IT Security For Libraries
IT Security For Libraries
W14 - IT Security 101 1:30 p.m. - 4:30 p.m. Tracy Z Maleeff, Principal, Sherpa Intelligence LLC Blake Carver, Senior Systems Administrator, LYRASIS We all know we should use good passwords, keep everything updated, and follow other basic precautions online. Understanding the reasons behind these rules is critical to help us convince ourselves and others that the extra work is indeed worth it. Who are the bad guys? What tools are they using? What are they after? Where are they working? How are they doing it? Why are we all targets?
Come learn about IT Security with me at Internet Librarian!
SUNDAY, OCTOBER 16, 2016
IT Security 101
1:30 p.m. - 4:30 p.m.
Tracy Z Maleeff, Principal, Sherpa Intelligence LLC
Blake Carver, Senior Systems Administrator, LYRASIS
We all know we should use good passwords, keep everything updated, and follow other basic precautions online. Understanding the reasons behind these rules is critical to help us convince ourselves and others that the extra work is indeed worth it. Who are the bad guys? What tools are they using? What are they after? Where are they working? How are they doing it? Why are we all targets? Experienced workshop leaders discuss how to stay safe at the library and at home. They share ways to keep precious data safe inside the library and out—securing your network, website, and PCs—and tools you can teach to patrons in computer classes. They tackle security myths, passwords, tracking, malware, and more. They share a range of tools and techniques, making this session ideal for any library staff.
There are two ways in which libraries could be doing a lot better in the realm of cybersecurity. And I should note, I work for rural libraries and digitally divided patrons for the most part so a lot of my ideas are on human scale but there are a lot of good ideas in the larger scale about just encrypting and anonymizing data but they’re sort of the same as they would be for any big business.From National Library Week – thoughts on cybersecurity | librarian.net
Inspired by the Library Freedom Project's uncompromising bravery in the face of a DHS threat against a town library in Kilton, NH, that was running a Tor exit node to facilitate private, anonymous communication, the New Hampshire legislature is now considering a bill that would explicitly permit public libraries to "allow the installation and use of cryptographic privacy platforms on public library computers for library patrons use."
This issue is much bigger than just Apple providing access to a single device, it’s much bigger than the encryption debate and it’s much bigger than just the US. There are angles to this we haven’t thought about yet and it’ll continue to be sensationalised by the press, misrepresented by the government and rebuked by Apple.
The ramifications of them actually complying with this court order would likely spread well beyond just compromising a device that’s in the physical possession of law enforcement. A precedent the likes of Apple being forced to weaken consumer protections will very likely then be applied to other channels; what would it mean for iMessage when the authorities identify targets actively communicating where they’re unable to gain physical access to the device? It sets an alarming precedent and all the same arguments mounted here by the FBI could just as easily be applied to end to end encryption.
But let me finish on a lighter note: this also has the potential to result in greater consumer privacy for everyone. In part because if Apple successfully defends their stance then they’ll have the precedent the next time the issue is raised. In part also because this incident may well prompt them to tie their own hands even further and indeed this appears to be the case with the newer generation of device. And finally, because the world is watching how this plays out and it will influence the position of other governments and tech companies outside the US. If sanity prevails, we may well all be better off for having gone through this.
What if, in response to the terrorist attacks in Paris, or cybersecurity attacks on companies and government agencies, the FBI had come to the American people and said: In order to keep you safe, we need you to remove all the locks on your doors and windows and replace them with weaker ones. It's because, if you were a terrorist and we needed to get to your house, your locks might slow us down or block us entirely. So Americans, remove your locks! And American companies: stop making good locks!
This is the perfect illustration of why security that has backdoors for law enforcement isn’t actually security. Once there is an intentionally created hole in your security strategy, you should assume that anyone that you are attempting to prevent accessing your luggage/email/passwords will ALSO have access to your intentionally created security hole.
Can Campus Networks Ever Be Secure?
Universities are struggling to find balance between academic openness and the need for computer security across their networks.
federal law protects some of your email from government snooping without a warrant. But it doesn’t protect your email if it’s been left on a server for too long, and, worse, it doesn’t protect your metadata—information that can get you arrested and prosecuted, that can reveal intimate secrets about you, and that would expose the entire network of people you talk to. On Wednesday the Senate Judiciary Committee is set to address the first problem, but reform efforts in both houses of Congress have largely passed over the second issue.