Network Security

 

An Educational Service of the American Library Association

Office for Information Technology Policy

 

Prepared by Leslie Harris & Associates www.lharris.com in conjunction with OITP staff www.ala.org/oitp

------------------------------------------------------

For libraries, the issues of privacy and network security are intimately intertwined, and managing computer networks to protect user privacy is critical.  Just as corporate America has adopted a number of measures to protect network security, libraries should examine their own networks and practices to ensure that the privacy of library users is preserved.  At the same time, libraries should search for security measures that are as invisible as possible to the library user and that do not interfere with patron access to the panoply of library information resources.

 

There are two primary security issues that libraries should consider:  protection of the network (and its resources) from external attacks, and protection from internal attacks.  The key to security from external attacks is a robust and well-configured firewall (or series of firewalls).  Generally, a firewall serves as the first line of defense from external attacks, preventing intruders from gaining access.  While virtually every network has a firewall, the configuration of the device is absolutely critical to ensuring that a network is secure from external attacks.  The library system administrator must both understand how the firewall works, and must also constantly monitor the numerous security threats that arise to take advantage of flaws in firewalls or misconfigurations in order to close any holes in the network security.

 

The second level of security libraries should protect against is an attack from within the library.  While these attacks can be from external users who penetrate the firewall, more often they will come from library users who are actively attempting to penetrate the security of internal systems and servers.  With the growing popularity of wireless network services in libraries, libraries can no longer simply monitor what is happening on the public access computers to ensure security; instead, library networks need to be actively secured, using encryption, internal firewalls, VPNs, and authentication to protect the most valuable assets a library has - the trust of patrons that their privacy is and will continue to be secure. 

 

-----------------------------------------------------

Further information:

 

CERT:

http://www.cert.org/

 

History of Wireless LAN Security:

http://www.oreillynet.com/pub/a/wireless/2002/04/19/security.html

 

Understanding LAN Security Threats:

http://www.practicallynetworked.com/sharing/securitythreats.htm

 

LAN Security Tools:

http://www.practicallynetworked.com/sharing/securitytools.htm

 

O'Reilly's Security Publications:

http://security.oreilly.com/

 

-----------------------------------------------------

Copyright 2002, American Library Association, Office for

Information Technology Policy

 

Disclaimer

 

This Online Privacy Tutorial is a service of the American Library Association. The content of this tutorial is primarily the work of Leslie Harris & Associates in Washington, DC. The views expressed in these messages are not necessarily the views of ALA or Leslie Harris & Associates. This tutorial is for information only and will not necessarily provide answers to concerns that arise in any particular situation. This service is not legal advice and does not include many of the technical details arising under certain laws. If you are seeking legal advice to address specific privacy issues, you should consult an attorney licensed to practice in your state.