By Aaron Skog
Part 1 of this series provided an overview of how library user data ends up in a variety of places within your library other than just the ILS. Part 2 of the series explained how your library services communicate over the network or across the internet in a variety of insecure ways. This is Part 3 of the series where you can take steps to secure your library data.
Here are recommendations on the best approaches to protecting library data. These are standard practices within the IT industry and there are many technical resources available on how to accomplish these steps.
Use Firewalls, AKA The Internet is Made of Ports
The basic way your library firewall works is utilizing the known network communication standards for various software and services. These are called ports. Understanding how networks communicate on ports allows a firewall configuration to be set to block a computer from outside your network from reaching something in the network. Many firewall appliances include security features to isolate threats, such as a blocking user who connects to your library WiFi and initiates a port scan from their laptop. It is possible the user unknowingly has a laptop infected with malware that is constantly looking for ways to spread to other devices.
Segment Your Network
The easiest way to envision network segmentation is to imagine every staff computer’s network cable in your library going to a dedicated network switch that does not connect to the public computers. Each group of computers is segmented from each other, and will not “see” each other on the network. It is possible to do this on the physical level and is fairly easy to pull off without technical know how. This basica approach can get expensive as you are duplicating various switches and equipment throughout your building. This is where virtual LANs can help.
All libraries should utilize virtual LAN segmentation within their local area network (LAN) as a basic rule for network security. This does take time and careful planning as every network layout is different. Below is a chart showing how one might group devices on your library network.
|Virtual LAN Segments||Examples of Groups of Computers, Devices||Reason to Group Together|
|VLAN1||Staff computers, staff wifi||User Data Present & Communicating Across Network|
|VLAN2||Self-check stations, print release stations, computer reservation stations||User Data Authenticating, Possibly Logging on Machines|
|VLAN3||Public computers||100% Restricted from Accessing VLAN1, Limited VLAN2 Access|
|VLAN4||Public Wifi||100% Restricted from VLAN1, VLAN2 (depending), VLAN3|
|VLAN5||Servers on the network are segmented on their own and can only communicate to VLANs 1-4 on the specific ports.||Most restricted access to these computer servers|
Establish a Virtual Private Network (VPN)
It is vital for data security transport that library consortia members should utilize a VPN if their staff ILS client does not natively communicate securely back to the ILS server. This is especially important for Symphony WorkFlows users and Millennium/Sierra users.
Standalone libraries should also consider a VPN if their ILS is hosted. Older ILS are not using secure transport (notably SirsiDynix Symphony, Innovative’s Millennium/Sierra).
Move Away from Standard Interchange Protocol (SIP2)
As noted in Part 1 and Part 2 of this blog post series, SIP2 is natively insecure and a poor way to connect your library to other 3rd party services. Unless your library utilizes a VPN between you and your hosted service, SIP2 is simply communicating through the internet in plain text, leaking patron data such as addresses, birth dates, and passwords.
Vendors many libraries use such as SirsiDynix or Innovative Interfaces have alternate ways of transporting your library user data other than SIP2. You would need to inquire if application programming interfaces (API) are available for this purpose.
However, the majority of 3rd party library vendors do not offer alternate ways of connecting to your library ILS other than using SIP2. Make sure to inquire with your vendor representative during your annual renewal if alternate methods have been developed or are under consideration.
Understand Your Self-Service Systems
In Part 1 of this blog post series, I noted that many self-check systems and self-service print release stations will retain user data for the purpose of generating statistical reports for the library. It is important to establish a set procedure for retaining this data on these stations. Once your statistical reports are generated, taking the step to purge the logs or clearing the local database should be considered as routine work by library staff.
Understand Your Integrated Library System
There are some ILS that also log user transactions within the server as a separate process from circulation transactions. These logs should also be considered for periodic rotation and retention per your library data policy. Symphony is an example of having logs which can go back to the first day of the system being put in production. Your library ILS administrator can provide you additional details on ILS logging, or open an inquiry with your ILS vendor.
