Securing Linux File Servers

stacksofplates

@RamblingBiped said in Securing Linux File Servers:

Will you have to have your server audited by an external entity regularly?

This a lot. That's why I recommended SCAP. You have a set of NIST rules that you can check against.

Dashrender

I'm a bit lost on what they do for you for $750/month.

They scan your charts? How many a month? They give you an external harddrive? how do you access the data before they give you the drive? what are you supposed to do with the drive?

Removing staples sadly is not trivial and is rather time consuming when it comes to scanning in pages. I didn't used to think so until I spent a week doing it. It can slow you down by half your scanning speed.

We hired two kids to sort through charts to determine what we could simply shred (patient hasn't been seen in a longer period than law requires us to keep charts). They worked around 5 hours a day each for 4 weeks, together they sent 400+ boxes of charts (anywhere from 30-60 charts) to be shred.

travisdh1

Sounds like something a decent dedicated scanner could take care of in a few minutes.

wirestyle22

@travisdh1 that's my point. I want to remove this cost big time. It's a complete waste. Thanks guys

Dashrender

@travisdh1 said in Securing Linux File Servers:

Sounds like something a decent dedicated scanner could take care of in a few minutes.

How does a scanner take care of staples?

Back to the OP - you haven't told us how many charts are being scanned per month, nor how you access that data once they do scan it.

Considering the average person working that job is making $10/hr, after benefits/taxes, etc they cost the company $15/hr minimum, assuming that was the only cost and the company made zero money for the fact that he works, the employee is working 50 hours/month. But of course almost no company is out there making zero money.. so you have to assume that they are consuming at least 50% of the income in one way or other, so the employee is working 25 hours.

So the question is, can you accomplish this task in under 25 hours a month and use the other half of the funds to pay your time, the hardware, the backups, scanner, etc? Maybe you can, maybe you can't.

travisdh1

@Dashrender said in Securing Linux File Servers:

@travisdh1 said in Securing Linux File Servers:

Sounds like something a decent dedicated scanner could take care of in a few minutes.

How does a scanner take care of staples?

If it's me, and I get permission, removing all staplers from the office.

but..
but..
but..
that's.... m.. mm... my
swingline

Don't care.

scottalanmiller

@Dashrender said in Securing Linux File Servers:

Considering the average person working that job is making $10/hr, after benefits/taxes, etc they cost the company $15/hr minimum, assuming that was the only cost and the company made zero money for the fact that he works, the employee is working 50 hours/month. But of course almost no company is out there making zero money.. so you have to assume that they are consuming at least 50% of the income in one way or other, so the employee is working 25 hours.

You can't include the profit from his work. If there is money to be made, either he's doing it in the remaining time or someone else will pick up the slack or someone else will be hired. Counting both the cost of the employee per hour and the profit that that employee can generate is double dipping unless the employee is irreplaceable and no one else can generate that revenue, which seems unlikely for a $10/hr position.

It's only the $15/hr that you need to consider. Does the employee save money or waste money is all that needs to be considered. You could easily hire a stay at home mom parent to do this part time only a few hours a day while their kid is at school two or three days a week if you had any concerns about the productivity of the full time existing staff.

wirestyle22

@Dashrender said in Securing Linux File Servers:

@travisdh1 said in Securing Linux File Servers:

Sounds like something a decent dedicated scanner could take care of in a few minutes.

How does a scanner take care of staples?

Back to the OP - you haven't told us how many charts are being scanned per month, nor how you access that data once they do scan it.

Considering the average person working that job is making $10/hr, after benefits/taxes, etc they cost the company $15/hr minimum, assuming that was the only cost and the company made zero money for the fact that he works, the employee is working 50 hours/month. But of course almost no company is out there making zero money.. so you have to assume that they are consuming at least 50% of the income in one way or other, so the employee is working 25 hours.

So the question is, can you accomplish this task in under 25 hours a month and use the other half of the funds to pay your time, the hardware, the backups, scanner, etc? Maybe you can, maybe you can't.

It would amount to 5 scans a day once we scan everything we have for the current year in. We would obviously need to do that in-house, which is fine. It's one big initial project and then very easy to maintain.

