[Web4lib] Plug-ins

Robin rboulton at stcharleslibrary.org
Fri Jul 20 15:24:03 EDT 2007


Cary, I take your point, and we have considered this very seriously.
We've taken every precaution we can to allow our patrons these freedoms
while reducing our own risk. For instance, our network is segmented
through the firewall so that public machine cannot see, or initiate any
communication with, staff machines. If a hacker did defeat DeepFreeze,
our response would be to reimage the machine - about a 45 minute
process. Of course, if some hacked ALL the public machines at once,
there would be a re-evaluation of the policy and probably a radical
revision of it. Crossing my fingers, I will say that in 5 years of open
access to patrons we've never had one detected instance of deliberate
trouble.
No computer is secure, especially in public access environments. But I
keep on hoping that a library is not a particularly exciting target for
a serious attack, and that we can continue to beat off the amateurs.
When the day comes that can't, it will be time to regroup...

-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Cary Gordon
Sent: Friday, July 20, 2007 12:17 PM
To: web4lib at webjunction.org
Subject: RE: [Web4lib] Plug-ins

Well, one potential problem with allowing patrons carte blanche, even if
limited (theoretically) to the length of their session, is that it opens
the
door to hacker tools that could, potentially, defeat or alter
Deepfreeze.
Nothing is perfect, and no amount of Kevlar and armor would induce me to
stand in front of a live weapon by choice. I suggest that the cautious
approach has its merits in the case of public computing.

Cary Gordon
The Cherry Hill Company
http://www.chillco.com


-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Robin
Sent: Friday, July 20, 2007 9:54 AM
To: Gair Helfrich; Geer, Caroline; web4lib at webjunction.org
Subject: RE: [Web4lib] Plug-ins

I'm curious as to whether any of you have investigated DeepFreeze
(http://www.faronics.com/html/deepfreeze.asp) or any similar solution.
It gives us the ability to allow any staff or patron to add any plug-in,
driver or even an executable, on the fly, with no repercussions. Every
time
a session is ended on a public machine, it's rebooted automatically, and
DF
returns it to its original state, i.e. the way we set it up when we
deployed
it. It allows for a great flexibility in patron service and saves us
literally hundreds of hours a year in maintenance, fixing things etc.
It's
also not horrendously expensive (about $30 per machine last time I
looked)
and more than pays for itself.
Disclaimer: I have no connection with Faronics other than as a satisfied
user, and I get no benefit from recommending it to others (except that I
like to help if I can!)

HTH
Robin
Robin Boulton
IT Manager
St. Charles Public Library District
St. Charles, IL 60174
(630) 584 0076 x 258
Cell:(630) 918 8738
http://www.stcharleslibrary.org/
rboulton at stcharleslibrary.org

_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/


More information about the Web4lib mailing list