Take the Library Security Quiz
To assist libraries in assessing their data security, I have created an assessment tool to determine a security score. It will take a library director or management team some time to answer the questions and arrive at the final score.
|Question||Answer||Your Library Score|
|Which is your library ILS staff client? (Keep in mind the staff client is different from the ILS server software)|
|WorkFlows||Score 10 for this insecure staff client|
|Sierra||Score 10 for this insecure staff client|
|Polaris||Score 0 for this remote desktop client|
|Polaris LEAP||Score 0 for this web-based client|
|BLUEcloud Staff||Score 0 for this web-based client|
|Evergreen||Score 0 for this web-based client|
|Koha||Score 0 for this web-based client|
|OCLC WorldShare Management System||Score 0 for this web-based client|
|Horizon||Score 10 for this insecure staff client|
|Voyager||Score 10 for this insecure staff client|
|Does your library connect to the following services?|
|OverDrive via SIP2||Score 10 for this insecure authentication|
|OverDrive via SirsiDynix Web Services||Score 0 for this more secure authentication|
|OverDrive via III Patron API||Score 0 for this more secure authentication|
|OverDrive is authenticating, but our library does not know how||Score 30 for not knowing|
|Evanced Solutions via SIP2||Score 10 for this insecure authentication|
|Bibliotheca Cloudlibrary via SIP2||Score 10 for this insecure authentication|
|Bibliotheca Cloudlibrary via SirsiDynix Web Services||Score 0 for this more secure authentication|
|User data sent to Unique Management via email for collection purposes||Score 10 for this insecure authentication|
|User data sent to Unique Management via SFTP for collection purposes||Score 0 for this more secure authentication|
|Hoopla via SIP2||Score 10 for this insecure authentication|
|Hoopla via SirsiDynix Web Services||Score 0 for this more secure authentication|
|Hoopla via III Patron API||Score 0 for this more secure authentication|
|MyPC via SIP2||Score 10 for this insecure authentication|
|MyPC via III Patron API||Score 0 for this more secure authentication|
|MyPC via SirsiDynix Web Services||Score 0 for this more secure authentication|
|PCReservation (Envisonware) via SIP2||Score 10 for this insecure authentication|
|PCReservation (Envisonware) via III Patron API||Score 0 for this more secure authentication|
|PCReservation (Envisonware) via SirsiDynix Web Services API||Score 0 for this more secure authentication|
|Does your library use any of the following self-check systems?|
|Bibliotheca/3M self-checks using SIP2||Score 10 for this insecure authentication|
|D-Tech self-checks using SIP2||Score 10 for this insecure authentication|
|Envisionware self-checks using SIP2||Score 10 for this insecure authentication|
|Does your library use any of the following solutions or techniques?|
|Does your library OPAC utilize HTTPS 100% of the time?||Score 0 if yes, score 10 for no|
|Does your library use an Automated Material Handler using SIP2?||Score 10 for this insecure authentication|
|Does your library review and purge computer reservation server data?||Score 0 if yes, score 10 for no|
|Does your ILS require a SIP2 connection to have a login and password?||Score 0 if yes, score 10 for no|
|Does your library actively rotate and purge ILS server logs?||Score 0 if yes, score 10 for no|
|Separate VLANs for staff vs public vs public WiFi||Score 0 for yes, score 20 for no|
|VPN to hosted ILS (consortium or with vendor)||Score 0 for yes, score 20 for no|
|VPN client on staff laptop to connect to library network||Score 0 for yes, score 20 for no|
|Your Library Security Score Total||0|
|Scores 90 or Higher|
|Your library is extremely insecure with its user data and steps should be taken immediately to start lowering your score. Begin by talking to your IT staff to ensure your vendors have solutions other than SIP2 to connect to your library ILS, and create a plan to lower 40 points over the next year. If you do not have a VPN or VLANs, the library should establish a VPN to the ILS or hosting library consortium and implement VLANs within your network if you have not done so.|
|Scores 50 – 70|
|Your library has some insecure areas it needs to focus on, but you are not terrible. The little things matter such as moving away from SIP2 usage when you have the option to do so.|
|Your library is pretty secure with its data! Take a look at the few scores and see if you can turn those into zeros over the next year.|
|Scores 0 – 20|
|Congratulations for putting your library data in the most secure footing possible! Make sure to reward your library IT staff and thank your vendors for providing secure options to help protect your user data.|