IT Security For Libraries

Come learn about IT Security with me at Internet Librarian!

Come learn about IT Security with me at Internet Librarian!
IT Security 101
1:30 p.m. - 4:30 p.m.
Tracy Z Maleeff, Principal, Sherpa Intelligence LLC
Blake Carver, Senior Systems Administrator, LYRASIS
We all know we should use good passwords, keep everything updated, and follow other basic precautions online. Understanding the reasons behind these rules is critical to help us convince ourselves and others that the extra work is indeed worth it. Who are the bad guys? What tools are they using? What are they after? Where are they working? How are they doing it? Why are we all targets? Experienced workshop leaders discuss how to stay safe at the library and at home. They share ways to keep precious data safe inside the library and out—securing your network, website, and PCs—and tools you can teach to patrons in computer classes. They tackle security myths, passwords, tracking, malware, and more. They share a range of tools and techniques, making this session ideal for any library staff.

National Library Week – thoughts on cybersecurity

There are two ways in which libraries could be doing a lot better in the realm of cybersecurity. And I should note, I work for rural libraries and digitally divided patrons for the most part so a lot of my ideas are on human scale but there are a lot of good ideas in the larger scale about just encrypting and anonymizing data but they’re sort of the same as they would be for any big business.
From National Library Week – thoughts on cybersecurity |

NH bill would explicitly allow libraries to run Tor exit nodes

Inspired by the Library Freedom Project's uncompromising bravery in the face of a DHS threat against a town library in Kilton, NH, that was running a Tor exit node to facilitate private, anonymous communication, the New Hampshire legislature is now considering a bill that would explicitly permit public libraries to "allow the installation and use of cryptographic privacy platforms on public library computers for library patrons use."

From NH bill would explicitly allow libraries to run Tor exit nodes / Boing Boing

Everything you need to know about the Apple versus FBI case

This issue is much bigger than just Apple providing access to a single device, it’s much bigger than the encryption debate and it’s much bigger than just the US. There are angles to this we haven’t thought about yet and it’ll continue to be sensationalised by the press, misrepresented by the government and rebuked by Apple.

The ramifications of them actually complying with this court order would likely spread well beyond just compromising a device that’s in the physical possession of law enforcement. A precedent the likes of Apple being forced to weaken consumer protections will very likely then be applied to other channels; what would it mean for iMessage when the authorities identify targets actively communicating where they’re unable to gain physical access to the device? It sets an alarming precedent and all the same arguments mounted here by the FBI could just as easily be applied to end to end encryption.

But let me finish on a lighter note: this also has the potential to result in greater consumer privacy for everyone. In part because if Apple successfully defends their stance then they’ll have the precedent the next time the issue is raised. In part also because this incident may well prompt them to tie their own hands even further and indeed this appears to be the case with the newer generation of device. And finally, because the world is watching how this plays out and it will influence the position of other governments and tech companies outside the US. If sanity prevails, we may well all be better off for having gone through this.

From Troy Hunt: Everything you need to know about the Apple versus FBI case

Stronger Locks, Better Security

What if, in response to the terrorist attacks in Paris, or cybersecurity attacks on companies and government agencies, the FBI had come to the American people and said: In order to keep you safe, we need you to remove all the locks on your doors and windows and replace them with weaker ones. It's because, if you were a terrorist and we needed to get to your house, your locks might slow us down or block us entirely.  So Americans, remove your locks! And American companies: stop making good locks!

From Stronger Locks, Better Security | Electronic Frontier Foundation

TSA Master Keys, Threat Models, and Encryption

This is the perfect illustration of why security that has backdoors for law enforcement isn’t actually security. Once there is an intentionally created hole in your security strategy, you should assume that anyone that you are attempting to prevent accessing your luggage/email/passwords will ALSO have access to your intentionally created security hole. This is the same concept that Cory Doctorow uses in his condemnation of DRM (you can’t lock something up with a key and then give the key to the person you are trying to prevent accessing your thing) as well as the argument against giving backdoor access keys for encryption algorithms to governmental agencies. It is simply impossible to have security, whether that term is used for physical objects, communication, storage of information, or anything else, and also to have holes intentionally added to the system for the benefit of “the good guys”. Once the key exists, anyone can make their own copy of it.

From TSA Master Keys, Threat Models, and Encryption | Pattern Recognition

The Challenges of Securing University Computer Networks

Can Campus Networks Ever Be Secure?
Universities are struggling to find balance between academic openness and the need for computer security across their networks.

From The Challenges of Securing University Computer Networks - The Atlantic

ECPA reform: The 1986 email privacy law might finally get updated.

federal law protects some of your email from government snooping without a warrant. But it doesn’t protect your email if it’s been left on a server for too long, and, worse, it doesn’t protect your metadata—information that can get you arrested and prosecuted, that can reveal intimate secrets about you, and that would expose the entire network of people you talk to. On Wednesday the Senate Judiciary Committee is set to address the first problem, but reform efforts in both houses of Congress have largely passed over the second issue. In dodging the problem of metadata, legislators have missed the forest for the twigs.

From ECPA reform: The 1986 email privacy law might finally get updated.

Unmasked: An Analysis of 10 Million Passwords

A lot is known about passwords. Most are short, simple, and pretty easy to crack. But much less is known about the psychological reasons a person chooses a specific password. We’ve analyzed the password choices of 10 million people, from CEOs to scientists, to find out what they reveal about the things we consider easy to remember and hard to guess.

From Unmasked: An Analysis of 10 Million Passwords


Subscribe to IT Security For Libraries