Network Security in Libraries

Back to Bibliography List
Back to Network Security Page
Back to Seminar Home Page

Prepared for The Ohio State University Libraries and OhioLINK "Technology for the Rest of Us" Seminars by Peter Murray. Last updated on 8-Apr-2004

The 60 minute network security guide: First steps towards a secure network environment. 2002. Ft. Mead, MD: National Security Agency, sd-7. Available from http://nsa2.www.conxion.com/support/guides/sd-7.pdf.

Produced by the Systems and Network Attack Center (SNAC) of the U.S. National Security agency, this document summarizies actions that can be made to secure network systems. It is not specific to particular operating systems, but rather outlines general strategies and tasks that should be employed to secure systems.

Principles to guide efforts to improve compuer and network security for higher education. 2003. EDUCAUSE/Internet2 Computer and Network Security Task Force, SEC0310. Available from http://www.educause.edu/asp/doclib/abstract.asp?ID=SEC0310.

The EDUCAUSE/Internet2 Computer and Network Security Task Force held an invitational, NSF-sponsored workshop at Columbia University in August 2002. Based on research into principles articulated by a variety of academic groups and statements by invited experts, the group proposed that higher education's efforts to improve computer and network security be guided by a set of six principles: civility and community; academic and intellectual freedom; privacy and confidentiality; equity, diversity, and access; fairness and process; ethics, integrity, and responsibility. The authors recognize that these principles are broad; each institution must ultimately determine the principles that are most relevant and valued by its own community. This set of principles is intended to serve as a starting point for campus discussions about computer and network security. The higher education community is invited to provide suggestions and changes to this document. [Supplied by author.]

Computer access, privacy, and security: Legal obligations and liabilities. 2003. EDUCAUSE. Accessed April 2 2004. Available from http://www.educause.edu/asp/doclib/abstract.asp?ID=SEC0311.

This presentation was provided at the NACUA Continuing Legal Education Workshop "Computers on Campus: Privacy, Security, Intellectual Property and the Internet" to describe statutory obligations, developing case law, and sample computer use policies and procedures related to computer access, privacy, and security. [Supplied by author.]

Information and computer security resources. 2004. SANS: SysAdmin, Audit, Network, Security Institute. Accessed April 7 2004. Available from http://www.sans.org/resources/.

SANS is widely known for its efforts in promoting and training staff on network security. It makes freely available research documents, guides, and tools for securing networks ranging from homes to global organizations. The resource center provides items such as the SANS News Browser Service, a guide to popular resources on security, the SANS/FBI Top 20 Vulnerabilities List, sample policy statements, glossaries of terms, links to free vendor white papers, and answers to many frequently asked questions.

Security resources. 2004. EDUCAUSE. Accessed April 1 2004. Available from http://www.educause.edu/security/resources.asp.

The Computer and Network Security Web site, developed by the EDUCAUSE/Internet2 Computer and Network Security Task Force, is intended to be a focal point of information and resources on computer and network security for the higher education community. This list of resources provides guidance, reference material, and example policies and practices for network security in the higher education environment. [Adapted from source]

[Shibboleth Introduction]. March 2004. Internet 2 Middleware Architecture Committee for Education. Accessed April 7 2004. Available from http://shibboleth.internet2.edu/docs/shibboleth_intro.pdf.

This two-page brochure describes the Shibboleth project and includes examples for its use and pointers to additional information.

Banerjee, Kyle. 2003. How much security does your library need? Computers in Libraries 23, no. 5: 12-17.

Banerjee discusses the importance of security systems in libraries. One can protect library systems quite effectively by developing good computing practices, learning the basic knowledge of library systems and employing tools like firewalls, antivirus software, and alarms. [Adapted from ABI/Inform]

Beamsley, Teresa Grose. 1999. Securing digital image assets in museums and libraries: A risk management approach. Library Trends 48, no. 2: 359-378.

