Mitigating Denial of Service Attacks with Load Balancing

Denial of service (DoS) attack continues to pose a huge risk to online businesses. The attack has moved from attack at the network level – layer 3 and layer 4 to the layer 7 of the OSI model. This layer 7 attack or application layer attack is not easily detectable by firewalls and most intrusion Detection systems and other security tools but have the capability of bringing down a well-equipped web server. The wide availability and easy accessibility of the attack tools makes this type of security risk very easy to execute, very prolific and difficult to completely mitigate. There have been an increasing number of such attacks against the web server infrastructures of many organisations being recorded. The aim of this research is to look at some layer 7 application DDoS attack tools and test open source tools that offer some form of defense against these attacks. The research deployed open source load balancing software, HAProxy as a first line of defense against Denial of Service attack. The three components of the popular free open source data analysis tool, Elastic stack framework- Logstash, Elasticsearch and Kibana were used to collect logs from the web server, filter and query the logs and then display results in dashboards and graphs to help in the identification of an attack by analysing the visually displayed log data. Rules are also setup to alert the business of anomalies detected based on pre-determined benchmarks

Questões e preocupações dos gestores de sistemas de informação em contexto hospitalar do SNS

Dissertação de mestrado integrado em Engenharia e Gestão de Sistemas de InformaçãoA saúde é um recurso vital para todo o ser humano, pelo que toda a informação que esta área gera deve ser devidamente utilizada, de forma a contribuir para a melhoria da prestação de cuidados e para uma correta gestão administrativa das instituições. É neste sentido que os sistemas de informação de saúde desempenham um papel fundamental, pois são os responsáveis por recolher, armazenar e analisar dados, informação e conhecimento. O bom funcionamento destes sistemas assume um papel primordial no desempenho da atividade diária de um hospital, pelo que um gestor de sistemas de informação hospitalar, exerce uma função de extrema importância nestas instituições. Esta dissertação objetiva identificar e caracterizar as questões e preocupações que afetam a atividade diária dos gestores de sistemas de informação em contexto hospitalar do serviço nacional de saúde, designando-as por Key Issues, tornando possível, posteriormente, propor linhas de recomendação face às ilações apresentadas. A utilização de uma metodologia interpretativista e a realização de entrevistas semiestruturadas a profissionais com um vasto conhecimento e experiência na área permitiu ao investigador obter uma compreensão única e profunda do fenómeno e da sua complexidade através da forma como cada pessoa vivência a sua experiência. Identificaram-se como uns dos principais Key Issues a carência de uma estratégia bem delineada de governação dos sistemas de informação de saúde a nível nacional, particularmente a relação entre a ACSS e SPMS, e a não evolução tecnológica e funcional dos sistemas impostos centralmente, nomeadamente o SONHO e o SINUS, por apresentarem um grande nível de obsolescência e fraca adequação funcional em relação à realidade. Neste seguimento, delinearam-se diversas recomendações, uma das quais a “Estratégia Política Para a Governação dos SI de Saúde”, a qual descreve que uma melhor definição de qual entidade deve ser responsável por fornecer serviços e qual deve assumir o papel de reguladora acarretaria inúmeros benefícios para as instituições e permitiria uma melhor regulação do mercado de fornecedores de tecnologias de informação de saúde.Health is vital to all human beings, whereby all information that it generates must be properly used, in order to contribute for better health care and correct management of health facilities. It’s having this in mind that health information systems play a fundamental role, since it’s their responsibility to collect, store and analyse data, information and knowledge. The correct functioning of this systems takes on a main role on the daily activities of a hospital, whereby the information systems manager role is extremely important at these facilities. This thesis aims to identify and characterize the questions and concerns, known as Key Issues, that affects the daily activities of the information systems managers, in hospital context of the Portuguese National Health Care services. Consequently, it’s possible to propose recommendations in view of the presented conclusions. The use of an interpretivist methodology and having semi-structured interviews with largely experienced health professionals, allowed the researcher to get a unique and in-depth comprehension of the phenomenon and its complexity, through the way each person live their experience. Some of the main issues are the lack of, at National level, a strategy well designed for information systems governance, specially the relationship between ACSS and SPMS. The technological non-evolution of the central systems, like SONHO and SINUS, as they presented a great level of obsolescence and a weak functional suitability in relation to the reality. Nevertheless, several recommendations were outlined one of which is “Political Strategy for Health Information Systems Governance”. On here, it’s described that a better definition of which entity should be responsible to provide services and which should take the role of regulatory would bring countless benefits to health facilities and it will allow a better market regulation of health information technologies suppliers

Strategies Used in eHealth Systems Adoption

Failure to adopt an interoperable eHealth system limits the accurate communication exchange of pertinent health-care-related data for diagnosis and treatment. Patient data are located in disparate health information systems, and the adoption of an interoperable eHealth system is complex and requires strategic planning by senior health care IT leaders. Grounded in DeLone and McLeanâs information system success model, the purpose of this qualitative case study was to explore strategies used by some senior information technology (IT) health care leaders in the successful adoption of an eHealth system. The participants were 8 senior health care IT leaders in the eastern United States who successfully adopted an interoperable eHealth system. Data were collected using semistructured interviews following Kallioâs five phase interview guide and analyzed using thematic analysis. Six themes emerged: eHealth ecosystem, implementation approach, quality, strategy, use/intent to use, and user satisfaction. A key recommendation from results indicates that further identification and development of strategies based on the DeLone and McLean IS success model might benefit successful eHealth adoption and implementation. Positive social change implications include the potential for senior health care IT leaders to identify a framework to enhance accuracy among eHealth systems to reduce medical errors and improve patient care