Skip Maine state header navigation
Skip First Level Navigation | Skip All Navigation
|Home | Contact Us | Calendar||
Site Map |
For the Public
Network security concerns have increased with the proliferation of computer viruses, network worms and a variety of other network cracking activity. Firewall software exists to control traffic between computers within an organization's local area network and the vast and chaotic Internet. There are a variety of tools and strategies that together constitute a particular organization's firewall. Informed network management must make choices on how to use the available tools and how to implement security strategies to maximize network protection while nevertheless allowing users access to the tools they need.
The Minerva online library management system is shared by nearly 50 Maine libraries. Each must configure its local area network and firewall or other security facilities to allow library workstations to interact with the central database server located in Orono. This interaction takes several forms. Library users search their library catalog, make online requests for materials not available in the local library and manage the materials they have on loan from the library, all through a garden-variety web browser pointed at http://minerva.maine.edu.
Importance of Ports
Depending on the tasks being performed, staff may need to connect to the same server via telnet, web browser, Millennium Java-based client or Windows-based client. Server processes that support these clients, and specific tasks that can be accomplished with these clients, are addressed by port number on the server. Hence, in order to make use of the broad range of library management services provided by Minerva, it is imperative that local firewall configuration not impede data traffic between library client machines behind the firewall and those ports on the central server in Orono that correspond to functions used by the local library.
In order to avoid network-based attacks, firewalls are sometimes set to prohibit passage of any data packet coming from any but a small handful of "common" ports. This approach will not allow libraries to utilize the Innovative Interfaces software underlying Minerva. However, some sites have found that constraining traffic using "uncommon" ports to a small number of client machines behind the firewall and a single server machine outside the firewall establishes a sufficient level of security.
Ports Essential to Minerva Functions
Here is a list of ports used by the Minerva server for functions enabled for Minerva. This list is a subset of the larger list that represents functions used by software modules not enabled for Minerva.
Compromise is Local
Notwithstanding that best practices in network security are ever-evolving, it should be noted that more than 1200 systems serving in excess of 10,000 discrete libraries nationally and internationally run this software without any reports of security breaches related to its use.. All run the same software with the same port access requirements.
The best way to adjust local security policy to meet the requirements of the Innovative Interfaces software is the way that satisfies the needs of library users, library staff and IT staff at any given site. Compromise may be necessary. Time and imagination may be required to arrive at the most function, yet acceptably secure solution. The fact that such a compromise is so commonly found
A library running Millennium should NOT have a timeout set on a firewall. If a site running Millennium has a timeout set on a firewall, users may be logged-out during sessions when the terminal is idle for a few minutes.
Cisco Pix Firewall Issue
There are special issues with regard to configuration of a Cisco Pix firewall in conjunction with use of Millennium client software. For details go to the very end of the Innovative CSDIRECT firewall FAQ. (Username and password required.)
Check out the CSDIRECT firewall FAQ.
|Copyright © 2005 All rights reserved.|