Questions on data security, liability and RFP issues
Friday, November 5, 2004 18:14 CST Greetings all, Owen's question reminded me of some issues I had been meaning to ask about for a while now. First off, the whole issue of data security in the Koha ILS. I don't think this question has been raised before -- and I apologise in advance if it has been, or if asking it this way is simply hopelessly naive/ignorant: but how safe against hacking, e.g. would Koha be? Or is this more a matter of systems admin level securities behind which Koha would be shielded? (G*d, I hope so.) Does anyone in the library world side of things know if there have been any papers or studies on security issues that one should look at? I know that the security aspect was important for the military library that I worked at as a cataloguer, not so much for the materials that were in it, to be honest, but just as a matter of standing protocols on the base. Nowadays, though, increasingly in Canada and my little bit of it in Manitoba, protection of privacy information is important, and the CLA has made it clear that libraries have a duty to protect borrower information. Also, I need some advice on the separate but related issue of accountability and legal liability. I realise that in adopting Koha we are accepting personal (individual or corporate) liability as part of the responsibility for adopting, but has anyone out there had to deal with not being able to use an Open Source application basically because -- and I am sorry for being crude here -- as far as the PTBs in their corporate or organisational culture were concerned, it was against the rules because there would be no one to sue if something went wrong? {To be clear I find this whole line of thinking ludicrous, but then again, I probably don't understand the law well enough to worry about things like Koha that seem to work so well being allowed to work to everyone's benefit.) Again, from my experience on the military base, this was one rationale given for excluding Open Source solutions (even if the Chief Librarian had been seriously interested in such). Does anyone have any experience dealing with this legalistic problem in promoting Open Source generally or Koha specifically as a viable solution? Prof. Chawner, if you are still tuned in, is this something you might have happened across in your research? The final issue likely will seem trivial to those not in the library side of things so I apologise in advance again: but is there a recommended practice in doing an RFP process with Open Source? And yes, I know how stupid that sounds, but in the situation I am looking at, it will be absolutely critical to fill out that standard paperwork and I honestly have no idea how to do it (and no, asking for help in bending the rules would get me nowhere). Computer support, by the way, would be a given :-) , but determining how much would be nice. IIRC Paul (?) gave us some estimates a while back. Any further recommendations for costing this from the system admin people? Any and all input on these matters will be gratefully received and greatly appreciated. TIA. If I can provide a concrete proposal with answers to objections on the issues above, I am hoping that through some contacts we have here, I might be able to advance Koha for school and community library use. I know Koha could do the job: I am convinced it is just a matter of successfully navigating the process. Steven F. Baljkas library tech at large Koha neophyte Winnipeg, MB, Canada
On Fri, Nov 05, 2004 at 06:39:58PM -0600, Baljkas Family said:
Friday, November 5, 2004 18:14 CST
Greetings all,
Owen's question reminded me of some issues I had been meaning to ask about for a while now.
First off, the whole issue of data security in the Koha ILS.
I don't think this question has been raised before -- and I apologise in advance if it has been, or if asking it this way is simply hopelessly naive/ignorant: but how safe against hacking, e.g. would Koha be? Or is this more a matter of systems admin level securities behind which Koha would be shielded? (G*d, I hope so.)
I can take a crack at this part, ill leave all the legal stuff to someone else :) The security we have on koha, is that the librarian interface is behind password authentication, but you can disable this. What HLT does and other libraries we have worked with do, is not make the librarian interface available to the world. This can be done by restricting access to only certain ips, or only available on a lan. These are of course system administrator tasks, and the sys admin can do a lot more, such as securing the box serving koha as much as possible. You could use mysql replication and have a seperate box serving the opac with a read only database, such that the only interface available to the public has no write access. Again more sys admin tasks. What we as developers try to do, is to make sure that we dont write cgi's that are vulnerable to attack, and we depend on the writers of such things as apache, and mysql and linux to keep their products as secure as they can. Then we depend on the system admins of the Koha installations to do their part. Basically it boils down to the sysadmin, they can make the data stored in Koha as secure or as insecure as they like. Chris -- Chris Cormack Programmer 027 4500 789 Katipo Communications Ltd chris@katipo.co.nz www.katipo.co.nz
Chris Cormack wrote:
The security we have on koha, is that the librarian interface is behind password authentication, but you can disable this. What HLT does and other libraries we have worked with do, is not make the librarian interface available to the world. This can be done by restricting access to only certain ips, or only available on a lan.
