Since data is transfered to our server located in Michigan, a wide array of security measures are in force:
- The complete interaction with the server is secured with HTTPS.
- Input data is deleted from our servers as soon it is not needed anymore.
- We only store the number of samples and markers analyzed, we don't ever "look" at your data in anyway.
- All results are encrypted with a strong one-time password - thus, only you can read them.
- After imputation is finished, the data uploader has 7 days to use an encrypted connection to get results back.
- The complete source code is available in a public Github repository.
Who has access?
To upload and download data, users must register with a unique e-mail address and strong password. Each user can only download imputation results for samples that they have themselves uploaded; no other imputation server users will be able to access your data.
What security or firewalls protect access?
A wide array of security measures are in force on the imputation servers:
- SSH login to the servers is restricted to only systems administrators.
- Direct root login via SSH is not allowed from the public Internet.
- The public-facing side of the servers sits behind the School of Public Health's Checkpoint virtual firewall instance where a default-deny policy is used on inbound traffic; only explicitly allowed TCP ports are passed.
- The School of Public Health also makes use of NIDS technologies such as Snort and Peakflow on its network links for traffic analysis and threat detection.
- On imputation server itself, updates are run regularly by systems administrators who follow several zero-day computer security announcement lists; the OSSEC HIDS is used for log analysis and anomaly detection; and Denyhosts is used to thwart brute-force SSH login attacks.
What encryption of the data is used while the data are present?
Imputation results are encrypted with a one-time password generated by the system. The password consists of lower characters, upper characters, special characters and numbers with max. 3 duplicates.