Network Security
An Educational Service of
the American Library Association
Office for Information
Technology Policy
Prepared by Leslie Harris
& Associates www.lharris.com in
conjunction with OITP staff www.ala.org/oitp
------------------------------------------------------
For libraries, the issues of privacy and network security are intimately intertwined, and managing computer networks to protect user privacy is critical. Just as corporate America has adopted a number of measures to protect network security, libraries should examine their own networks and practices to ensure that the privacy of library users is preserved. At the same time, libraries should search for security measures that are as invisible as possible to the library user and that do not interfere with patron access to the panoply of library information resources.
There are two primary
security issues that libraries should consider: protection of the network (and its resources) from external attacks,
and protection from internal attacks.
The key to security from external attacks is a robust and
well-configured firewall (or series of firewalls). Generally, a firewall serves as the first line of defense from
external attacks, preventing intruders from gaining access. While virtually every network has a
firewall, the configuration of the device is absolutely critical to ensuring
that a network is secure from external attacks. The library system administrator must both understand how the
firewall works, and must also constantly monitor the numerous security threats
that arise to take advantage of flaws in firewalls or misconfigurations in
order to close any holes in the network security.
The second level of security
libraries should protect against is an attack from within the library. While these attacks can be from external
users who penetrate the firewall, more often they will come from library users
who are actively attempting to penetrate the security of internal systems and
servers. With the growing popularity of
wireless network services in libraries, libraries can no longer simply monitor
what is happening on the public access computers to ensure security; instead,
library networks need to be actively secured, using encryption, internal
firewalls, VPNs, and authentication to protect the most valuable assets a
library has - the trust of patrons that their privacy is and will continue to
be secure.
-----------------------------------------------------
Further information:
CERT:
http://www.cert.org/
History of Wireless LAN
Security:
http://www.oreillynet.com/pub/a/wireless/2002/04/19/security.html
Understanding LAN Security
Threats:
http://www.practicallynetworked.com/sharing/securitythreats.htm
LAN Security Tools:
http://www.practicallynetworked.com/sharing/securitytools.htm
O'Reilly's Security
Publications:
http://security.oreilly.com/
-----------------------------------------------------
Copyright 2002, American
Library Association, Office for
Information Technology
Policy
Disclaimer
This Online Privacy Tutorial
is a service of the American Library Association. The content of this tutorial
is primarily the work of Leslie Harris & Associates in Washington, DC. The
views expressed in these messages are not necessarily the views of ALA or
Leslie Harris & Associates. This tutorial is for information only and will
not necessarily provide answers to concerns that arise in any particular
situation. This service is not legal advice and does not include many of the
technical details arising under certain laws. If you are seeking legal advice
to address specific privacy issues, you should consult an attorney licensed to
practice in your state.