, most scans will be completed within 24 hours. However, larger websites may take several days. Once your scan has been completed any issues or vulnerabilities must be corrected before the product is made public.
While not everything that may show up on a scan is manageable by a Web-Admin there are a few things that you can do to expedite the process.
If you are requesting a WordPress site, Wordfence is mandatory. While it will be preinstalled when the site is released to the Web-Admins, it still must be maintained. For example, this includes updates when applicable and ensuring that firewalls remain active. It is also important that your site remains connected to Wordfence Central.
Although Wordfence is very important it is not the only plugin that must be maintained. All plugins should be updated when applicable. In addition to updating plugins, we recommend not using any unapproved plugins as they can contain security holes or be incompatible with your WordPress version and/or theme, thereby breaking your site and wasting all your hard work and time.
Having good security practices is the foundation of cyber security. The first step to developing good security practices is having strong passwords. A strong password should be no less than 8 characters and should contain a mixture of upper and lower case letters as well as numbers, symbols and/or special characters. Another option is to use a passphrase, much like a password, a strong passphrase will contain a mixture of characters. If you have trouble remember passwords and passphrases, a password manager such as Last Pass can be an amazing tool.
To best protect the anonymity and privacy of our patients and students, it is imperative that your website not contain any PHI that could be misused or stolen. These are the 18 identifiers of PHI: