You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Welcome to the CAREWare FAQ Page
Home > Installing, Upgrading, and Migrating CAREWare 6 > HTTP Server Setup > Securing CAREWare Internet-Facing Servers
Securing CAREWare Internet-Facing Servers
print icon

Overview

CAREWare includes the Transport Level Security (TLS) and two-factor authentication security features. This document is written for program administrators who have oversight responsibility for CAREWare installations that are accessed over the internet. Its purpose is to help familiarize you with these features.

Here is a diagram of the CAREWare 6 architecture.

 

What is TLS?

When your browser shows a green lock symbol to the left after connecting to a banking application (for example) using https:// in the URL, your browser and the server are using TLS. IT staff running the bank’s website will have obtained something called an X.509 Certificate from an official Certificate Authority (CA). The CA will have taken steps to ensure that the bank controls the URL that you connected to and that the bank is who it says it is.

Every time a client connects to a server via TLS, the protocol ensures that the server holds a secret key that only they should have. TLS is now required by HIPAA for internet-facing applications and replaces the older SSL protocol that can be hacked in certain situations.

Is TLS just for Internet Browsers?

No. While Internet Browsers like Chrome, Edge, Opera, and Firefox are the best known clients that use TLS, any client and server can use the TLS protocol. You can get instructions for configuring CAREWare with TLS here .

 

Can TLS be used if CAREWare is not internet-facing?

Yes, although you will need to register the domain name, get a certificate that includes that domain name, and make sure the server is internally available under that name.

Since the CAREWare 6 uses a browser, does the server have to be internet-facing?

No. CAREWare 6 will work on an internal network or even on a single computer.

What is CAREWare Two-Factor Authentication (2FA)?

In addition to a username and password, CAREWare 2FA prompts for the entry of a six-digit code, which is generated on a device that only the user controls. 2FA is a built-in feature that can be turned on at the server level by a CAREWare administrator. CAREWare 2FA is compatible with the Google Authenticator smart phone app and desktop apps like WinAuth.

Without 2FA, if someone finds out or guesses a username and password, he or she can gain access to client data to which that user has access. With 2FA turned on, if someone gains password information, he or she would still need to have access to that user’s device to get in.

Feedback
0 out of 0 found this helpful

Attachments

Securing_CAREWare_Internet-Facing_Servers.pdf
scroll to top icon