http://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&feed=atom&action=historyOpenMRS Security Assessment - Revision history2024-03-29T09:56:24ZRevision history for this page on the wikiMediaWiki 1.18.1http://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=12661&oldid=prevClif.kussmaul at 11:22, 8 September 20182018-09-08T11:22:34Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 11:22, 8 September 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{{Learning Activity Overview</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{{Learning Activity Overview</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|title=</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|title=</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">''Title of the module (same as page name).''</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">OpenMRS Security Assessment</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|overview=</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|overview=</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">''High level description </del>of <del class="diffchange diffchange-inline">what </del>the <del class="diffchange diffchange-inline">student will do</del>.<del class="diffchange diffchange-inline">''</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">This is a series </ins>of <ins class="diffchange diffchange-inline">assignments that walk a computer security class through </ins>the <ins class="diffchange diffchange-inline">process of conducting a security assessment of OpenMRS</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|prerequisites=</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|prerequisites=</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>''What topics and tools does the student need to know prior to beginning this module? ''</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>''What topics and tools does the student need to know prior to beginning this module? ''</div></td></tr>
</table>Clif.kussmaulhttp://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=12660&oldid=prevClif.kussmaul at 11:21, 8 September 20182018-09-08T11:21:58Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 11:21, 8 September 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 64:</td>
<td colspan="2" class="diff-lineno">Line 64:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Learning Module]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Learning Module]]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category:Learning Activity]]</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Privacy and Security]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Privacy and Security]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:OpenMRS]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:OpenMRS]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Good Draft]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Good Draft]]</div></td></tr>
</table>Clif.kussmaulhttp://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=12652&oldid=prevClif.kussmaul at 10:56, 8 September 20182018-09-08T10:56:17Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 10:56, 8 September 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>=OpenMRS Security Assessment=</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">__NOTOC__</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">{{Learning Activity Overview</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|title=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''Title of the module (same as page name).''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|overview=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''High level description of what the student will do.''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|prerequisites=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''What topics and tools does the student need to know prior to beginning this module? ''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|objectives=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''What should the student be able to do after completing this module?''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|process skills=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''What process skills will the student practice while completing this module?''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">}}</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>= OpenMRS Security Assessment =</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with [http://www.hhs.gov/ocr/privacy/index.html Department of Health and Human Services regulations] authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with [http://www.hhs.gov/ocr/privacy/index.html Department of Health and Human Services regulations] authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 5:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is a series of assignments that walk a computer security class through the process of conducting a security assessment of OpenMRS.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is a series of assignments that walk a computer security class through the process of conducting a security assessment of OpenMRS.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>==Preparation==</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>== Preparation ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You will need to have a server that the class can use to test OpenMRS. Most OpenMRS installations are on Linix, so selecting Linux will make your assessment more directly relevant to typical installations. However, selecting Windows or Mac could be valuable in revealing vulnerabilities specific to those lesser-tested operating systems. Install Tomcat and MySQL on the system. Provide logins for all of the students, and set permissions so that the students can deploy applications to Tomcat. (On my system, this was done by putting all of the students into a group, and giving the group read-write-execute permission on Tomcat's webapps directory.)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You will need to have a server that the class can use to test OpenMRS. Most OpenMRS installations are on Linix, so selecting Linux will make your assessment more directly relevant to typical installations. However, selecting Windows or Mac could be valuable in revealing vulnerabilities specific to those lesser-tested operating systems. Install Tomcat and MySQL on the system. Provide logins for all of the students, and set permissions so that the students can deploy applications to Tomcat. (On my system, this was done by putting all of the students into a group, and giving the group read-write-execute permission on Tomcat's webapps directory.)</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 14:</td>
