Evergreen DokuWiki

Evergreen Admin Group Tuesday, December 17, 2024 2 pm EST

Topic: Browser Security

Dan Guarracino at OWWL:

• OWWL manages the computers and networks for their libraries via Active Directory.
• Staff have a tendency to log into the Chrome browser with person accounts and saving passwords to personal accounts or library managed accounts.
• Chrome profiles with Evergreen workstation settings are lost during this logging in via of personal accounts.

Suggestions:

• ECRL suggested a locally managed Firefox portable that makes the browser more locked down.
  • There are sometimes Firefox specific Evergreen bugs
  • This set up lets you have a local Firefox and a dedicated Firefox that act independent of local installation.
• Evergreen Indiana recommends one profile per workstation and warn them about losing settings.
• LARL& NWRL- Chrome Management policies should let you restrict to just the library managed accounts.
• Using a dedicated browser for Evergreen and another for everything else. This may cause issues with staff emails with direct links to Evergreen pages. You may want to set default clients, so the links open in the correct browser.
• Disabling password saving in the dedicated Evergreen profile.

Additional Questions:

• Login Restrictions:
  • Register Workstation permissions limited to specific permission groups.
  • Wishlist bug: Logging for Staff logins by IP address
  • https://bugs.launchpad.net/evergreen/+bug/2063850
  • Apache logs may contain IP addresses
  • Policies outline that library equipment and secure connections
• Long Overdues: Bibliomation
  • https://docs.evergreen-ils.org/docs/latest/circulation/circulating_items_web_client.html#_long_overdue_items
• How do you like it?
  • Does this block the patron’s account?
  • PaILS, OWWL, LARL & NWRL and CW Mars use group penalty threshold blocks for overdue count, bill thresholds rather than long overdue.
• MFA:
  • Who would be implementing?
  • Bibliomation is looking at it for 2025 and a few cities/towns might insurance policies.
  • PaILS is looking to do a staged roll-out based on permission groups in 2025.
  • OWWL is looking to do it for insurance policies. Might consider using Yubikeys for authenticating.
  • Token2.com as another source for keys.
  • Password managers might also provide options for accounts with shared logins
• Booking module:
  • CW Mars-patrons wouldn’t use it themselves, it wasn’t helpful for them.
  • Sitka- a few secondary libraries are moving away from Booking to a third party vendor. There are a few bugs that cause large workflow issues.
  • https://bugs.launchpad.net/evergreen/+bugs?field.tag=booking
  • https://bugs.launchpad.net/evergreen/+bug/1882625
  • https://bugs.launchpad.net/evergreen/+bug/2043022
  • Ian Skelskey at Bibliomation is looking for smaller development projects and maybe able to work on some of the bugs.