COMETH Winter School 2021 Data Security FAQ 

 

What Data Security measures uare taken during the training ?

 

Since data is transferred to our server located in Heidelberg University, a wide array of security measures are in force:

  • The complete interaction with the server is secured with HTTPS.

  • Input data is deleted from our servers as soon it is not needed anymore.

  • We only store bulk samples genes/probes counts, we don't ever "look" at your data in anyway.

  • After analysis is finished, the user has 7 days to get results back.

  • The complete source code is available in a public Github repository.

 

Who has access ?

To upload and download data, users must register with a unique e-mail address and strong password.

  • Each user can only analyse and download results for samples that they have themselves uploaded.

  • No other server users will be able to access your data.

 

What security or firewalls protect access?

A wide array of security measures are in force on the analysis servers:

  • SSH login to the servers is restricted to only systems administrators.

  • Direct login via SSH is not allowed from the public Internet.

  • The public-facing side of the servers sits behind the Heidelberg University virtual firewall instance where a default-deny policy is used on inbound traffic; only explicitly allowed TCP ports are passed.

  • The Heidelberg University also makes use of NIDS technologies such as Snort and Peakflow on its network links for traffic analysis and threat detection.

  • On analysis server itself, updates are run regularly by systems administrators who follow several zero-day computer security announcement lists; the OSSEC HIDS is used for log analysis and anomaly detection; and Denyhosts is used to thwart brute-force SSH login attacks.

 

Are the data encrypted  while the data are in use

As stated in the data analysis consent form, the participant will not share personal data or data that can be used for individual identification. Therefore the data will not be encrypted while stored on the secured system.