Libraries & Leaky Data, Part 3

Part 1 of this series provided an overview of how library user data ends up in a variety of places within your library other than just the ILS. Part 2 of the series explained how your library services communicate over the network or across the internet in a variety of insecure ways. This is Part 3 of the series where you can take steps to secure your library data.Here are recommendations on the best approaches to protecting library data. These are standard practices within the IT industry and there are many technical resources available on how to accomplish these steps.

Use Firewalls, AKA The Internet is Made of Ports

The basic way your library firewall works is utilizing the known network communication standards for various software and services. These are called ports. Understanding how networks communicate on ports allows a firewall configuration to be set to block a computer from outside your network from reaching something in the network. Many firewall appliances include security features to isolate threats, such as a blocking user who connects to your library WiFi and initiates a port scan from their laptop. It is possible the user unknowingly has a laptop infected with malware that is constantly looking for ways to spread to other devices.

Segment Your Network 

The easiest way to envision network segmentation is to imagine every staff computer’s network cable in your library going to a dedicated network switch that does not connect to the public computers. Each group of computers is segmented from each other, and will not “see” each other on the network. It is possible to do this on the physical level and is fairly easy to pull off without technical know how. This basica approach can get expensive as you are duplicating various switches and equipment throughout your building. This is where virtual LANs can help.

All libraries should utilize virtual LAN segmentation within their local area network (LAN) as a basic rule for network security. This does take time and careful planning as every network layout is different. Below is a chart showing how one might group devices on your library network.

Virtual LAN SegmentsExamples of Groups of Computers, DevicesReason to Group Together
VLAN1Staff computers, staff wifiUser Data Present & Communicating Across Network
VLAN2Self-check stations, print release stations, computer reservation stationsUser Data Authenticating, Possibly Logging on Machines
VLAN3 Public computers100% Restricted from Accessing VLAN1, Limited VLAN2 Access
VLAN4Public Wifi100% Restricted from VLAN1, VLAN2 (depending), VLAN3
VLAN5 Servers on the network are segmented on their own and can only communicate to VLANs 1-4 on the specific ports.Most restricted access to these computer servers

Establish a Virtual Private Network (VPN)

It is vital for data security transport that library consortia members should utilize a VPN if their staff ILS client does not natively communicate securely back to the ILS server. This is especially important for Symphony WorkFlows users and Millennium/Sierra users.

Standalone libraries should also consider a VPN if their ILS is hosted. Older ILS are not using secure transport (notably SirsiDynix Symphony, Innovative’s Millennium/Sierra).

Move Away from Standard Interchange Protocol (SIP2)

As noted in Part 1 and Part 2 of this blog post series, SIP2 is natively insecure and a poor way to connect your library to other 3rd party services. Unless your library utilizes a VPN between you and your hosted service, SIP2 is simply communicating through the internet in plain text, leaking patron data such as addresses, birth dates, and passwords.

Vendors many libraries use such as SirsiDynix or Innovative Interfaces have alternate ways of transporting your library user data other than SIP2. You would need to inquire if application programming interfaces (API) are available for this purpose. 

However, the majority of 3rd party library vendors do not offer alternate ways of connecting to your library ILS other than using SIP2. Make sure to inquire with your vendor representative during your annual renewal if alternate methods have been developed or are under consideration.

Understand Your Self-Service Systems

In Part 1 of this blog post series, I noted that many self-check systems and self-service print release stations will retain user data for the purpose of generating statistical reports for the library. It is important to establish a set procedure for retaining this data on these stations. Once your statistical reports are generated, taking the step to purge the logs or clearing the local database should be considered as routine work by library staff.

Understand Your Integrated Library System

There are some ILS that also log user transactions within the server as a separate process from circulation transactions. These logs should also be considered for periodic rotation and retention per your library data policy. Symphony is an example of having logs which can go back to the first day of the system being put in production. Your library ILS administrator can provide you additional details on ILS logging, or open an inquiry with your ILS vendor.

