Secure access from ad hoc workstations
No | Updated | Update by | Title | Approved | Approved by | Public |
---|---|---|---|---|---|---|
1.0 | 2016-01-07 |
Bo H. Pedersen/Kaj Anker Jørgensen |
Initial version | 2016-01-07 | Kaj A. Jørgensen |
Developers
The system must be accessible by developers at any time and place in order to maintain high availability for the users; e.g. data-managers, coordinators, doctors, lab-crew, etc. In order to achieve the high security demanded by the level of confidentiality of the data, we only allow two ways of access by the developers:
1) Administrative control of the server-nodes (console+setup-access) is done through a standard VPN solution required by Region Midt, where a physical token (RSA-SecurID) combined with a personal password supports standard two-factor-authentication (2FA).
2) For OS-administrative and general deployment purposes SSH-access is required and only allowed from approved ip-numbers, which again is done by a custom 2FA, that supplies tokens by mail or sms.
Data-managers
These have access to the system through the same protocol (i.e. https) as users of the system albeit at an extended level of authorization. Again 2FA is utilized when access is attempted from an unknown ip-number, where the token exchange is done by means of the email-address by which the user is registered in the system.
July 1st 2016