[Web4lib] Plug-ins

Robin rboulton at stcharleslibrary.org
Fri Jul 20 17:10:25 EDT 2007


That's a good point. I forgot to mention that all our machines are on
the PC reservation system (www.envisionware.com) and that at the end of
each session, the machine is automatically rebooted, thus invoking DF.
So I *hope* we have that one reasonably well covered also.

I might also mention that we keep a close eye on network traffic volume,
so that we should become aware pretty quickly if anyone has taken
control of our machines to use as a spambot net, or other such.
And the dance goes on...

-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Nathan Vack
Sent: Friday, July 20, 2007 3:38 PM
To: web4lib at webjunction.org
Subject: Re: [Web4lib] Plug-ins

On Jul 20, 2007, at 2:24 PM, Robin wrote:

> We've taken every precaution we can to allow our patrons these  
> freedoms while reducing our own risk. For instance, our network is  
> segmented through the firewall so that public machine cannot see,  
> or initiate any communication with, staff machines. If a hacker did  
> defeat DeepFreeze, our response would be to reimage the machine -  
> about a 45 minute process.

> Crossing my fingers, I will say that in 5 years of open access to  
> patrons we've never had one detected instance of deliberate trouble.

For what it's worth, the main reason we simply disallow software  
installation on our public computers isn't so much for reasons of  
stability or 'persistent' hacking -- DeepFreeze and imaging really do  
a very good job of solving that.

What we're far more worried about is for someone to install a  
keylogger on our computers that watches for people to enter usernames  
and passwords, and sends 'em off to a server somewhere offsite.  
DeepFreeze would clean the machine the next time it booted... but  
that might not happen for hours and hours. And patrons use our  
computers to log in to their University stuff, eBay, Paypal, their  
banks' web sites...

If people can install software on lab machines, there is no way we  
can *detect,* let alone *prevent,* these kinds of abuses. It's easy  
to make the logger and traffic look completely innocuous.

The only way we'd ever find out about an abuse like that would be for  
someone to spill the beans, either by bragging or in police  
interrogation.

Cheers,
-Nate
Wendt Library
UW - Madison
_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/


More information about the Web4lib mailing list