Magazine article Computers in Libraries

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers

Magazine article Computers in Libraries

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers

Article excerpt

I'm writing this column at the end of December 2004, while in my day job as the systems librarian at the Monroeville Public Library, I am beginning to work on my end-of-the-year reports. I am busy compiling statistics and preparing a list of the automation department's achievements for the year.

[ILLUSTRATION OMITTED]

It is quite common, both professionally and personally, to look back at the year just ending and reflect on its major themes. In 2004, one of the big issues affecting all computer users was security. The frequent reports of new vulnerabilities in operating systems often felt like a never-ending bombardment of bad news. While staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer workstations and network servers. Yet many systems librarians assumed the job of managing library networks by default and never expected that they would have to become security experts in order to do this successfully. While systems librarians may bear the heaviest responsibility for computer security, all librarians need to be well-informed on the subject in order to follow good practices as they use computers (both in the library and at home) and also to be able to assist patrons who are searching for information on this timely topic.

The Final Say on Security

The most obvious online source of information on computer security is the CERT (Computer Emergency Readiness Team) Coordination Center, which was established in 1988 at the Software Engineering Institute (SEI) of Carnegie Mellon University. CERT is part of SEI's Network Systems Survivability Program, which seeks to "ensure that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of successful attacks, accidents, or failures." CERT's security information is disseminated through its Web site, the USENET newsgroup comp.security.announce, and through SEI publications (which include articles, research and technical reports, and papers published by staff). Internet security alerts are released in conjunction with US-CERT, the United States Computer Emergency Readiness Team. US-CERT now handles the distribution of security alerts via e-mail; those interested in receiving these alerts can sign up on the US-CERT site. There are separate mailing lists for experienced technical users and for non-technical home and corporate computer users.

[ILLUSTRATION OMITTED]

The CERT Web site is a comprehensive resource that provides information on vulnerabilities, incidents, and fixes and recommendations for security practices and evaluation. Up-to-date advisories, incident and vulnerability notes, and a log of current activity are readily available on the home page, making it easy to find out about the latest security threats. While a first-time visitor to the site might feel that it is primarily intended for experienced network administrators, there is a section on the home page devoted to new and home computer users that lists steps to take before connecting a new computer to the Internet; it also contains a primer on home network security. In addition to CERT's own resources (which include publications available through the site, presentations, and an FAQ), the site also provides links to additional computer security resources.

Another place to learn about network security issues is the Gartner, Inc. Web site, which has a section devoted to its research and analysis of security and privacy issues. Gartner, Inc. is marking its 25th anniversary as a provider of research and analysis on the global information technology industry. Although it is a for-profit business with large companies as clients, there is substantial information available on the company's site, including security surveys and spotlights on current security topics. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.