Site Map

Home / Library Resources / Technology

Best Practices for Library Computer Networks

Staffing

• Have a member of staff as a dedicated network administrator, to whom you should provide ample training opportunities
• Make sure the dedicated network administrator is aware of who is making changes on the network and they approve of the changes before they occur.

Planning

• Have a written technology plan that moves forward your organization’s goals. As well as focusing efforts, this can help when applying for grants or approaching potential donors
• Think of impact of changes made in one area will have in another. Example: “If we add another 20 PCs, will we have enough Internet bandwidth to support them?”

Projects & Upgrades

• Document your projects.  Include a description, timeline, budget and performance expectations of you and your vendors (if any).  This will make sure everyone is on the same page.  Use this documentation to track the projects & help keep them on schedule & budget. Be prepared to document the reasons for any exceptions, overruns or overages
• Choose vendors & contractors very carefully. Check their track records with your peers at other libraries. Get references
• Make changes one at a time if possible.
• When possible, test changes on a test computer before rolling the changes to all computers.
• Schedule upgrades and changes where possible.  Keep track of when you made these changes so that you can see if a problem started after an upgrade.

Hardware

See example Library LAN layout

• Regularly inspect your hardware, look for failed drives, noisy fans, failed power supplies, USB batteries, etc.  Keep equipment clean, especially if in public use. Regularly wipe mice, keyboards & monitors.  Blow dust out of CPU’s once per year at the very least
• Make sure network drops are clearly labeled; these should match corresponding ports on patch panels
• Install UPSs, Uninterruptible Power Supplies, to protect your networking equipment (routers, switches, hubs, firewalls etc.). If protecting all computers is out of budgetary reach, certainly protect key, business critical computers.
• Install a network firewall to help protect your computers from external malicious hackers
• Avoid "chaining" your network switches. Make the best one a "core," connected direct to your router and servers, and then connect the other switches to the core.
• Keep network cabling neat and tidy
• Keep networking equipment in a clean, secure environment - preferably temperature-controlled
• Keep a current inventory of all equipment and verify it once per year

Management

• In a large environment use a print server to share printers and their respective drivers
• Devise a structured IP addressing scheme and record it in a spreadsheet; use DHCP if you manage a large number of PCs
• If you have a file server, create a logical directory structure for shared files, usually this follows an organizational chart. File & share permissions should be set accordingly
• Have a backup solution in place for important data. These can range from central tape drives to USB pen drives for users
• Don't make users administrators of their machines
• Enable automatic updates on Windows machines and keep them current
• Protect all computers and network servers with antivirus and anti-spyware utilities and keep them up to date
• Document your network setup, your computer set up, and your software
• Force users to change passwords regularly and make them use secure passwords; also enforce this on your network servers

Patron-use machines

• Use an appropriate technique for locking down the environment available to patrons on public-use computers. There are many techniques and solutions available; one should be good for your situation. The goal is to make your computers tamper-proof
• Public-use computers should also be physically secured

Wireless

Five Steps You Need To Take To Protect Your Wireless Network (Edited from the Linksys Web site’s Learning Center).

Networking makes it easy to share Internet access and data. But you wouldn't want to share your information with just anyone. With a wireless network, your information is traveling through the airwaves, not physical wires, so anyone within range can "listen in" on your network. Here are five essential security measures you should take to secure your wireless network:

1. Change the default SSID.  -Your wireless devices have a default SSID (Service Set Identifier) set by the factory. The SSID is the name of your wireless network, and can be up to 32 characters. Change the network's SSID to something unique, and make sure it doesn't refer to the networking products you use.

2. Disable SSID broadcast – unless you are running a wireless hotspot. By default, most wireless networking devices are set to broadcast the SSID, so anyone can easily join the wireless network with just this information. But hackers will also be able to connect, so unless you're running a public hotspot, it's best to disable SSID broadcast. You may think it is more convenient to broadcast your SSID so that you can click on it to join your network, but you can configure the devices on your network to automatically connect to a specific SSID without broadcasting the SSID from your router.

3. Change the default password. - For wireless products such as access points and routers, you will be asked for a password when you want to change their settings. These devices have a default password set by the factory. To thwart any unauthorized changes, customize the device's password so it will be hard to guess.

4. Enable MAC address filtering – unless you are running a wireless hotspot. With MAC address filtering enabled, wireless network access is provided solely for wireless devices with specific MAC addresses. For example, you can specify only the computers in your house to access your wireless network. It would be very difficult for a hacker to access your network using a random MAC address

5. Enable Encryption - Wired Equivalency Privacy (WEP) and Wi-Fi Protected Access (WPA) offer different levels of security for wireless communication. WEP is currently the most widely used level of encryption and is supported by more devices than WPA. WPA is considered to be more secure than WEP, because it uses dynamic key encryption. To protect the information as it passes over the airwaves, you should enable the highest level of encryption that is supported by your network equipment.

When Things go Wrong

• Know whom to call: (ISPs, helpdesks, vendors), and have their contact information on paper. Also write down any reference or serial numbers that they might need to identify you, your account, or the equipment
• Know where to find help; check vendors’ websites… if it is a Microsoft issue, search the Microsoft site. Make use of the knowledge of your peers at other libraries.
• For internet and other mission critical outages, establish procedures for the staff on what they should do, and when they should do it. This will allow you to concentrate on trying to identify and solve the problem
• After a problem is solved, write up the problem and solution, so you don’t have to figure out the same issue more than once