|Home | About | Journals | Submit | Contact Us | Français|
PaulW Earp, Adam Wright
Securing Library Technology: A How-To-Do-It Manual.
New York, NY: Neal-Schuman Publishers. 2009. 245 p. $ 65.00 ISBN: 978-1-55570-639- 5.
Library technology security is unique from security in other businesses or organizations because it deals with providing computer access to the public, but libraries also need to protect computers from the public. Therefore, the perspective of this book that deals specifically with library security is more useful than other general books about security. The book covers the gamut of implementing security from the planning stages and policy development to specifics about protecting desktops, servers, and networks.
As indicated by their biographies, the authors are well qualified to write this book. They both have been involved in library computer technology for many years in academic, public, and special libraries. Paul Earp is currently the user support technician for Summit College at the University of Akron, Ohio, and Adam Wright is currently executive director, North Texas Regional Library System, “where he handles all technology consulting for its 74 member public libraries” (p. 245).
The introductory chapters set the stage for discussing library technology. Chapter 1, “Exploring Library Technology,” describes the computers, systems, and networks typically found in public and staff areas of a library, and chapter 2, “Examining Library Security Principles,” discusses underlying principles important for developing a security mind set. The next two chapters provide beginning steps in implementing library technology security. Chapter 3, “Performing a Technology Inventory,” gives methods for gathering information about a library's technology environment, and in chapter 4, “Creating a Network Security Policy,” the authors provide advice on developing policies and include examples of policies that can be modified for one's own library. Chapter 5, “Understanding Threat from Hackers and Malcontents,” introduces the enemy—hackers, common hacks into systems, viruses, and spyware—so that librarians understand what dangers can harm the library if security technology is not implemented.
The second half of the book delves into more technical details, all with the aim of providing an understanding of the basic elements of the most common systems, their functions, and security implications. Chapter 6, “Planning for Security Implementation and Auditing Weaknesses,” gives a methodology for conducting a security audit, both by providing a checklist of questions to determine the state of the library's security and by describing port scanners and other audit tools that can check servers, desktops, and networks to determine vulnerabilities. With this information in hand, library staff can develop a plan to reduce risks. Chapters 7 and 8 provide information and strategies for securing public and library office technology at the computer workstation level. Chapter 8, “Developing Security for Library Office Technology,” offers a useful set of best practices. Chapter 7, “Implementing Policies for Secure Public Technologies,” is not quite so straightforward as to provide best practices, but perhaps trying to strike the proper balance between security and access makes the task difficult to accomplish in practice and in words of advice. The authors provide checklists and issues to think about when forming public computer and privacy protection policies and procedures that are helpful.
The final chapters deal with server security (chapter 9, “Establishing Server Security”) and network security (chapter 10, “Securing the Library Network from External Threats,” and chapter 11, “Securing the Library Network from Internal Threats”). In these final chapters, the authors provide an overview of the underlying technology and how it works and then give specific advice on security. An appendix of links to state laws on cyber and computer crime and a glossary add to the book's value. Each chapter uses the technique of providing review questions to evaluate knowledge gained from the chapter, as well as a summary of key points and conclusions. The book includes many illustrations, tables, and wide margins that make it readable and easy to understand. The authors add boxes of text in the margins at various places throughout the book to add comments and more explanations. Beginning with chapter 5, the authors provide additional references and resources.
Securing Library Technology is written in an easy-to-read style. It includes many analogies to the nontechnical world, so that highly technical content can more easily be understood. The key points and conclusions offer nice summaries of the chapter contents and are more helpful than the review questions in helping to comprehend the information. The authors provide references and resources that will help those who need more details to quickly reach useful information. Most of the references are to O'Reilly Media books, and many date back to the early 2000s, but they are probably reasonable recommendations, as these resources are popular with technical support staff and more recent editions of those older imprints are not available. Some of the information in the book dates back to 2007, such as a “list of the top virus threats in mid-2007,” as indicated by Microsoft's Live One Care (p. 90) in the chapter on hackers and malcontents. For a book with a 2009 publication date, a more current list should be available.
The authors state in the chapter 9 discussion regarding server security that “A librarian with some basic understanding and relative expertise that [sic] has been assigned the responsibility of implementing such services should now have the foundation in which to research the individual software or platforms, choose the best for the library's mission, and implement same in a secure environment and fashion” (p. 165). That statement is true of the entire book. It provides a good foundation and basic introduction, but the topic is much too big to be covered in this 245-page book. For example, firewalls are covered in 21 pages, whereas the authors refer to a book on firewalls, which by itself is 869 pages. This book, then, would be useful for the library technical support person who is just starting out, as it provides the basic concepts of library technology security and points to more in-depth information. The book also is useful for a manager, who may not have extensive technical training but oversees a technical staff, to gain a better understanding of security measures. Although the book includes some editorial lapses, overall it is a very helpful resource.