1 / 15

香港中文大學圖書館系統 University Library System

香港中文大學圖書館系統 University Library System. The Chinese University of Hong Kong. Ernest Yik, Information Technology & Planning. December 9, 2003. Firewalling Proxy Server for Innopac. Proxy, Firewall and Innopac. Proxy Firewall Combining proxy and firewall. Proxy : Description.

hector-skinner
Download Presentation

香港中文大學圖書館系統 University Library System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 香港中文大學圖書館系統 University Library System The Chinese University of Hong Kong Ernest Yik, Information Technology & Planning December 9, 2003 Firewalling Proxy Server for Innopac

  2. Proxy, Firewall and Innopac • Proxy • Firewall • Combining proxy and firewall

  3. Proxy : Description • Transparent web proxy • Change of browser settings not required • All access to WebPAC must first go through the proxy • Proxy software : Apache or Squid

  4. Proxy : Encoding detection • OPAC migrate to Unicode in July 2003 • R2002 phase 2 : browser encoding problem • Add an HTML META tag to facilitate automatic encoding detection <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> • Solved in R2002 phase 3

  5. Proxy : Logging • Logging of all WebPAC activities including • OPAC searching & browsing • Downloading MARC records • Viewing book covers • etc etc… • Many tools available to generate statistics from the standard log files

  6. Proxy : Statistics

  7. Proxy : Statistics (cont.)

  8. Proxy : Other applications • Fine-grain access control, e.g. • Restricting access to Innopac manual • Controlling download of MARC records • Banner display during software updates • When WebPAC is down for maintenance • Enhance WAM Rewrite Proxy • Bypass WAM Proxy for on-campus users

  9. Firewall : Description • Transparent bridging firewall • No modification to Innopac settings • All access to Innopac must first go through the firewall (not only WebPAC) • Firewall software : Linux kernel + iptables

  10. Firewall : Security • Another line of defence against security holes • No software is perfect • Configuration error • Delay in software update • Low level logging and monitoring

  11. Firewall : Security (cont.) • Innopac - Limit Network Access • PatronAPI, OCLCNET etc. • Are they really secure? • Operating system

  12. Firewall + proxy • Firewall security + proxy features • Work together nicely within the same box

  13. HW/SW requirements • Hardware • Low hardware requirements • PC Server with two network interfaces • Software • All open source • Highly flexible and reliable

  14. Things to note • What you want to achieve • Choose among available solutions • Extra resource may be required • What to do in case of failure – recovery plan • Study Innovative’s FAQ on Firewalls • Thorough testing to make sure that normal services are not adversely affected • Firewall itself is not perfect! • Can only provide certain kind of protection • Do not blindly trust the firewall

  15. Thank you • Questions & comments • For technical details, please contact : Ernest YIK, Information Technology & Planning, University Library System, CUHK ernest@lib.cuhk.edu.hk

More Related