Take the Library Security Quiz

To assist libraries in assessing their data security, I have created an assessment tool to determine a security score. It will take a library director or management team some time to answer the questions and arrive at the final score.

QuestionAnswerYour Library Score
Which is your library ILS staff client? (Keep in mind the staff client is different from the ILS server software)
WorkFlowsScore 10 for this insecure staff client
SierraScore 10 for this insecure staff client
PolarisScore 0 for this remote desktop client
Polaris LEAPScore 0 for this web-based client
BLUEcloud StaffScore 0 for this web-based client
EvergreenScore 0 for this web-based client
KohaScore 0 for this web-based client
OCLC WorldShare Management SystemScore 0 for this web-based client
HorizonScore 10 for this insecure staff client
VoyagerScore 10 for this insecure staff client
Does your library connect to the following services?
OverDrive via SIP2Score 10 for this insecure authentication
OverDrive via SirsiDynix Web ServicesScore 0 for this more secure authentication
OverDrive via III Patron APIScore 0 for this more secure authentication
OverDrive is authenticating, but our library does not know howScore 30 for not knowing
Evanced Solutions via SIP2Score 10 for this insecure authentication
Bibliotheca Cloudlibrary via SIP2Score 10 for this insecure authentication
Bibliotheca Cloudlibrary via SirsiDynix Web ServicesScore 0 for this more secure authentication
User data sent to Unique Management via email for collection purposesScore 10 for this insecure authentication
User data sent to Unique Management via SFTP for collection purposesScore 0 for this more secure authentication
Hoopla via SIP2Score 10 for this insecure authentication
Hoopla via SirsiDynix Web ServicesScore 0 for this more secure authentication
Hoopla via III Patron APIScore 0 for this more secure authentication
MyPC via SIP2Score 10 for this insecure authentication
MyPC via III Patron APIScore 0 for this more secure authentication
MyPC via SirsiDynix Web ServicesScore 0 for this more secure authentication
PCReservation (Envisonware) via SIP2Score 10 for this insecure authentication
PCReservation (Envisonware) via III Patron APIScore 0 for this more secure authentication
PCReservation (Envisonware) via SirsiDynix Web Services APIScore 0 for this more secure authentication
Does your library use any of the following self-check systems?
Bibliotheca/3M self-checks using SIP2Score 10 for this insecure authentication
D-Tech self-checks using SIP2Score 10 for this insecure authentication
Envisionware self-checks using SIP2Score 10 for this insecure authentication
Does your library use any of the following solutions or techniques?
Does your library OPAC utilize HTTPS 100% of the time?Score 0 if yes, score 10 for no
Does your library use an Automated Material Handler using SIP2?Score 10 for this insecure authentication
Does your library review and purge computer reservation server data?Score 0 if yes, score 10 for no
Does your ILS require a SIP2 connection to have a login and password?Score 0 if yes, score 10 for no
Does your library actively rotate and purge ILS server logs?Score 0 if yes, score 10 for no
Separate VLANs for staff vs public vs public WiFiScore 0 for yes, score 20 for no
VPN to hosted ILS (consortium or with vendor)Score 0 for yes, score 20 for no
VPN client on staff laptop to connect to library networkScore 0 for yes, score 20 for no
Your Library Security Score Total0
Scores 90 or Higher
Your library is extremely insecure with its user data and steps should be taken immediately to start lowering your score. Begin by talking to your IT staff to ensure your vendors have solutions other than SIP2 to connect to your library ILS, and create a plan to lower 40 points over the next year. If you do not have a VPN or VLANs, the library should establish a VPN to the ILS or hosting library consortium and implement VLANs within your network if you have not done so.
Scores 50 – 70
Your library has some insecure areas it needs to focus on, but you are not terrible. The little things matter such as moving away from SIP2 usage when you have the option to do so.
Scores 30-60
Your library is pretty secure with its data! Take a look at the few scores and see if you can turn those into zeros over the next year.
Scores 0 – 20
Congratulations for putting your library data in the most secure footing possible! Make sure to reward your library IT staff and thank your vendors for providing secure options to help protect your user data.

Posted

in

,

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.