<td colspan="2" class="diff-lineno">Line 29:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>These students should be excused from other assignments that the rest of the class is doing. Once the security assessment starts, they need to serve as a resource for the rest of the class. They should acknowledge problems that other students have within 12 hours, and either solve the problem or get help within 24 hrs (using OpenMRS resources if the issue is with OpenMRS or instructor resources if the issue is with server configuration). They will be graded based on their ability to get OpenMRS installed and working, the documentation they produce and their responsiveness in helping other students.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>These students should be excused from other assignments that the rest of the class is doing. Once the security assessment starts, they need to serve as a resource for the rest of the class. They should acknowledge problems that other students have within 12 hours, and either solve the problem or get help within 24 hrs (using OpenMRS resources if the issue is with OpenMRS or instructor resources if the issue is with server configuration). They will be graded based on their ability to get OpenMRS installed and working, the documentation they produce and their responsiveness in helping other students.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>==Group Selection==</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>== Group Selection ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Groups need to be selected or assigned during stage 2 of the assignment (interview).  Generally, I write the options on the board and let students self-select, with some shepherding to make sure we get good coverage of the assessment areas. More details are provided in [[OpenMRS Security Assessment 3]].</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Groups need to be selected or assigned during stage 2 of the assignment (interview).  Generally, I write the options on the board and let students self-select, with some shepherding to make sure we get good coverage of the assessment areas. More details are provided in [[OpenMRS Security Assessment 3]].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>==Assignments==</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>== Assignments ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 1]] Gather documentation</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 1]] Gather documentation</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 2]] Interview</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 2]] Interview</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 27:</td>
<td colspan="2" class="diff-lineno">Line 42:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">--------------------</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>=== <ins class="diffchange diffchange-inline">Additional Information =</ins>==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">This work by [[User:Scrain|Steven P. Crain]] ([http://www.google.com/recaptcha/mailhide/d?k</del>=<del class="diffchange diffchange-inline">01kQLVRud4_G4fLVvieRmptw</del>==<del class="diffchange diffchange-inline">&c</del>=<del class="diffchange diffchange-inline">xzrJ5nOx65OjeB8B5xOwSUCBUqxRQDpU96mG9Bes_GQ</del>= <del class="diffchange diffchange-inline">...@plattsburgh.edu]) is licensed under a </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">[http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License]</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>[[<del class="diffchange diffchange-inline">File</del>:<del class="diffchange diffchange-inline">Creativecommons-by-nc-sa-40</del>.<del class="diffchange diffchange-inline">png</del>]]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">{{Learning Activity Info</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|acm unit=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''What ACM Computing Curricula 2013 knowledge area and units are covered?''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|acm topic=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''What specific topics are addressed?''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|difficulty=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''Is this module easy, medium, or hard?''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|time=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''How long should a typical student take to complete the module?''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|environment=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''What does the student need? (e.g. Internet access, IRC client, Git Hub account, LINUX machine, etc.)''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|author=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>[[<ins class="diffchange diffchange-inline">User</ins>:<ins class="diffchange diffchange-inline">Scrain|Steven P</ins>. <ins class="diffchange diffchange-inline">Crain</ins>]] <ins class="diffchange diffchange-inline">([http://www.google.com/recaptcha/mailhide/d?k=01kQLVRud4_G4fLVvieRmptw==&c=xzrJ5nOx65OjeB8B5xOwSUCBUqxRQDpU96mG9Bes_GQ= ...@plattsburgh.edu])</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|source=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">''Is there another module on which this module is based?  If so, please provide a link to the original resource.''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">|license=</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">{{License CC BY NC SA}}</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">}}</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>[[Category: <del class="diffchange diffchange-inline">Learning_Activity</del>]]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>[[Category:<ins class="diffchange diffchange-inline">Learning Module</ins>]]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>[[Category: <del class="diffchange diffchange-inline">OpenMRS</del>]]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>[[Category:<ins class="diffchange diffchange-inline">Privacy and Security</ins>]]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>[[Category: <del class="diffchange diffchange-inline">Privacy_and_Security</del>]]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>[[Category:<ins class="diffchange diffchange-inline">OpenMRS</ins>]]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>[[Category: Good Draft]]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>[[Category:Good Draft]]</div></td></tr>
