Blog

BIT and DENR Work Together to Upgrade FoxPro Applications

BIT is working closely with the Department of Environment and Natural Resources (DENR) staff on a project to rewrite 37 existing FoxPro systems to .net applications with GIS components utilized in all applications. Microsoft is no longer supporting FoxPro which is why BIT is taking the systems off that platform, adding enhanced system functionality, and building desired GIS functionality into each system.  The added GIS functionality is allowing for direct online user access of information being displayed in a user friendly format.  Providing this information online is saving DENR staff time and money of retrieving it manually for taxpayers when requested.

BIT Development, Network, Data Center and DENR staff have worked to be the first state in the nation to flow data through EPA’s Virtual Node. This allows data to be shared from the EPA through a secure channel in order for it to be shared on one of DENR’s websites with the public. The same group has been working to land a 2015 grant from the Western States Water Council.  If awarded this grant, this project will allow data to be exchanged between several states to provide better access to water allocation, supply and demand through a shared site.
(For more information visit:  http://www.westernstateswater.org/wade/about-wade/)

BIT has been fortunate to be able to work closely with knowledgeable DENR staff to upgrade their systems from FoxPro to SQL and .NET. Having the ability to better serve DENR and the public’s needs by making improvements and enhancements is the icing on the cake for BIT.

For more information, the below article was recently released by the Department of Environment and Natural Resources.

PIERRE, S.D. – Today at the Department of Environment and Natural Resources (DENR) Environmental and Ground Water Quality Conference, DENR demonstrated four new interactive database GIS maps to a crowd of more than 100 people.

Located at http://arcgis.sd.gov/server/denr/gallery/default.html, searchable maps have been added to DENR’s GIS Interactive Map Dashboard. The maps provide data for more than 13,250 spill sites, about 5,000 closed and active regulated storage tanks, more than 150 locations to take recyclable materials and 97,620 filings for water right dry draw location notices.

These four interactive maps are in addition to the department’s interactive oil and gas map and construction aggregate map that have been available online. The oil and gas map opens 1,900 files for oil and gas holes and geologic logs from 96,595 other holes with a simple mouse click. The construction aggregate map shows the location of 4,651 active and closed construction aggregate mines across the state.

“As part of DENR’s continuing efforts to implement Gov. Daugaard’s priority of making state government more open by expanding e-government, these interactive maps provide information from four more huge databases that can be searched online by the public 24 hours a day, seven days a week,” said DENR Secretary Steve Pirner.

(State News posting)

Security Scanning Requirements: But Why!?

Protecting web applications is an around-the-clock job. These days nearly everything that is connected to the Internet can be considered a target. Targeted attacks are designed to gather intelligence, steal citizen’s information, disrupt operations or even destroy critical infrastructure. As the threat landscape continues to worsen, government divisions are doing all they can to keep their web properties available and secure—this is where the security scanning requirements come into play.

While various network security technologies are good at protecting the network layer, a web application can be considered a point of entry for a potential attacker. Web applications are programs ran through an Internet browser to allow people to fill out forms or to perform specific actions such as applying for hunting licenses. An insecure application can be used to compromise more than the information managed by that system alone.  The insecure application can also be used to pivot the attack onto other systems and compromise information completely disconnected from that application’s scope.  Hackers now target the web application layer by injecting attacks through the forms and fields that are open to citizens.

The South Dakota Bureau of Information and Telecommunication (BIT) requires the scans to not only protect the application in question but to protect the state infrastructure as a whole. (State infrastructure refers to the technology (hardware and software) that comprise the computer network, phone network, and connections to the Internet.) That is why BIT performs security scans for every web application or website deploying in a production environment (available for the public to use). These scans consist of attempts to gain control of the system or to gain access to the State’s data using a variety of tools and manual methods designed with one objective: attempt to exploit security vulnerabilities in an application in a safe test environment before it is deployed to the public.

As a general guideline, BIT normally (but does not always limit itself to) tests for the Open Web Application Security Project (OWASP) Top 10 vulnerabilities published at: https://www.owasp.org/index.php/Top_10_2013-Top_10. This is not an all-inclusive list— cyber security is a never-ending battle. The bad guys advance, security professionals counter, bad guys cross over—and so the cat and mouse game continues. There are always new threats and attack vectors and BIT adjusts in real time to confront these new threats.

The need to properly secure web applications is absolute. Knowing what vulnerabilities exist within a web application helps government divisions contain possible points of exposure and safe guard citizen’s data. 


A special thanks goes out to Miguel Penaranda for providing us with this article!