Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Medicine IT

Ask Slashdot: Do I Give IT a Login On Our Dept. Server? 1307

Posted by CmdrTaco from the would-they-give-one-to-you dept.
jddorian writes "I am head of a clinical division at an academic hospital (not Radiology, but similarly tech oriented). My fellow faculty (a dozen or so) want to switch from a paper calendar to electronic (night and weekend on-call schedule). Most have an iPhone or similar, so I envisaged a CalDAV server. The Hospital IT department doesn't offer any iPhone compatible calendar tool, so I bought (with my cash) a tiny server, installed BSD and OpenLDAP for accounts, and installed and configured DAViCal. After I tested it out, I emailed IT to ask to allow port 8443 through the hospital firewall to this server. The tech (after asking what port 8443 was for), said he would unblock the port after I provide him with a login account on the machine (though 'I don't need root access'). I was taken aback, and after considering it, I am still leaning toward opposing this request, possibly taking this up the chain. I'm happy to allow any scan, to ensure it has no security issues, but I'd rather not let anyone else have a login account. What do the readers of Slashdot think? Should I give IT a login account on a server that is not owned or managed by them?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Do I Give IT a Login On Our Dept. Server? More

Ask Slashdot: Do I Give IT a Login On Our Dept. Server?

Comments Filter:

  • Tell them to reimburse you (Score:2, Interesting)

    by kimvette ( 919543 ) on Monday April 18, 2011 @12:23PM (#35856332) Homepage Journal

    Tell them that the second they reimburse you for the server they can not only get a login, but they can become responsible for its maintenance and security and they had better be sure it has a solid uptime. That only seems reasonable. :-)

  • RTFP (Read the Foolish Policies) (Score:5, Interesting)

    by cbelt3 ( 741637 ) <cbelt&yahoo,com> on Monday April 18, 2011 @12:26PM (#35856386) Journal

    What you've done would cause any professional IT group to get out the hot tar, feathers, and rail. Or at least come into your office and ask you politely to remove the damn server from their facility. And never do this again. You must have missed all the security briefings, the issues with HIPPA, and whatnot when you were looking at systems. What you've done is to create a 'rogue system'.

    Imagine one of your kids sets up a server in your house. You don't understand it, you don't know if it's happily sniffing network traffic to steal passwords so pizza can be ordered using your credit cards, serving up pr0n, or just running minecraft. Would you willy nilly allow the kids to open a port on your firewall without the ability to audit what they're doing ?

    Of course not.

    Personally I'm amazed that they only asked for an account on your little server. I would have gone over and watched while you removed it from the facility and put in in your car.

  • Re:Obvious question from their perspective (Score:4, Interesting)

    by jafiwam ( 310805 ) on Monday April 18, 2011 @12:36PM (#35856598) Homepage Journal

    It's probably also AGAINST THE LAW. Christ. Submitter is an unmitigated moron. People are going to jail for HIPPA violations and you want to dump any old crap on the hospital network for a CALENDAR? Just use an external web based thing ya moron. Try Google Apps.

    I'd have gone right to the pres and required you be fired immediately OP. Arrogant doctors are not to be let loose on the network without training wheels.

  • Re:I dunno (Score:5, Interesting)

    by Vlado ( 817879 ) on Monday April 18, 2011 @12:43PM (#35856742) Homepage

    I heard such stories about hospitals over and over again.

    Essentially what it boils down to is that hospital IT departments have almost no chance of establishing good environments, because every doctor that has 5 seconds of free time feels like they have both the authority and obligation to directly interfere with how IT does things.

    Situations can vary from either the I've-been-working-for-50-years-without-a-computer-and-I'm-not-gonna-learn-how-to-use-one-now to what we have here where someone know how to make things better by themselves and simply bypasses the whole system with an application that is not supported or endorsed by the IT. And for sure does not integrate with other data-flow activities that are going on in the hospital.

    In the end IT guys run for cover anytime when some local "god" decides that their way is best and things will run how they seem fit, because they just bought a new iPhone and want to have EVERYTHING interact with it. Screw the company-issued smartphones!

    I'm aware that there might be bureaucratic red tape involved in getting things done. But if you go outside of system in the end you just make sure that nothing works for anyone instead of having a list of services that are stable and continue growing at a steady pace, based on a good input from everyone.

    In any case, at the end of the day, why does a service like that even need to be hosted from within a hospital? Plug the server in at home and you avoid any problems if the calendar in iPhone is such a big deal for you. /Disclaimer: iPhone is just an example here. Enter your preferred/hated brand instead

Slashdot Top Deals

"The four building blocks of the universe are fire, water, gravel and vinyl." -- Dave Barry

Close