[WEB4LIB] Security problem with remote access to a Web based library system

[Richard L. Goerwitz III]

Houston Louise wrote:

> In trying to access the new web-based system we have come across security
> problems.  Access to this new remote web-based system from our Intranet
> apparently requires us to open up to 11 ports in our firewall for incoming
> and outgoing data transfer (i.e. cataloguing, serials, acquisitions,
> circulation).  Needless to say, our Informatics people refuse to open up
> that many ports for security reasons.
> 
> Has anybody else come across this type of problem and found a solution?

My guess would be that the 11 ports don't need to be opened up for
all incoming and outgoing traffic (which would worry most firewall
administrators); rather, they'll need to be opened up between spe-
cific machines on the inside and specific machines on the outside
(which isn't nearly as problematic).  If patrons access the outside
servers, I'll bet they do it in a more restricted way than staff.
Does their traffic, in fact, go over standard web ports?

You may find it very helpful to have the vendor cough up a short
list of each port used and what it's used for (e.g., a set of brief
one-line descriptions of each port that's needed, what server it
is connecting to on the outside, and what client is being served
on the inside, or vice versa).

If you really can't get this all past your firewall admins, try
working out VPN connections with the vendor.

There's always a way to do things like this.

I'd personally be very interested in seeing any information your
vendor provides.  That information might also be useful to others
considering such services.  So perhaps you'll be willing to post
followup notes with additional information - and that let us know
about your progress!

-- 

Richard Goerwitz                               richard at Goerwitz.COM
tel: 401 438 8978