Securing the i2b2 server

Below are some tips for securing your i2b2 server. Please note that these are only recommendations and not a complete guide. Please consult your IT department if you want to go online with real patient data.

Firewall configuration

It is highly recommended to activate the firewall on your Linux system. For Ubuntu Linux, the firewall software is UFW and can easily be configured. We recommend to block all ports, except those that have to be accessed (SSH, HTTP and maybe JBoss). By default, the firewall blocks all incoming connections. However, to allow incoming traffic on port 22, which is necessary if you use SSH, type:

...

   ufw logging on
   tail -f /var/log/syslog

Installing fail2ban

It is also highly recommend to install fail2ban, an intrusion prevention software framework which protects computer servers from brute-force attacks. This handy tool automatically blocks IP addresses that have - unsuccessfully - tried to log into your machine after a couple of attempts. On an Ubuntu machine, type

...