</table>Clif.kussmaulhttp://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=9386&oldid=prevHislop at 17:29, 8 March 20172017-03-08T17:29:25Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 17:29, 8 March 2017</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 36:</td>
<td colspan="2" class="diff-lineno">Line 36:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: OpenMRS]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: OpenMRS]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: Privacy_and_Security]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: Privacy_and_Security]]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category: Good Draft]]</ins></div></td></tr>
</table>Hislophttp://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=6315&oldid=prevScrain: /* Assignments */2016-06-30T19:57:57Z<p><span class="autocomment">Assignments</span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 19:57, 30 June 2016</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 1]] Gather documentation</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 1]] Gather documentation</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 2]] Interview</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 2]] Interview</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 3]] Exploration, or Being productively lost</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 3<ins class="diffchange diffchange-inline">]] Installation</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">* [[OpenMRS Security Assessment 3B</ins>]] Exploration, or Being productively lost</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 4]] Identify assets and threats</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 4]] Identify assets and threats</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 5]] Assess risks and design principles</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 5]] Assess risks and design principles</div></td></tr>
</table>Scrainhttp://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=6314&oldid=prevScrain: /* Assignments */2016-06-30T19:56:26Z<p><span class="autocomment">Assignments</span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 19:56, 30 June 2016</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 1]] Gather documentation</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 1]] Gather documentation</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 2]] Interview</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 2]] Interview</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 3]] <del class="diffchange diffchange-inline">Set up the environment</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 3]] <ins class="diffchange diffchange-inline">Exploration, or Being productively lost</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 4]] Identify assets and threats</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 4]] Identify assets and threats</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 5]] Assess risks and design principles</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [[OpenMRS Security Assessment 5]] Assess risks and design principles</div></td></tr>
</table>Scrainhttp://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=6301&oldid=prevScrain: /* Assignments */2016-06-29T22:39:01Z<p><span class="autocomment">Assignments</span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 22:39, 29 June 2016</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>These students should be excused from other assignments that the rest of the class is doing. Once the security assessment starts, they need to serve as a resource for the rest of the class. They should acknowledge problems that other students have within 12 hours, and either solve the problem or get help within 24 hrs (using OpenMRS resources if the issue is with OpenMRS or instructor resources if the issue is with server configuration). They will be graded based on their ability to get OpenMRS installed and working, the documentation they produce and their responsiveness in helping other students.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>These students should be excused from other assignments that the rest of the class is doing. Once the security assessment starts, they need to serve as a resource for the rest of the class. They should acknowledge problems that other students have within 12 hours, and either solve the problem or get help within 24 hrs (using OpenMRS resources if the issue is with OpenMRS or instructor resources if the issue is with server configuration). They will be graded based on their ability to get OpenMRS installed and working, the documentation they produce and their responsiveness in helping other students.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">==Group Selection==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Groups need to be selected or assigned during stage 2 of the assignment (interview).  Generally, I write the options on the board and let students self-select, with some shepherding to make sure we get good coverage of the assessment areas. More details are provided in [[OpenMRS Security Assessment 3]].</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Assignments==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Assignments==</div></td></tr>
</table>Scrainhttp://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=6300&oldid=prevScrain at 22:18, 29 June 20162016-06-29T22:18:33Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 22:18, 29 June 2016</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 4:</td>
