[Air-l] re IRBs vs. secure technologies

[elijah wright]

> result, we turn away fewer respondents.  It is odd though that people
> are concerned about sending a survey via the Internet, when it would
> take very specialized equipment to intercept the data and make sense out
> of it,

not very much specialized equipment required at all - off the shelf
hardware and software will do perfectly well.

> respondents information, the potential for a problem is much larger.  I
> can't pretend to talk about this area, as it truly requires somone who
> really knows about network security, and that is not I.  But certainly,
> any researcher conducting Web-based research must have something in
> place to protect their "back end" databases from attack or theft.

the ideal scenario for a database server to hold 'sensitive' survey (or
other) results:

* the database is the only service running on the machine
* no other ports are open or services are running, period ["perhaps" SSH
  is a reasonable thing to allow, for maintenance purposes, but that
  carries its own risks as well..]
* the database server is on an isolated network segment [and hopefully the
  web server as well]
* the database has an adequate set of firewall rules and a
  security-hardened kernel installed [this, obviously, implies that the
  database server not be a windows machine...]
* clients connecting to the database server are forced to use SSL-enabled
  versions of the DB client protocols
* client connections to the database are restricted to only those machines
  which the survey implementors are running their survey on - probably
  just their web server.

this is probably unreasonably paranoid, but it would almost certainly pass
any 'rules' that HIPPA or other compliance would impose upon you.

[there aren't a whole lot of ways left to make such a machine more secure-
unfortunately, the requirement regimes that legislators like to impose
tend to PREVENT you from actually implementing something 'correctly'...]

--elijah