<div dir="ltr"><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small">When we hosted our own Symphony ILS, I set up a free open source pfSense firewall with an IPsec VPN tunnel for its traffic. At the time, the WorkFlows staff client only communicated via clear text, so the tunnel was necessary for both normal ILS traffic as well as SIP2 traffic. </div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small">With Evergreen, the browser traffic is encrypted, so it's only for SIP2 traffic that a tunnel is needed now. Unfortunately, our consortium doesn't see it that way and is insisting that each member library have staff access to the ILS through an encrypted tunnel as well--and each member library to incur the cost for maintaining their respective tunnels. Encryption upon encryption. Even Equinox, our ILS host, says that it's totally unnecessary.</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><span style="font-family:"trebuchet ms",sans-serif"><br></span></div><div><span style="font-family:"trebuchet ms",sans-serif">John Lolis</span><br></div><div><font face="'trebuchet ms', sans-serif">Coordinator of Computer Systems</font></div></div></div></div></div></div></div></div></div><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><font face="'trebuchet ms', sans-serif"><img src="https://drive.google.com/a/whiteplainsny.gov/uc?id=0B8o3RoemjyAfR1hZV1U0SWJDdGs&export=download"><br></font></div><div><span style="font-family:"trebuchet ms",sans-serif">100 Martine Avenue</span><br></div><div><span style="font-family:"trebuchet ms",sans-serif">White Plains, NY 10601</span></div></div></div></div></div></div></div></div></div><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><font face="'trebuchet ms', sans-serif"><br></font></div><div><font face="'trebuchet ms', sans-serif">tel: 1.914.422.1497</font></div><div><font face="'trebuchet ms', sans-serif">fax: 1.914.422.1452</font></div><div><font face="'trebuchet ms', sans-serif"><br></font></div><div><font face="'trebuchet ms', sans-serif"><a href="https://whiteplainslibrary.org/" target="_blank">https://whiteplainslibrary.org/</a></font></div><div><br></div><div><i>When you think about it, </i>all<i> security is ultimately security by ignorance.</i></div><font face="Verdana, Arial, Helvetica" size="2"><span></span><span></span><br></font><font face="Verdana, Arial, Helvetica" size="2"><span style="font-family:georgia,serif"></span></font></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 5 Jan 2021 at 09:43, Jason Boyer <<a href="mailto:jboyer@equinoxinitiative.org">jboyer@equinoxinitiative.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;">Hi Wendell, there isn’t really anything that can be done to SIP2 to make it secure without making it not-SIP2. That said, what can be done is to transfer it over an encrypted channel. I know some Evergreen and Koha systems handle SIP2 this way and I suspect TLC is doing the same. This tunneling can be done with stunnel (an openssl TLS tunnel) or ssh port redirection and most vendors are capable of dealing with one or the other.<div><br></div><div>There’s nothing special needed in Evergreen to handle this; you just need to setup SIPServer to listen to a local IP rather than a public one and coordinate with the vendor what type of tunnel to use. I realize this is pretty non-specific but if you have any questions I or someone else on the list should be able to help out.<br><div><br></div><div>Jason</div><div>
<div><br>-- <br>Jason Boyer<br>Senior System Administrator<br>Equinox Open Library Initiative<br>phone: +1 (877) Open-ILS (673-6457)<br><a href="mailto:JBoyer@EquinoxInitiative.org" target="_blank">email: JBoyer@EquinoxInitiative.org</a><br>web: <a href="https://EquinoxInitiative.org/" target="_blank">https://EquinoxInitiative.org/</a></div>
</div>
<div><br><blockquote type="cite"><div>On Jan 5, 2021, at 9:05 AM, Gragg, Wendell E <<a href="mailto:WGragg@bryantx.gov" target="_blank">WGragg@bryantx.gov</a>> wrote:</div><br><div><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Hi all. I haven’t posted in a while, but we are still in the process of evaluating ILS systems and our city IT department is balking at one thing, SIP2 being plain text. Apparently, one vendor, TLC claims they have an encryption solution for SIP2, but I question whether it actually works or not, and TLC is another proprietary system, which we are trying to avoid.<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">I have been trying to research SIP2 a bit more and am not finding a lot of information about security issues with it. I’m also trying to find out if anyone in the Evergreen community has worked with encrypting SIP2 messages, at least sensitive information like passwords and user barcodes.<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Is this even possible in Evergreen and has it caused any problems with outside vendors like OCLC or Envisionware?<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">I would like to find this out because I fear that our city IT is going to force us into an ILS we really don’t want.<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Thanks,<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Wendell<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Wendell Gragg, MSIS<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Automation Services Supervisor<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Bryan+College Station Public Library System<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Bryan, TX<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">979-209-5613<u></u><u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div></div><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline">_______________________________________________</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline">Evergreen-general mailing list</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><a href="mailto:Evergreen-general@list.evergreen-ils.org" style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">Evergreen-general@list.evergreen-ils.org</a><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><a href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general" style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a></div></blockquote></div><br></div></div>_______________________________________________<br>
Evergreen-general mailing list<br>
<a href="mailto:Evergreen-general@list.evergreen-ils.org" target="_blank">Evergreen-general@list.evergreen-ils.org</a><br>
<a href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general" rel="noreferrer" target="_blank">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general</a><br>
</blockquote></div>