We unplug the ILS vendor modem line and plug it in only
 when they are running a software update or testing to correct
 a problem with our service.  Our online electronic databases
 are accessed by password and we don't give out the IP numbers.
     Jane Crabill
     Supervisory Librarian
     Marquat Memorial Library
     Fort Bragg, NC

-----Original Message-----
From: Claire Robb [mailto:[log in to unmask]]
Sent: Wednesday, December 11, 2002 4:25 PM
To: [log in to unmask]
Subject: Computer Security Plan for Integrated Library System

I would like to know how other Federal agencies approach computer security
in regards to their integrated library system.  Especially if their agency
has a high-level of security.

Does the server that the system is housed on have it's own private firewall?
Have you granted the vendor remote access to the server?   How do they
access (no access, vendor visit, remote communications using dial up, SSH,
VPN, ISDN, etc. - specify)?    Does your system require leaving ports open?
Do you leave them open 24x7?  How do you handle access when you need
customer support?  Do you require the vendor to give one IP address that
your agency can recognize, or does the agency recognize the IP address for
the firewall?

Needless to say, you may not be able to share your security plan (per-se).
However, if you can provide general information to another Federal agency on
how  your library approaches security, without violating your security
policy, it would be appreciated.  You may call me, email, or if possible
send a redacted version of your security plan.

If you are on this listserv, but cannot provide this information, it would
be appreciated if you would send this email to whoever might be able to

Thank you

Claire Robb, Systems Librarian
U.S. Nuclear Regulatory Commission
Phone: (301) 415-5618
email: [log in to unmask]