Wireless networking is an expected service for users bringing laptops to the library. Security issues need to be part of the planning process, both for library-owned workstations and for laptop access for the public.
General Security Issues
Wireless networking uses radio signals to communicate between an access point and the PC’s network card. Since radio signals go through floors and ceilings, access to your network can be available from unexpected places, including the parking lot and neighboring buildings. The two major concerns with wireless networking are access and privacy. You may not want unauthorized users connecting to your network (and taking up bandwidth), and you don’t want your private information which is traveling over the network, (usernames, passwords, circulation transactions) available to the public.
Library Workstations
The following security measures should be taken with wireless access for staff workstations and patron machines. These come from the Wireless Ethernet Compatibility Alliance at www.wi-fi.com:
- Access points intended for use by library staff should implement whatever security is available with the products you buy. This should include enabling WEP (Wired Equivalent Privacy), which encrypts the data traveling through the air and requires a password to access the network.
- Password protect drives and folders. If someone does access your LAN, you don’t want them roaming through your private information.
- Change the default SSID (Wireless Network Name)
- Use session keys if available
- Use MAC address filtering if available
Patron Laptops, Tablets, etc.
Non-library equipment should be recognized for the vulnerabilities they can contain:
- You have no control over them – Unlike workstations that you provide to the public, you have no control over patron’s laptops and have no idea what is on the laptop.
- They could have malware
- They could have network sniffing programs – Network analyzers are programs designed to troubleshoot a network. They can run on a network and capture all the data going across the network, including passwords. Unless passwords are encrypted they appear as plain text on the network.
- They could contain other undesirable programs – There are any number of computer cracking programs, spam mail programs, and other undesirable applications available to anyone interested.
- They must be segregated from library PCs – Access points for the public to use with their laptops must reside on a separate ethernet segment or VLAN (NOBLE will set this up). This provides privacy for the staff workstations because data to and from the NOBLE servers will not travel over the segment, and shared folders on staff workstations will not be visible.
These issues apply to laptops that are accessing wireless connections as well as any that plug directly into the network through an RJ45 connection. If you are thinking about offering this kind of access for your patrons, please include NOBLE in your planning process so we can make sure appropriate security measures are taken.
Wireless access points are part of the library’s LAN and installation and maintenance is the library’s responsibility.
You may also want to revisit your acceptable use policy. Any abuse that occurs from a workstation in the library is traceable to our Internet provider, NOBLE and ultimately to the individual library. E-mail threats and copyright violations can just as easily come from wired patron machines, but it certainly enables a wider variety of abuse on a much larger scale.