[greenstone-users] Greenstone on CD - Internet security

From Ian Witten
DateMon Mar 10 23:01:59 2008
Subject [greenstone-users] Greenstone on CD - Internet security
In-Reply-To (47D44EAC-2010108-robinson-org-nz)
This is an excellent point, Ed. The Greenstone Local Library does not
use an industrial-strength web server, just a mini one. In fact, even
industrial-strength servers have security problems: our technical
support people ask us to disconnect from the Internet if we test
Greenstone using the IIS web server because of security problems, so
even Microsoft can't seem to get it right.

Greenstone CD-ROM collections were originally, of course, envisaged
for machines without any Internet connectivity. With the widespread
uptake of broadband (and consequent growth in the types of attacks
that can be perpetrated) personal computers that are connected to the
Internet tend to be better setup "out of the box" to warn and/or
guard against the risks: ISPs often hook you up with anti-virus
schemes, and Windows Defender (an optional free download for Windows
XP) is now rebranded and in Windows Vista as standard. Another
common configuration at home is to have a local area network set up
through a ADSL router or similar, which has firewall functionality
built in -- nothing on the LAN is visible to the outside world unless
you intentionally change the settings to the firewall. Under these
conditions it is safe to use Greenstone CD-ROM collections.

We could -- and now you have pointed this out, probably will -- alter
the Local Library server so that by default it only responds to
requests from 127.0.0.1/localhost by default, with an option to make
it more widely available if you want to take the risk.

Thanks a lot for your input.
cheers
ian


On 10/03/2008, at 9:55 AM, E Robinson wrote:

> I am about to issue a CD containing a Greenstone collection, and I
> had a friend have a look at it to check that he could install it
> easily on his machine. One of his comments back to me was:
>
> "The program itself is dangerous ? it hosts a local HTTP server on
> the machine that is then accessible by anyone, not just the user/
> owner of the program.?
>
> So I would recommend that people disconnect from the internet
> after launching the program."
>
> I know that quite a few getting a CD will have broadband / cable
> internet connection - do I need to tell them to disconnect from the
> internet when using Greenstone? - or is there something I should be
> doing when writing the programme and collection to the CD?
>
> Thanks
> Ed Robinson
> Wellington, NZ
>
> _______________________________________________
> greenstone-users mailing list
> greenstone-users@list.scms.waikato.ac.nz
> https://list.scms.waikato.ac.nz/mailman/listinfo/greenstone-users