Computer Security Issues in Libraries - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Computer Security Issues in Libraries

Description:

Computer Security Issues in Libraries. Daniel Fidel Ferrer* Head of Library Systems ... is accessed by an intruder, the files are unreadable without the decryption key ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 12
Provided by: laus5
Category:

less

Transcript and Presenter's Notes

Title: Computer Security Issues in Libraries


1
Computer Security Issues in Libraries
By
Daniel Fidel Ferrer Head of Library
Systems Central Michigan University Libraries
Ryan Laus Programmer/Analyst Central Michigan
University Libraries
Mary Mead Programmer/Analyst Central Michigan
University Libraries
2
Library Policies
  • Interpretation of the Library Bill of Rights
  • http//www.ala.org/alaorg/oif.electacc.html
  • Michigan State University Policies
  • http//www.msu.edu/dig/aup/msuaup.html
  • Anonymous Access (Survey of various Libraries)
  • http//bones.med.ohio-state.edu/eric/authenticatio
    n.html
  • MichNet Policies
  • http//www.merit.edu/michnet/policies/acceptable.u
    se.policy.html
  • University of Michigan Policies
  • http//www.umich.edu/policies/acceptable-use-poli
    cy

3
Common Ways to Protect Your Computer/Server
  • Lock workstation before leaving for extended
    periods of time
  • Microsoft Updates Current
  • Virus protection
  • Personal firewall
  • File Protection
  • Sign-on security
  • Server Security

4
Most Common Viruses
  • BackDoor Virus
  • Can copy/delete files on host system, change
    registry, and allow programs to be ran by
    attacker
  • HapTime Virus
  • Can Delete vital .DLL files on infected system
  • Nimda Virus
  • Creates a hidden share on infected computer,
    e-mails virus to any person in Outlook address
    book

5
McAfee Virus Updates via SMS
  • DAT files are updated via SMS push
  • What is SMS?
  • SMS stand for Systems Management Server
  • Small client piece installed on each workstation
  • Centralized database containing information on
    each machine (HD size, memory, OS, processor
    speed)
  • Allows software to be updated automatically, with
    no user intervention

6
What is ZoneAlarm?
  • ZoneAlarm is a personal firewall for each machine
  • Hides your machine from other machines on the
    network
  • Makes machines harder for hackers to break into
  • Allows you to monitor any programs from your
    machine that try to access the Internet

7
Why Encrypt Your Files?
  • If your operating system is Windows 2000, and
    your file system is NTFS, you can use the Windows
    2000 Encryption File System(EFS)
  • EFS will secure data on the hard drive using a
    decryption key
  • If the hard drive is accessed by an intruder, the
    files are unreadable without the decryption key
  • Only the user who encrypted the file can access it

8
How to Encrypt Files
  • Right click on the file or folder and select
    properties
  • On the General tab, click Advanced
  • Add a check mark to the box Encrypt Contents to
    Secure Data
  • Click OK
  • You will be asked whether to encrypt the file or
    the folder and its contents
  • Only the user who encrypted the file/folder can
    decrypt it

9
Clear Text vs. Secure Sign on
  • Clear text passwords are vulnerable since
    password information is not encrypted
  • Clear text passwords are often transmitted
    through telnet and FTP sessions, which make them
    vulnerable to packet sniffers (a program which
    can read data transmitted over a network)
  • Secure Sign in programs will encrypt password
    information before transmitting
  • CMU Libraries is currently using an encryption
    schema known as 3DES to transmit encrypted data
    between clients and servers
  • SSH, SCP

10
Why Hack Our Servers?
  • Server contains SSN data for ID theft
  • Servers can be taken over and used to attack
    other web sites
  • Servers can be used to send out thousands of bad
    e-mails, crippling the network
  • This happened to CMU Libraries and resulted in a
    down time of 3 days

11
Future Issues With Server Security
  • If you use your server for credit card
    information
  • Use SSL (Secure Socket Layer) for encryption
  • Do not use clear text for passwords
  • Protect your backups and use encryption
  • Inventory your backups and have then locked at
    all times
  • Limit who has Ids on the system. Only allow
    Static IP addresses
  • Ongoing operations
  • Costly
  • Updating Software because of security problems
  • Be prepared for problems
Write a Comment
User Comments (0)
About PowerShow.com