Dashrender

@scottalanmiller said in Securing Linux File Servers:

@Dashrender said in Securing Linux File Servers:

Considering the average person working that job is making $10/hr, after benefits/taxes, etc they cost the company $15/hr minimum, assuming that was the only cost and the company made zero money for the fact that he works, the employee is working 50 hours/month. But of course almost no company is out there making zero money.. so you have to assume that they are consuming at least 50% of the income in one way or other, so the employee is working 25 hours.

You can't include the profit from his work. If there is money to be made, either he's doing it in the remaining time or someone else will pick up the slack or someone else will be hired. Counting both the cost of the employee per hour and the profit that that employee can generate is double dipping unless the employee is irreplaceable and no one else can generate that revenue, which seems unlikely for a $10/hr position.

It's only the $15/hr that you need to consider. Does the employee save money or waste money is all that needs to be considered. You could easily hire a stay at home mom parent to do this part time only a few hours a day while their kid is at school two or three days a week if you had any concerns about the productivity of the full time existing staff.

Yes, the OP only needs to worry about the $15/hr part.. but the outsourced company has to consider it's profits - that's where I was going with that, I wasn't talking about the OP's company worrying about profits on an internal $15/hr employee.

Dashrender

@wirestyle22 said in Securing Linux File Servers:

@Dashrender said in Securing Linux File Servers:

@travisdh1 said in Securing Linux File Servers:

Sounds like something a decent dedicated scanner could take care of in a few minutes.

How does a scanner take care of staples?

Back to the OP - you haven't told us how many charts are being scanned per month, nor how you access that data once they do scan it.

Considering the average person working that job is making $10/hr, after benefits/taxes, etc they cost the company $15/hr minimum, assuming that was the only cost and the company made zero money for the fact that he works, the employee is working 50 hours/month. But of course almost no company is out there making zero money.. so you have to assume that they are consuming at least 50% of the income in one way or other, so the employee is working 25 hours.

So the question is, can you accomplish this task in under 25 hours a month and use the other half of the funds to pay your time, the hardware, the backups, scanner, etc? Maybe you can, maybe you can't.

It would amount to 5 scans a day once we scan everything we have for the current year in. We would obviously need to do that in-house, which is fine. It's one big initial project and then very easy to maintain.

Sure, are you telling me that your company was planning on continuing to pay the outsource company $750/month when you are in maintenance mode?

Dashrender

We have an on staff employee who takes care of the new daily scans, etc. But that person isn't very efficient (they are old and not computer savvy at all). The summer hires we did this year were basically just project work. Sadly they weren't willing to put in closer to 40 hr work weeks, the project would have been completed, or at least much more so. But I guess that was less important to some.

scottalanmiller

@Dashrender said in Securing Linux File Servers:

@scottalanmiller said in Securing Linux File Servers:

@Dashrender said in Securing Linux File Servers:

Considering the average person working that job is making $10/hr, after benefits/taxes, etc they cost the company $15/hr minimum, assuming that was the only cost and the company made zero money for the fact that he works, the employee is working 50 hours/month. But of course almost no company is out there making zero money.. so you have to assume that they are consuming at least 50% of the income in one way or other, so the employee is working 25 hours.

You can't include the profit from his work. If there is money to be made, either he's doing it in the remaining time or someone else will pick up the slack or someone else will be hired. Counting both the cost of the employee per hour and the profit that that employee can generate is double dipping unless the employee is irreplaceable and no one else can generate that revenue, which seems unlikely for a $10/hr position.

It's only the $15/hr that you need to consider. Does the employee save money or waste money is all that needs to be considered. You could easily hire a stay at home mom parent to do this part time only a few hours a day while their kid is at school two or three days a week if you had any concerns about the productivity of the full time existing staff.

Yes, the OP only needs to worry about the $15/hr part.. but the outsourced company has to consider it's profits - that's where I was going with that, I wasn't talking about the OP's company worrying about profits on an internal $15/hr employee.

The profits of the outsourced company don't matter to the decision making, though.

wirestyle22

@Dashrender You're confusing me man. There is an employee in medical records already. Instead of the company being paid to scan the stuff, we would do the initial project and then it would be maintained over time by her. It equates to 5 scans a day. I don't understand where the complication is here?

