OARN Database UPDATE – SEPTEMBER 2015. We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 

Slides:

Advertisements

Similar presentations

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

Advertisements

What’s new in this release? September 6, Milestone Systems Confidential Milestone’s September release 2012 XProtect ® Web Client 1 Connect instantly.

Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.

WSUS Presented by: Nada Abdullah Ahmed.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Crime and Security in the Networked Economy Part 4.

Lesson 6 Software and Hardware Interaction

Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

12/13/20051 Egypt Education Service (EES) Capstone Design Mohammed Khalilia Saif Khairat.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Your storage on the ground; Your files in the cloud.

Video Following is a video of what can happen if you don’t update your security settings! security.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.

Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.

Copyright© 2003 Avaya Inc. All rights reserved Upgrade to Communication Manager 2.0 with Migration to Linux 8.0 Purpose: This presentation was prepared.

Programming and Application Packages

CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.

Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

Troubleshooting Windows Vista Security Chapter 4.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

Types of Electronic Infection

MMTK Access control. Session overview Introduction to access control Passwords –Computers –Files –Online spaces and networks Firewalls.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

Jalisa Eady Definitions Mr. Gabbard Pd

Incident Security & Confidentiality Integrity Availability.

Every computer along the path of your data can see what you send and receive. USERNAMES and PASSWORDS  Username can be assigned to you eg. Student ID.

DB Security, Nov 11, Database Security S. Sudarshan Computer Science and Engg. Dept I.I.T. Bombay.

INTERNET SAFETY FOR KIDS

Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.

CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.

Incident Security & Confidentiality Integrity Availability.

1 Title: Introduction to Computer Instructor: I LTAF M EHDI.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Computer Security By Duncan Hall.

Install, configure and test ICT Networks

Computer Systems Networking. What is a Network A network can be described as a number of computers that are interconnected, allowing the sharing of data.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Computer Security & Backups LO: Understanding the need for computer security and typical ways to ensure that a system is secure. Learning Outcome : Define.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

© 2014 VMware Inc. All rights reserved. Cloud Archive for vCloud ® Air™ High-level Overview August, 2015 Date.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Page ADP Technology Training. 2 Page2 Confidential Copyright © 2007 Pearson Education, Inc. and/or one or more of its direct or indirect affiliates. All.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

Securing Network Servers

Common Methods Used to Commit Computer Crimes

Introduction to Local Area Networks

An Introduction to Cloud Computing

IS4680 Security Auditing for Compliance

4.02 Develop web pages using various layouts and technologies.

G061 - Network Security.

NTC/302 NETWORK WEB SERVICES The Latest Version // uopcourse.com

NTC/302 NTC/ 302 ntc/302 ntc/ 302 NETWORK WEB SERVICES The Latest Version // uopstudy.com

NTC/302 NETWORK WEB SERVICES The Latest Version NTC 302 Entire Course Link

Presentation transcript:

OARN Database UPDATE – SEPTEMBER 2015

We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured:  All communications, between the user to the web server and between the web server to the database are encrypted.  The data itself is stored on encrypted media.  Access to the servers has been restricted: Two factor authentication has been enabled for the Google account, which is only accessed on an isolated, dedicated machine that is run from a CD rather than a hard drive. The password for the Google account is stored on an encrypted thumb drive that can only be accessed via a pin code, and which will destroy the password if more than 10 incorrect tries are attempted. Password based authentication for the webserver has been disabled. You need a set of encryption keys which are only available through the Google interface. A firewall is in place that allows only web traffic and the administrative access. The database server is restricted so that it will only communicate with the webserver.  A test migration of random data (several thousand families) has been performed to provide the beta testing team something to work with.  The database committee is currently testing the system and we’re working out the bugs.

The GNU Affero General Public License  We have released the source code under an open source license designed to ensure its future availability.  The usual GNU public license requires that modifications to the source code be made public if the software is distributed, e.g., by download over the Internet.  Because this is a server based application, I selected the Affero version of the GPL to ensure that if someone does not distribute the software, but simply allows access to it over a network, they still must share the source code.  I will be uploading the source code to GitHub once beta testing is complete.

Migration Steps  Approval of the universally shared reference table values by the database committee.  A point person at each agency (starting with the database committee) will be identified, and any agreements (e.g., a BAA for HIPAA covered agencies) will be put in place.  I will send out spreadsheets with the fields that need to be populated in order to migrate data into the new system.  Once I have data from a given agency, I will do a dry run on a test database to help ensure there are no errors and gather data about the migration (e.g., how many records of each type were migrated). The test database will immediately be destroyed after the dry run.  After working hours, I will make a backup of the production database, run the migration, and compare the results with those of the dry run.  If all looks well, I will work with the point person at the agency to test data from several families and verify that the migration was successful.

Still to come:  There are features to the user interface that still need to be added:  The assessments  A waitlist  Classroom attendance  The report server needs to be completed