Computer Security Issues in Libraries

1
Computer Security Issues in Libraries
By
Daniel Fidel Ferrer Head of Library
Systems Central Michigan University Libraries
Ryan Laus Programmer/Analyst Central Michigan
University Libraries
Mary Mead Programmer/Analyst Central Michigan
University Libraries
2
Library Policies

• Interpretation of the Library Bill of Rights
• http//www.ala.org/alaorg/oif.electacc.html
• Michigan State University Policies
• http//www.msu.edu/dig/aup/msuaup.html
• Anonymous Access (Survey of various Libraries)
• http//bones.med.ohio-state.edu/eric/authenticatio
  n.html
• MichNet Policies
• http//www.merit.edu/michnet/policies/acceptable.u
  se.policy.html
• University of Michigan Policies
• http//www.umich.edu/policies/acceptable-use-poli
  cy

3
Common Ways to Protect Your Computer/Server

• Lock workstation before leaving for extended
  periods of time
• Microsoft Updates Current
• Virus protection
• Personal firewall
• File Protection
• Sign-on security
• Server Security

4
Most Common Viruses

• BackDoor Virus
• Can copy/delete files on host system, change
  registry, and allow programs to be ran by
  attacker
• HapTime Virus
• Can Delete vital .DLL files on infected system
• Nimda Virus
• Creates a hidden share on infected computer,
  e-mails virus to any person in Outlook address
  book

5
McAfee Virus Updates via SMS

• DAT files are updated via SMS push
• What is SMS?
• SMS stand for Systems Management Server
• Small client piece installed on each workstation
• Centralized database containing information on
  each machine (HD size, memory, OS, processor
  speed)
• Allows software to be updated automatically, with
  no user intervention

6
What is ZoneAlarm?

• ZoneAlarm is a personal firewall for each machine
• Hides your machine from other machines on the
  network
• Makes machines harder for hackers to break into
• Allows you to monitor any programs from your
  machine that try to access the Internet

7
Why Encrypt Your Files?

• If your operating system is Windows 2000, and
  your file system is NTFS, you can use the Windows
  2000 Encryption File System(EFS)
• EFS will secure data on the hard drive using a
  decryption key
• If the hard drive is accessed by an intruder, the
  files are unreadable without the decryption key
• Only the user who encrypted the file can access it

8
How to Encrypt Files

• Right click on the file or folder and select
  properties
• On the General tab, click Advanced
• Add a check mark to the box Encrypt Contents to
  Secure Data
• Click OK
• You will be asked whether to encrypt the file or
  the folder and its contents
• Only the user who encrypted the file/folder can
  decrypt it

9
Clear Text vs. Secure Sign on

• Clear text passwords are vulnerable since
  password information is not encrypted
• Clear text passwords are often transmitted
  through telnet and FTP sessions, which make them
  vulnerable to packet sniffers (a program which
  can read data transmitted over a network)
• Secure Sign in programs will encrypt password
  information before transmitting
• CMU Libraries is currently using an encryption
  schema known as 3DES to transmit encrypted data
  between clients and servers
• SSH, SCP

10
Why Hack Our Servers?

• Server contains SSN data for ID theft
• Servers can be taken over and used to attack
  other web sites
• Servers can be used to send out thousands of bad
  e-mails, crippling the network
• This happened to CMU Libraries and resulted in a
  down time of 3 days

11
Future Issues With Server Security

• If you use your server for credit card
  information
• Use SSL (Secure Socket Layer) for encryption
• Do not use clear text for passwords
• Protect your backups and use encryption
• Inventory your backups and have then locked at
  all times
• Limit who has Ids on the system. Only allow
  Static IP addresses
• Ongoing operations
• Costly
• Updating Software because of security problems
• Be prepared for problems