<td colspan="2" class="diff-lineno">Line 4:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is a series of assignments that walk a computer security class through the process of conducting a security assessment of OpenMRS.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is a series of assignments that walk a computer security class through the process of conducting a security assessment of OpenMRS.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">==Preparation==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">You will need to have a server that the class can use to test OpenMRS. Most OpenMRS installations are on Linix, so selecting Linux will make your assessment more directly relevant to typical installations. However, selecting Windows or Mac could be valuable in revealing vulnerabilities specific to those lesser-tested operating systems. Install Tomcat and MySQL on the system. Provide logins for all of the students, and set permissions so that the students can deploy applications to Tomcat. (On my system, this was done by putting all of the students into a group, and giving the group read-write-execute permission on Tomcat's webapps directory.)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">About 3 weeks before beginning this assignment, select 2 students who will be responsible for setting up the OpenMRS system on the server. They should have some system administration experience and demonstrated problem-solving ability. One should have experience with Java development. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Assign these students to work together to install OpenMRS and the reference or legacy user interface on the server. They should keep careful records of what they do, especially noting any security issues they encounter. They often prefer to set up a Linux virtual machine on their own laptop, get OpenMRS working there, and then install it on the real server once they know what works.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">These students should be excused from other assignments that the rest of the class is doing. Once the security assessment starts, they need to serve as a resource for the rest of the class. They should acknowledge problems that other students have within 12 hours, and either solve the problem or get help within 24 hrs (using OpenMRS resources if the issue is with OpenMRS or instructor resources if the issue is with server configuration). They will be graded based on their ability to get OpenMRS installed and working, the documentation they produce and their responsiveness in helping other students.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Assignments==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Assignments==</div></td></tr>
</table>Scrainhttp://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=4476&oldid=prevScrain: /* Assignments */ Fix links2015-08-18T21:38:04Z<p><span class="autocomment">Assignments: </span> Fix links</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:38, 18 August 2015</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 6:</td>
<td colspan="2" class="diff-lineno">Line 6:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Assignments==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Assignments==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>* [OpenMRS Security Assessment 1] Gather documentation</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* <ins class="diffchange diffchange-inline">[</ins>[OpenMRS Security Assessment 1<ins class="diffchange diffchange-inline">]</ins>] Gather documentation</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>* [OpenMRS Security Assessment 2] Interview</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* <ins class="diffchange diffchange-inline">[</ins>[OpenMRS Security Assessment 2<ins class="diffchange diffchange-inline">]</ins>] Interview</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>* [OpenMRS Security Assessment 3] Set up the environment</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* <ins class="diffchange diffchange-inline">[</ins>[OpenMRS Security Assessment 3<ins class="diffchange diffchange-inline">]</ins>] Set up the environment</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>* [OpenMRS Security Assessment 4] Identify assets and threats</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* <ins class="diffchange diffchange-inline">[</ins>[OpenMRS Security Assessment 4<ins class="diffchange diffchange-inline">]</ins>] Identify assets and threats</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>* [OpenMRS Security Assessment 5] Assess risks and design principles</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* <ins class="diffchange diffchange-inline">[</ins>[OpenMRS Security Assessment 5<ins class="diffchange diffchange-inline">]</ins>] Assess risks and design principles</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>* [OpenMRS Security Assessment 6] Make recommendations and write final report</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* <ins class="diffchange diffchange-inline">[</ins>[OpenMRS Security Assessment 6<ins class="diffchange diffchange-inline">]</ins>] Make recommendations and write final report</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
</table>Scrainhttp://foss2serve.org/index.php?title=OpenMRS_Security_Assessment&diff=4475&oldid=prevScrain: Added byline2015-08-18T21:37:26Z<p>Added byline</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:37, 18 August 2015</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 15:</td>
<td colspan="2" class="diff-lineno">Line 15:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>--------------------</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>--------------------</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>This work is licensed under a  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>This work <ins class="diffchange diffchange-inline">by [[User:Scrain|Steven P. Crain]] ([http://www.google.com/recaptcha/mailhide/d?k=01kQLVRud4_G4fLVvieRmptw==&c=xzrJ5nOx65OjeB8B5xOwSUCBUqxRQDpU96mG9Bes_GQ= ...@plattsburgh.edu]) </ins>is licensed under a  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
</table>Scrain