Bert2005
asked on
Can a firewall be set up to stop and input or output from a specified application?
If one is running an application, say an Electronic Medical Record, which is not ASP; it runs on the workstations and accesses the database from the server. The workstations connect to the Internet through the server, and the server connects via a switch -> router -> cable modem. Router = PIX 501.
Rumor has it that the developer of the EMR has written code into the latest upgrade whereby he can disconnect the program via the Internet.
I remember that software firewalls such as ZoneAlarm, etc. can stop traffic in and out to a certain software program. But, it also popped up quite a bit on programs that you wanted to obtain access to the Internet such as antivirus programs or Outlook, etc. Is there a way to block assess to a program via a hardware firewall or via a software firewall either on the server or on each client computer wihtout affected other programs? The program isn't actually running on the server, just the databases.
Thanks.
Rumor has it that the developer of the EMR has written code into the latest upgrade whereby he can disconnect the program via the Internet.
I remember that software firewalls such as ZoneAlarm, etc. can stop traffic in and out to a certain software program. But, it also popped up quite a bit on programs that you wanted to obtain access to the Internet such as antivirus programs or Outlook, etc. Is there a way to block assess to a program via a hardware firewall or via a software firewall either on the server or on each client computer wihtout affected other programs? The program isn't actually running on the server, just the databases.
Thanks.
ASKER
Rajesh,
Thanks. There is a just a particular program on our server, which supposedly the owner of the company who made it claims he can access the program through some code which he placed in it so he can shut it down. I guess similar to how Microsoft uses Microsoft Genuine Advantage to access a computer via downloading updates then matching Product Keys and sending info back to Microsoft.
Thanks. There is a just a particular program on our server, which supposedly the owner of the company who made it claims he can access the program through some code which he placed in it so he can shut it down. I guess similar to how Microsoft uses Microsoft Genuine Advantage to access a computer via downloading updates then matching Product Keys and sending info back to Microsoft.
ASKER
Rajesh,
I realize that the PIX-501 is a good firewall. I guess I'm confused because our netowrk is set up:
Modem -> Cisco PIX -> switch -> private network and server.
I was always under the impression that one had to have a router to connect a network to the Internet. Of course, my home computer using a LInksys router/firewall, but it can connect directly through the modem, so maybe I am wrong. Maybe as long as I have a switch?
I realize that the PIX-501 is a good firewall. I guess I'm confused because our netowrk is set up:
Modem -> Cisco PIX -> switch -> private network and server.
I was always under the impression that one had to have a router to connect a network to the Internet. Of course, my home computer using a LInksys router/firewall, but it can connect directly through the modem, so maybe I am wrong. Maybe as long as I have a switch?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rajesh,
The programd does two things over the Internet. One, it checks every so often for updates, which I think can be turned off, but I haven't looked in awhile. Also, I send a backup of the data over the Internet to an offsite storage.
Irmoore: In the beginning, the author of this EMR was revered since he offered a fairly good EMR for not much money. The EULA was not very threatening. As the user base began to grow, his EULA and his personality has seemed to change. He has threated two users who he deems "as......... to take away their user licenses. Meanwhile, there was an uproar on the userboards. I was not too worried, because unlike the Microsoft Partner program where it is understood that it is a lease agreement, we have all paid for our licenses. He has threated to take away everyone's licenses if they don't automatically choose to upgrade every time there is a new version. Plus, one must purchase support as well.
One of the physicians has been allowed access to the source code, because he writes a lot of updates and patches. He has confideed in a few of us that he has found code which its only intent is to stop or damage the program.
I am probably confused, because Microsoft's update process that is downloaded from the Internet does have the Microsoft Genuine Certificate thing which is able to check your Microsoft Key and report back.
Would the netstat only work during a communication from his IP?
The programd does two things over the Internet. One, it checks every so often for updates, which I think can be turned off, but I haven't looked in awhile. Also, I send a backup of the data over the Internet to an offsite storage.
Irmoore: In the beginning, the author of this EMR was revered since he offered a fairly good EMR for not much money. The EULA was not very threatening. As the user base began to grow, his EULA and his personality has seemed to change. He has threated two users who he deems "as......... to take away their user licenses. Meanwhile, there was an uproar on the userboards. I was not too worried, because unlike the Microsoft Partner program where it is understood that it is a lease agreement, we have all paid for our licenses. He has threated to take away everyone's licenses if they don't automatically choose to upgrade every time there is a new version. Plus, one must purchase support as well.
One of the physicians has been allowed access to the source code, because he writes a lot of updates and patches. He has confideed in a few of us that he has found code which its only intent is to stop or damage the program.
I am probably confused, because Microsoft's update process that is downloaded from the Internet does have the Microsoft Genuine Certificate thing which is able to check your Microsoft Key and report back.
Would the netstat only work during a communication from his IP?
>Would the netstat only work during a communication from his IP?
Yes. It must be an active connection at the time you look at it.
nbtstat -b will tell you what application is kicking off the connection.
He could also set a bomb that if the application can't "phone home" after x number of tries, it will shut itself down. Just like Microsoft if you don't activate your license key within so many days...
I'd be looking for a new application vendor quick... or hire a good lawyer..
Since these are personal medical records, I'm sure HIPPA rules apply and by virtue of knowingly using what could be deemed malicious software your office could end up in deep hot water.
Yes. It must be an active connection at the time you look at it.
nbtstat -b will tell you what application is kicking off the connection.
He could also set a bomb that if the application can't "phone home" after x number of tries, it will shut itself down. Just like Microsoft if you don't activate your license key within so many days...
I'd be looking for a new application vendor quick... or hire a good lawyer..
Since these are personal medical records, I'm sure HIPPA rules apply and by virtue of knowingly using what could be deemed malicious software your office could end up in deep hot water.
I agree. You can chose either path but I would rather think of going to an alternate vendor instead of lawyer, just because it gets messy (At least here in India).
In the code if something is there, then there is nothing we can do about it.
Cheers,
Rajesh
In the code if something is there, then there is nothing we can do about it.
Cheers,
Rajesh
ASKER
Irmoore and Rajesh,
I appreciate the help as always. Basically, there are 2000 users in the same boat. We each pay $500 a year for support (which is basically non-existent). Given that his entire staff is probably three people, I have no idea why he would want to give up on $1,000,000 per year with new offices joining everyday simply to be able to "terminate a few as......." as he says it. He actually came on the boards and said that.
Everyone has years of data in this EMR, and it would be hard to go from an EMR which costs $500 in the beginning to Logicial, let's say, which costs $40,000 startup.
I appreciate the help as always. Basically, there are 2000 users in the same boat. We each pay $500 a year for support (which is basically non-existent). Given that his entire staff is probably three people, I have no idea why he would want to give up on $1,000,000 per year with new offices joining everyday simply to be able to "terminate a few as......." as he says it. He actually came on the boards and said that.
Everyone has years of data in this EMR, and it would be hard to go from an EMR which costs $500 in the beginning to Logicial, let's say, which costs $40,000 startup.
I understand, at the same time do you think if the software isn't that large then you could probably have someone do code coverage on it ? Basically the guy hired should be able to go through it and remove off the unwanted stuff.
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
One would think.
See the point is, once the traffic reaches internet, from internet somebody does something to it then nothing can be done, but we'll see. So explain what you would like to do and then we'll see about it.
Cheers,
Rajesh