Dashrender

@scottalanmiller said in Securing Linux File Servers:

@Dashrender said in Securing Linux File Servers:

@scottalanmiller said in Securing Linux File Servers:

@Dashrender said in Securing Linux File Servers:

Considering the average person working that job is making $10/hr, after benefits/taxes, etc they cost the company $15/hr minimum, assuming that was the only cost and the company made zero money for the fact that he works, the employee is working 50 hours/month. But of course almost no company is out there making zero money.. so you have to assume that they are consuming at least 50% of the income in one way or other, so the employee is working 25 hours.

You can't include the profit from his work. If there is money to be made, either he's doing it in the remaining time or someone else will pick up the slack or someone else will be hired. Counting both the cost of the employee per hour and the profit that that employee can generate is double dipping unless the employee is irreplaceable and no one else can generate that revenue, which seems unlikely for a $10/hr position.

It's only the $15/hr that you need to consider. Does the employee save money or waste money is all that needs to be considered. You could easily hire a stay at home mom parent to do this part time only a few hours a day while their kid is at school two or three days a week if you had any concerns about the productivity of the full time existing staff.

Yes, the OP only needs to worry about the $15/hr part.. but the outsourced company has to consider it's profits - that's where I was going with that, I wasn't talking about the OP's company worrying about profits on an internal $15/hr employee.

The profits of the outsourced company don't matter to the decision making, though.

True, the only thing that matters is, can the OP hire a person and acquire the needed hardware, etc to get the job done for less?

Dashrender

@wirestyle22 said in Securing Linux File Servers:

@Dashrender You're confusing me man. There is an employee in medical records already. Instead of the company being paid to scan the stuff, we would do the initial project and then it would be maintained over time by her. It equates to 5 scans a day. I don't understand where the complication is here?

5 scans a day? since the beginning? or did it drop to this number recently?

wirestyle22

@Dashrender said in Securing Linux File Servers:

@wirestyle22 said in Securing Linux File Servers:

@Dashrender You're confusing me man. There is an employee in medical records already. Instead of the company being paid to scan the stuff, we would do the initial project and then it would be maintained over time by her. It equates to 5 scans a day. I don't understand where the complication is here?

5 scans a day? since the beginning? or did it drop to this number recently?

It's been this the entire time. The issue is they are charging for one huge project a year, an external hard drive and some cloud storage. 9k+ a year.

Veet

Hi,

Perhaps I'm missing something, or have not read the entire thread properly, but why would a NAS not work over here ? Unless, the server would be performing some other function, apart from acting as a File Server ... Most NAS boxes too use Linux-based operating systems...

wirestyle22

@Veet said in Securing Linux File Servers:

Hi,

Perhaps I'm missing something, or have not read the entire thread properly, but why would a NAS not work over here ? Unless, the server would be performing some other function, apart from acting as a File Server ... Most NAS boxes too use Linux-based operating systems...

My company had some bad experiences with NAS and as a result are very close minded about them. This is my way around that.

scottalanmiller

@wirestyle22 said in Securing Linux File Servers:

@Veet said in Securing Linux File Servers:

Hi,

Perhaps I'm missing something, or have not read the entire thread properly, but why would a NAS not work over here ? Unless, the server would be performing some other function, apart from acting as a File Server ... Most NAS boxes too use Linux-based operating systems...

My company had some bad experiences with NAS and as a result are very close minded about them. This is my way around that.

Call it a file server. Problem solved.

dafyre

@scottalanmiller said in Securing Linux File Servers:

@wirestyle22 said in Securing Linux File Servers:

@Veet said in Securing Linux File Servers:

Hi,

Perhaps I'm missing something, or have not read the entire thread properly, but why would a NAS not work over here ? Unless, the server would be performing some other function, apart from acting as a File Server ... Most NAS boxes too use Linux-based operating systems...

My company had some bad experiences with NAS and as a result are very close minded about them. This is my way around that.

Call it a file server. Problem solved.

And just back it up to hard drives with a network card attached. (Don't call it a NAS, lol).