NIPO Fieldwork System Version 1.14

Previous Topic

Next Topic

Security Considerations

Please take into account the following security considerations before and after installation of the NIPO Fieldwork System.

NIPO CATI / Web Master

For security reasons it is strongly recommended to place the NIPO CATI / Web Master inside the company company domain and behind the company firewall. For NIPO CAWI licenses, the NIPO CATI / Web Master may communicate with a NIPO Web Interview Server placed in the DMZ using a single open port.

To limit access to survey data files and to ensure continuity of services, configure file paths for the NIPO CATI / Web Master local to the machine. In this case, no network access is required.

The NIPO CATI / Web Master connects to the the SQL server using ODBC. A database username name and password must be specified in the NIPO CATI / Web Manager. The database username and password are stored in the registry of the Master in unencrypted format, so restrict registry access to the NIPO CATI / Web Master server.

NIPO Web Interview Server

The NIPO Web Interview Server should be placed in the company DMZ. The NIPO ODIN Servlet is publicly accessible through the Internet. Two connections to a service outside of the DMZ, inside the company network are used: one towards the NIPO CATI / Web Master and one towards the MS SQL server. This requires two open ports between the DMZ and the company network.

Apache Tomcat Manager

The Apache Tomcat Manager (publicly available on the NIPO Web Interview Server) allows all NIPO Web Interview services to be stopped and started. Note that default passwords exist for the Apache Tomcat Manager that must be changed in tomcat-users.xml file.

NIPO ODIN Servlet Manager

The NIPO ODIN Servlet Manager (publicly available on the NIPO Web Interview Server) allows users to check file versions, settings and connections of the NIPO Web Interview Server, and disconnect clients from the NIPO Web Interview Server. Note that default passwords exist for the NIPO ODIN Servlet Manager that must be changed in OdinServletManagerUsers.properties file.

NIPO FMS Server

The NIPO FMS Server copies Waiting, Working and Exit room files between various servers. The NIPO FMS Server must have a network login, with sufficient permissions for:

  • Read / write access on Working room, the Surveys folder in the NIPO CATI / Web Master
  • Read / write access on Waiting room and Exit room, which are usually network file server shares available to the NIPO Fieldwork System users.
  • Be able to log on as a service.

NIPO FMS Client

The NIPO FMS Client requires a first-time start by a user who has administrative privileges, to help it register a number of components. Subsequent use of the NIPO FMS may be done by a user with limited permissions.

NIPO CATI Client

The NIPO CATI Client connects to the NIPO CATI / Web Master using RPC or direct TCP/IP communication. No network access to the company network is required. For maximum security, you may wish to keep NIPO CATI Client workstations out of the company domain.

See Also
© 2012 | NIPO Software | All rights reserved Last modified: 2013-11-8 10:29:31 AM