[WEB4LIB] Public access machines and network security
Phillip B. Whitford
pwhitford at braswell-library.org
Thu May 23 07:21:44 EDT 2002
Robin,
On our public machines in this public library we run a wide range of
software including, Office XP Suite, a variety of CD and Internet based data
base products, Windows Media Player, a good dozen educational games for
children, adaptive software for visually impaired patrons, and of course
Internet access. We are just now putting out CD burning hardware/software
as well.
We have a partition on each public computer's hard drive that patrons can
save files to. They can also save to the floppy drive and a zip drive. But
we are finding the zip drives get very little use.
Patrons cannot access network drives or resources.
We secure the computers through a mix of Windows Policies and Permissions,
the security product Winshielf PCSecure, and by making configuration changes
for public use. For example disconnecting CD/DVD drives, renaming Windows
Help file, using strong passwords, and the like. We use Public Web Browser
for it's security features as well.
We control printing via OCS print vend software and Dameware NT Utilities
for PC management across the network. We use Symantec Corporate Anti-virus.
It's got nothing to do with CIPA but earlier this year we started blocking
access to hardcore porn sites via our firewall and it has made life a lot
easier for staff and patrons alike.
We strive to make all the PCs within groups exactly the same. All the PCs in
the public lab are alike, all the PACs, are alike, all the children's
computers are alike, etc. We configure and test a prototype and when we are
satisfied with it we Ghost it to the rest of the like computers.
The computers are physically secured to their desks by either a cable lock
system, or if access to the PC is not required by the patron, (as in PACs)
by locking the CPU in a cabinet. Instead of buying costly keyboard, mouse,
and headphone locking devices we purchased a large quantity of small hasps
and keyed alike padlocks from a lock locksmith. Total cost was about $3 per
computer. We put the hasps on the back of the PC and run the cables for the
mice, keyboards, headphones, and the cable for tethering the CPU itself
through the hasp and then lock it. Works great.
Now if I can just figure a way to keep the young kids from chewing on the
headphone cables :-)
Phillip B. Whitford
Braswell Memorial Library
727 N. Grace St Rd, Rocky Mount, NC 27804
252-442-1951
Opinions expressed are not necessarily those of Braswell Library
-----Original Message-----
From: web4lib at webjunction.org
[mailto:web4lib at webjunction.org]On Behalf Of Robin Boulton
Sent: Wednesday, May 22, 2002 6:29 PM
To: Multiple recipients of list
Subject: [WEB4LIB] Public access machines and network security
We are getting closer to beginning work on a public access technology
center, and we're wrestling with the concept of allowing the patron to
perform all sorts of functions - such as running courseware which would
require the ability to create, delete and modify files on the local hard
disk - versus maintaining the security of our network. (For the moment the
cost of setting up an entirely separate network is prohibitive). I would
appreciate any feedback you can provide on the following points.
On machines that provide anything more than catalog and simple internet
access:
What applications do you make available?
How much access do patrons have to the local hard disk?
How much access do they have to the network?
How do you prevent malicious mischief from being done?
TIA for any advice or suggestions.
Cheers,
Robin.
___________________________________________________
Robin Boulton rboulton at linc.lib.il.us
Automation Coordinator (630) 584 0076 x 258
St. Charles Public Library District Cell: (630) 918 8738
St. Charles, IL 60174 FAX: (630) 584 3448
http://www.st-charles.lib.il.us
___________________________________________________
*********************************************************************
Due to deletion of content types excluded from this list by policy,
this multipart message was reduced to a single part, and from there
to a plain text message.
*********************************************************************
More information about the Web4lib
mailing list