Regarding the discussion below, our campus system was broken into by two
hackers from Australia in the fall.  The computing staff was forced to
drop almost everything for several weeks and create what's known as a
"firewall" to protect the system.  Obviously the fact that two hackers
targeted a small liberal arts college on the other side of the globe had
nothing
to do with their feelings or knowledge about the college, because they
didn't have any.  They broke in for the sport and challenge of it, i.e.
because they discovered that they *could*.

These guys were more pranksters than criminals, but it seems to me that
museums have information on their internal computer networks that would be
useful
to criminals--donor records, the insurance values for work in their
collections, employee payroll records so that credit card thieves could
set up
phony accounts in other people's names.

--Helen Glazer, Exhibitions Director
Goucher College
Baltimore, MD, USA

On Wed, 29 Jan 1997, Jean-Paul Viaud wrote:

> I agree: it's not given to the first come to attack and destroy/steal
> museum data on a web site.  But there is a possibility and that's
> enough.
>
> As for museum not being a favoured target,  I do not agree.
>
> ANY site is a target...
>
> To say "if we ever do have trouble, we'll be able to justify the expense..." is
> equivalent to say, "if we ever do have someone stealing or destroying
> something in the collection, we'll be able to justify the expense for museum
> security".  You don't correct such a situation.  You prevent it .
>
> My opinion is:
>
> IF your museum intend to have a permanent presence
> on the web (i.e. your own site, not just rented space on a server where
> security should be a responsability of the Internet provider) and there
> is a PHYSICAL connection to your LAN or WAN, you should inforce
> regular museum security policies (i.e. ICOM standards) and
> implement special measures proposed by organisations like
> the National Computer Security Associaition.