[Web4lib] Plug-ins

[Nathan Vack]

On Jul 20, 2007, at 2:24 PM, Robin wrote:

> We've taken every precaution we can to allow our patrons these  
> freedoms while reducing our own risk. For instance, our network is  
> segmented through the firewall so that public machine cannot see,  
> or initiate any communication with, staff machines. If a hacker did  
> defeat DeepFreeze, our response would be to reimage the machine -  
> about a 45 minute process.

> Crossing my fingers, I will say that in 5 years of open access to  
> patrons we've never had one detected instance of deliberate trouble.

For what it's worth, the main reason we simply disallow software  
installation on our public computers isn't so much for reasons of  
stability or 'persistent' hacking -- DeepFreeze and imaging really do  
a very good job of solving that.

What we're far more worried about is for someone to install a  
keylogger on our computers that watches for people to enter usernames  
and passwords, and sends 'em off to a server somewhere offsite.  
DeepFreeze would clean the machine the next time it booted... but  
that might not happen for hours and hours. And patrons use our  
computers to log in to their University stuff, eBay, Paypal, their  
banks' web sites...

If people can install software on lab machines, there is no way we  
can *detect,* let alone *prevent,* these kinds of abuses. It's easy  
to make the logger and traffic look completely innocuous.

The only way we'd ever find out about an abuse like that would be for  
someone to spill the beans, either by bragging or in police  
interrogation.

Cheers,
-Nate
Wendt Library
UW - Madison