# HG changeset patch
# User Sebastien Jodogne <s.jodogne@gmail.com>
# Date 1558355008 -7200
# Node ID b15c3423b682412a6f330b539c3f9cf55a7bc430
# Parent  325dd39015478eec9cf5d38850c8ec08b0ba69e1
security

diff -r 325dd3901547 -r b15c3423b682 Sphinx/source/faq/security.rst
--- a/Sphinx/source/faq/security.rst	Sun May 19 10:08:52 2019 +0200
+++ b/Sphinx/source/faq/security.rst	Mon May 20 14:23:28 2019 +0200
@@ -123,6 +123,13 @@
 server, Orthanc also acts as a :ref:`DICOM server <dicom-protocol>`
 (more precisely, as a DICOM SCP).
 
+In general, the DICOM protocol should be disabled if running Orthanc
+on a cloud server, except if you use a VPN (cf. `reference
+<https://groups.google.com/d/msg/orthanc-users/yvHexxG3dTY/7s3A7EHVBAAJ>`__).
+Favor HTTPS for transfering medical images across sites (see
+above). You can turn off DICOM protocol by setting the configuration
+option ``DicomServerEnabled`` to ``false``.
+
 The DICOM modalities that are known to Orthanc are defined by setting
 the ``DicomModalities`` configuration option. Out-of-the-box, Orthanc
 accepts C-ECHO and C-STORE commands sent by unknown modalities, but
@@ -178,4 +185,5 @@
 **Remark:** As of Orthanc 1.5.6, `DICOM TLS encryption
 <https://www.dicomstandard.org/using/security/>`__ is not supported
 yet. We are looking for :ref:`an industrial sponsor <contributing>` to
-get this feature implemented, as it is useful in enterprise scenarios.
+get this feature implemented, as it is useful in enterprise and cloud
+environments.