Here is just one thing that you can do as an example. Have a look at the file /etc/apache/koha-httpd.conf Where you have: # OPAC Interface <VirtualHost mymachine:8000> lots of settings .... </VirtualHost> # Intranet Interface <VirtualHost mymachine:8080> lots of settings .... Allow From 123.456.789.4 </VirtualHost> you can add an 'Allow from' directive to the web server to disallow access to other than the ip address 123.456.789.4 Best though is to work through what you have with the Sys Admin that runs the systems. Mike
On 2004-11-06 00:39:58 +0000 Baljkas Family <baljkas@mts.net> wrote:
I don't think this question has been raised before -- and I apologise in advance if it has been, or if asking it this way is simply hopelessly naive/ignorant: but how safe against hacking, e.g. would Koha be? Or is this more a matter of systems admin level securities behind which Koha would be shielded? (G*d, I hope so.)
I went through the code fixing some structural security errors during the 1.9 development versions. I've not tried testing koha heavily, simply through lack of time. In 2.0, there are some known bugs to do with the librarian access levels: having the circulation desk get full librarian access is undesirable. I hope this has been fixed during 2.1 and will be available to users in 2.2, but I've not checked. Maybe more 2.1-centred developers can tell? I think you also want to consider the security of all machines which use the koha librarian interface. It's mostly hopeless having wonderful security on the server if someone can put a password sniffer on a superlibrarian's computer. This may even be a larger vulnerability than almost all likely server problems.
[...] the PTBs in their corporate or organisational culture were concerned, it was against the rules because there would be no one to sue if something went wrong?
I believe this is largely a distraction tactic. At best, you will end up effectively suing your supplier's insurance company. Few of the people who raise this question have ever suggested trying to sue Microsoft after a virus shuts down their office computers or overflows their email. Some organisations like free software because it reduces absolute dependence on one outside supplier, even if it will take more time/cost more to develop in-house or find an alternative supplier. It gives more options and keeping options open is usually good for business. -- MJR/slef My Opinion Only and not of any group I know Creative copyleft computing - http://www.ttllp.co.uk/ Unsolicited attachments to the pipex address deleted Will HLF fund tree-killings? http://www.thewalks.co.uk/
MJ Ray, Security is only ask good as the best backup. That is a backup off machine and preferably off-site.All systems can be compromised in one way or another. Worry more about whether your dbase is backed and less about hackers. Those libraries who retain vendors (at often extortionary prices) do not worry about such things , since the vendor does it all, (including owning their database). The price for freedom from extortionary vendor tactics is the responsibility of securing one's records, it is not a resource intensive process.. Gerry :) Gerry Arthus Systems Administrator: Long Island Library Resources Council SUNY at Stony Brook Stony Brook, New York US 11794-3399 Phone: 1-631-632-6652 FAX: 631-632-6662 Home: 631-289-7565 Email: garthus@lilrc.org Professor: Departments of: Graduate Computer Engineering, Earth and Environmental Science, and Engineering Management C.W. Post Campus of Long Island University 720 Northern Boulevard Brookville, New York US 11548-1300 Phone: 516-299-2293 wrote:
On 2004-11-06 00:39:58 +0000 Baljkas Family <baljkas@mts.net> wrote:
I don't think this question has been raised before -- and I apologise in advance if it has been, or if asking it this way is simply hopelessly naive/ignorant: but how safe against hacking, e.g. would Koha be? Or is this more a matter of systems admin level securities behind which Koha would be shielded? (G*d, I hope so.)
I went through the code fixing some structural security errors during the 1.9 development versions. I've not tried testing koha heavily, simply through lack of time.
In 2.0, there are some known bugs to do with the librarian access levels: having the circulation desk get full librarian access is undesirable. I hope this has been fixed during 2.1 and will be available to users in 2.2, but I've not checked. Maybe more 2.1-centred developers can tell?
I think you also want to consider the security of all machines which use the koha librarian interface. It's mostly hopeless having wonderful security on the server if someone can put a password sniffer on a superlibrarian's computer. This may even be a larger vulnerability than almost all likely server problems.
[...] the PTBs in their corporate or organisational culture were concerned, it was against the rules because there would be no one to sue if something went wrong?
I believe this is largely a distraction tactic. At best, you will end up effectively suing your supplier's insurance company. Few of the people who raise this question have ever suggested trying to sue Microsoft after a virus shuts down their office computers or overflows their email.
Some organisations like free software because it reduces absolute dependence on one outside supplier, even if it will take more time/cost more to develop in-house or find an alternative supplier. It gives more options and keeping options open is usually good for business.
participants (5)
-
Baljkas Family -
Chris Cormack -
Gerry Arthus -
Michael Lake -
MJ Ray