The KISS Blog
Welcome! For the most part our goal is to share with you some of the more interesting projects we work on, technical lessons learned, or otherwise things we find interesting related to technology. For now there is no ability to comment on posts though this may change in the future. Feel free to Contact Us directly with any questions or suggestions.
Let's Encrypt is a free, automated certificate authority available to anyone. However, unlike going to Godaddy and purchasing a certificate thats valid for a year or more Let's Encrypt certificates are only valid for 90 days, so having the proper automation in place to easily renew them is a must. Today we're going to cover our approach to managing this. We've been implementing a lot of certs recently using this service and are very impressed with its functionality, especially the ability to automate the certificate renewals in conjunction with existing Apache configurations. The following example will show how to go from the initial certificate request to automated renewals on a FreeBSD system running Apache. Linux systems running Apache would be essentially the same with a few minor path adjustments.
In this our second post in a series outlining some new health care related services we're now providing, we're going to review what we can do for you and your organization regarding HIPAA/HITECH compliance. First off, when we say HIPAA/HITECH we're referring to all requirements of the HITECH Act as it relates to HIPAA including the Omnibus rule updates. Furthermore, we're not going to go over the details of HIPAA or the Hitech security rule. There are many resources that have already covered that.
What we would like to do is provide some details of how we approach HIPAA/HITECH and how we could help you accomplish your goals. In our opinion, it is more about developing a proper mindset of securing your Electronic Protected Health Information (ePHI) and having the proper processes and procedures in place to back that up than it is about having a defined checklist of requirements that you can simply review and check off and call it done. We believe it is a living process that if followed in your day to day IT work should align with the requirements when your work is complete.
This is a little bit of a different post than we would usually publish, but we wanted to bring to your attention some new health care related services we've been providing that we'd like to highlight, the first one being Electronic Data Interchange (EDI) Services. This is the first of two posts planned to outline these new services.
Some time in 2016 we were first asked by a valued client to help out with an HL7 interface with one of their partners. At the time, the only thing known about how these sorts of technologies work is that HL7 is a text based protocol with various delimiters. In usual fashion we dug in and started figuring it out. Over a year later and systems built both from scratch as well as using Mirth Connect we've become quite comfortable working with the technologies and want you to know that we're available to help tame your next EDI integration beast.
In this post we'll show how to lock down a port on a Zyxel GS1900 network switch to only allow traffic for specific MAC address. The Zyxel documentation is very lacking when it comes to the port security features so we figured we'd share these details in hopes that others could benefit from the time we put into getting this working. Here at the office we have one of these switches and a recent need arose to ensure that only some owned devices could plug into a port and get on the private network. Thus far the switch has been a great piece of equipment for the price, performs well, and met our minimal needs. I knew that it supported port security such as this but once logged into the web interface the options didn't make much sense at first. But after a little trial and error I figured it out and we now have a port secured to only allow two specific MAC addresses to connect to it.
Welcome back to the KISS Blog! Its been a while since we posted so I thought I'd bring to your attention a PHP library recently developed to fill a need that was not already out there and easy to find. While working on an application we needed to scan user uploaded files to ensure they were not carrying any known viruses. ClamAV being the standard choice for server side scanning such as this will be used for checking the files. Now we just needed to interface with ClamAV from our CodeIgniter app.
Historically, the php-clamav module has been used for this. However it does not currently support PHP 7.x. Now that PHP 7.x has started to be used in production environments we don't want to build on anything that is not compatible with the new versions so decided against this module. Some Google searches resulted in a few other options that either was not immediately compatible with CodeIgniter or required composer and all that jazz. Anyone who knows us knows how we feel about pulling in piles of dependencies for simple tasks.
So off I went to create just what we needed, a simple library to scan files from PHP using ClamAV. This class can be used both as a drop in CodeIgniter library or a standalone class in any PHP code. The library is named php-clamav-scan and can be downloaded from our GitHub account: https://github.com/kissit/php-clamav-scan.