How to secure Openemr the easy way - Noob Advice

mohamed · January 10, 2021, 9:36pm

I am running Xampp on win 10. How to secure Openemr the easy way ? I already read the wiki and did the steps I could do on my own, some steps seem complicated. I don’t have a dedicated server at hand. Limited number of users. The computer is connected to the internet, but not powered on 24/7.

Here is what I have done:
1-Strong passwords in Openemr
2-2FA for Openemr users.
3-Installed Xampp on another drive than C drive, and bit-locked encrypted the drive as well as the back up drive. The computer is encrypted, UPS protected and physically locked in a safe place.
4-My LAN has a WIFI router with AES strong passwords, MAC filtering, and no port forwarding. No physical access to router.
5-Will not use portal.
6-Still trying how use https, especially on mobile phones and iPad’s.
7-Access control is very limited to users, each within his scope.
8-The Xampp configuration is set to listen to my IP range only.
9-Still trying to choose my best daily back-up method.
10-My windows installation is pretty okay in security and privacy, computer will be running in a local standard user account, but I don’t know if I will need using a firewall software.
11-Windows, Xampp, and Openemr will always be regularly patched.

Will it survive ?

mohamed · January 21, 2021, 3:39pm

Anybody has ideas regarding the before mentioned steps to secure Openemr ? Any major problems using internet while Xampp is working ? Any security advice is appreciated.

brady.miller · January 22, 2021, 7:23am

Could also add apache ssl client certificates (a nice layer of security at a higher apache level). Can check out Administration->System->Certificates for details on creating ssl certs and client side ssl certificates. (using client certificates would mean that only users that add the client ssl certificates on their browser would be able to get to OpenEMR)

brady.miller · January 22, 2021, 7:24am

And definitely ensure all communication is done via https(ie. ssl).

mohamed · January 22, 2021, 7:34am

Thanks for your reply. Generating ssl certificates is not my ballpark, but I will keep trying till I figure it out. But will it be applicable on mobile phones and iPad.

brady.miller · January 22, 2021, 7:39am

Yes, follow that script I linked to in OpenEMR. That is actually a good intro into creating ssl certs and what to do with them. The client sides certs can be installed on any web browser on any device.

mohamed · January 22, 2021, 7:55am

Will do and will post here again when successful.