|
I entered a large reply to this thread but I don't see it. Probably I closed the window rather than hitting "Submit reply". I do dumb stuff like that.
I don't want to retype the whole thing, but the gist of it was:
If you have a PHYSICALLY ACCESSIBLE computer out there in the public, it is almost impossible to secure it adequately. Encrypted filesystems can help, password protected BIOS can help, strong firewalling can help, limited network access can help, full backups can help, placing it where it can be easily observed by staff can help - but it is fundamentally almost impossible to secure a computer if the users have physical access to it.
For this reason, I would still recommend that you keep your Calibre library on a separate server, and this physically accessible (I assume) computer in the library should be considered an island to itself, having data rsynced (pushed) to it rather than pulled from it. Firewall it off from your internal library network (except for a very tight hole to allow the rsync). Be ready for it to be destroyed in an instant, and be able to rebuild it easily from a backup image. If you give them a USB port to download books from, then you've given them a USB port they can boot from (there are ways around BIOS passwords). If they boot from their thumbdrive, all of your local security measures are for naught (except encrypting every file system). But even with that, depending on your network setup, they may still gain access to your internal library network. Which is not a good thing. Especially since you mentioned "students". It might not be so bad if this computer was to be accessed only by senior citizens living in a closed retirement community.
Physical access + students = WARNING! WARNING! WARNING!
|