There is an obvious need for ongoing research, evaluation, and planning if museums and archives are committed to protecting their digital image assets. A number of potential threats to the integrity of digital image information can be identified when standard practices in museums and archives are examined. Changes in the integrity of digital image information can be caused by the manner in which the source data are acquired and recorded and by modifications made to the image data file. Alterations made to contextual data can limit valid interpretation of the associated surrogate image. The destruction of the mechanisms that link contextual data to the appropriate digital image has the same effect as deleting contextual information. Loss of control over digital assets can be the result of failure or inability to establish and publicize copyright. Even if copyright is established and enforceable, failure to enforce rights has the same effect as having no rights at all. Finally, failure to detect corruption of digital information means that invalid, partial, or inappropriate information will be spread under the guise of authentic reliable information. Some institutions are already proactively applying security measures to digital image collections. Some of these security measures can have a negative impact on the integrity of the files that they are designed to protect. Systematic consideration of risk factors can inform the creation of procedures and application of security that works to guarantee the reliability and accuracy of digital image assets. [Supplied by author]

Becker, Phil. Aug. 5 2002. Shibboleth: Identity the internet way. Digital Identity World. Accessed April 1 2004. Available from http://www.digitalidworld.com/article.php?id=90.

The Internet's architectural design was not the result of any commercial efforts. Rather it was originally designed and built in research facilities and Universities. Only in the early 1990's did it gain commercial acceptance and commercial development. So it seems reasonable to ask what the research arena is doing about Digital Identity. The Internet2/Shiboleth project is their identity architecture project, and Digital ID World recently sat down with Shibboleth project leader Steve Carmody to learn more about it. [Supplied by author]

Cain, Mark. 2003. Cybertheft, network security, and the library without walls. The Journal of Academic Librarianship 29, no. 4: 245-248.

The author describes the security issues with proxy servers and remote user authentication, using the example of late-2002 theft of materials from JSTOR using open proxy servers on subscriber's networks.

Driscoll, Lori. 2003. Library public access workstation authentication. Washington, D.C.: Association of Research Libraries Office of Leadership and Management Services, ISBN: 159407609X Series ISSN: 0160-3582.

In reaction to the events of September 11, 2001, as well as several widely reported misuses of campus computer networks, computer systems administrators have re-examined network access policies. While systems administrators have moved to restrict access to information assets, librarians have worked to support barrier-free access that protects users' privacy. This survey was distributed to the 124 ARL member libraries in May 2003 to gather data on how users at public access workstations are authenticated; what is driving IT policy changes in libraries; who is involved in policy decision making; how access controls have affected services; how, with tighter campus IT security, Federal Depository libraries are meeting the information needs of the public; and other questions. [Supplied by ARL]

Ekhaml, Leticia. 2001. Protecting yourself from internet risks, threats, and crime. Journal of Educational Media and Library Sciences 39, no. 1: 8-14.

While the Internet poses some threats to people through potential infringement of individual's rights and invasion of privacy, certain steps can be taken by librarians, teachers, media specialists and instructional technologists to protect their users from these threats. Describes some of the ways in which these protective measures can be provided. These include watching out for people scavenging through discarded materials, software for ensuring that deleted files on floppy disks are truly erased, protecting against 'tailgating', 'spamming' and 'cloaking', preventing electronic mail addresses from becoming public knowledge, using random password generators to protect against guesswork, and the use of virus checkers to cope with the dangers of computer viruses (particularly those sent as electronic mail attachments). [Supplied by Author]

Goodwin, Bill. 2004. Companies are at risk from staff ignorance. Computer Weekly: 14.

Martin Smith, director of the Security Company, said, "One of the quickest and easiest ways to improve security is to raise awareness. About 80% of the organisations I speak to are doing nothing. And of the 20% that are, it is rarely adequate." [Supplied by author]

Kanabar, Dina and Vijay Kanabar. 2003. A quick guide to basic network security terms. Computers in Libraries 23, no. 5: 24-25.

A handy guide encapsulating the basic network security terms is presented. The list details the ways on how to protect Web servers from attackers, the different types of attacks and the risks involved in such an attack. [Supplied by author]

Robiette, Alan. 2001. Managing access to electronic information: Progress and prospects. Serials 14, no. 3: 301-304.

Based on a paper given at the UKSG 24th Annual Conference, April 2001 at Heriot-Watt University, Edinburgh, Scotland. Considers the various ways used to manage access to electronic information, especially for large user populations, including IP address validation and username/password methods, stressing the value of the Athens system developed for the UK academic community. Discusses the new generation of access management projects (including Shibboleth, PAPI, Akenti and Sparta), that are beginning to emerge and considers how these are likely to influence the design of access management regimes in the near future. [Supplied by author]

Williams, Robert L. 2001. Computer and network security in small libraries: A guide for planning. Texas State Library & Archives Commission. Accessed Apr 5 2004. Available from http://www.tsl.state.tx.us/ld/pubs/compsecurity/.

In a two part format, the author introduces the needs and terminology surrounding network security and then provides guidance on implementing network security in a small library environment.