Presentation is loading. Please wait.

Presentation is loading. Please wait.

JSTOR Open Proxy Session ALA Midwinter January 26, 2003.

Published byAlfred Griffith Modified over 8 years ago

Similar presentations

Presentation on theme: "JSTOR Open Proxy Session ALA Midwinter January 26, 2003."— Presentation transcript:

1 JSTOR Open Proxy Session ALA Midwinter January 26, 2003

2 Implications for the Scholarly Community Heidi McGregor Director of Publisher Relations

3 JSTOR Open Proxy Session Community Reactions Publisher and library reactions similar and positive. Characterized by a shared sense of responsibility. Looking for practical solutions.

4 JSTOR Open Proxy Session Risks of Unauthorized Access Undermines legal obligations and trust. Challenges ability to sustain electronic resources. Raises questions of authenticity.

5 Technological Implications David Yakimischak, CTO, JSTOR Dan Oberst, OIT, Princeton

6 JSTOR Open Proxy Session JSTOR Perspective Tools for Automated Monitoring Human Actions

7 JSTOR Open Proxy Session Tools for Automated Monitoring 24x7 Hourly Web Log Analysis Look at Activity per IP Address Look for Sequential Journal Coverage Suspicion => Scan for Open Proxies If open, suspend further printing and notify Look for other patterns and signatures

8 JSTOR Open Proxy Session Human Intervention Review logs and look for patterns Oversight of robots Liaison with User Services, Legal, and others

9 JSTOR Open Proxy Session Campus Network Perspective Policies Monitoring Current Ideas Future Ideas

10 JSTOR Open Proxy Session Policies Each institution needs to determine how it will address this issue Review existing policies and precedents Determine new policies, enact, and notify Typical policies cover: monitoring, notification, action, and responses Common policy is to respond to incidents What to do about proactive steps?

11 JSTOR Open Proxy Session Monitoring Scan campus networks for open proxies Test access to [external] restricted resources Frequency and composition of scans Part of overall campus intrusion detection Proactive monitoring for vulnerabilities

12 JSTOR Open Proxy Session Possibilities for Discussion Consider a central proxy as the only means to access licensed resources Consider if JSTOR should scan machines for open proxies before providing access Smaller institutions are implementing firewalls and tightly monitoring for abuse

13 JSTOR Open Proxy Session Future Ideas Shibboleth (http://shibboleth.internet2.edu/) International efforts such as Athens (www.athens.ac.uk)www.athens.ac.uk Digital Certificates (www.diglib.org/architectures/digcert.htm)www.diglib.org/architectures/digcert.htm

14 The Role of the Librarian Sherry Aschenbrenner Director of User Services

15 JSTOR Open Proxy Session Librarian Response Response has been overwhelmingly positive, and interest is high. This is new territory for many librarians, including those of us at JSTOR. We can be all be informed by looking at the questions JSTOR has received.

16 JSTOR Open Proxy Session Library Proxy Servers Is it possible that my library’s proxy server is unrestricted? –It is very unlikely that your main library proxy server is unrestricted. –It is much more likely that an individual has set up a web server without realizing that they may have also implemented an unrestricted proxy server.

17 JSTOR Open Proxy Session Detecting Open Proxies Should we scan our network for open proxies? –Contact network staff to determine if there are existing procedures on your campus for identifying open proxies. Some campuses, for example, already perform periodic scans. –Scanning should only be done in conjunction with or by your technology staff. We recommend that you don’t scan for open proxies yourself. You could trigger campus alarms.

18 JSTOR Open Proxy Session Unauthorized Downloading How do I know if our campus network was involved in the unauthorized downloading of JSTOR articles last fall? –We have notified our contacts at the affected participating institutions. –Who is your contact? Email: jstor-info@umich.edu

19 JSTOR Open Proxy Session If JSTOR Calls… What steps are taken if JSTOR discovers an open proxy on your campus? –We will let you know we have detected an open proxy, its IP number, port number, and the date and time of access. –Printing from this IP address will have been automatically denied. –The owner of the proxy will need to change the configuration of the proxy -- “close it.” –As soon as we can verify that the proxy is no longer unrestricted, we will re-establish the ability to print at this IP number.

20 JSTOR Open Proxy Session Testing for an Open Proxy

21 JSTOR Open Proxy Session What More Can Librarians Do? Become familiar with proxy servers. Be assured that: –JSTOR’s access policies have not changed –JSTOR does allow the use of legitimate proxies Educate patrons and staff about the risks and issues associated with open proxies. If necessary, talk to campus IT staff to make sure they are aware of these issues. Learn more about new initiatives that may present alternatives to IP authentication.

Download ppt "JSTOR Open Proxy Session ALA Midwinter January 26, 2003."

Similar presentations

Example policy elements and their role in bandwidth management and optimisation.

Example policy elements and their role in bandwidth management and optimisation.
HINARI – Access Problems and Solutions. Full-text Article Access Problems Using the Journals by title A-Z list, we are attempting to access a full-text.

HINARI – Access Problems and Solutions. Full-text Article Access Problems Using the Journals by title A-Z list, we are attempting to access a full-text.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
OhioNET EZProxy Service

OhioNET EZProxy Service
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
University of Florida Incident Tracking and Reporting Kathy Bergsma

University of Florida Incident Tracking and Reporting Kathy Bergsma
Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.

Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Information Security Policies and Standards

Information Security Policies and Standards
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Open Proxy Servers Kevin Guthrie ALA, January 2003.

Open Proxy Servers Kevin Guthrie ALA, January 2003.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Network security policy: best practices

Network security policy: best practices
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Similar presentations

Ads by Google