Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library.

Slides:

Advertisements

Similar presentations

The Complete Visitor Management System

Advertisements

PC Client Training Customer Name © 2010 CYPRESS COMMUNICATIONS, INC. 1.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

Transforming the World of Employee Benefits For Our Policyowners

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

July 11 - September FFIEC Central Data Repository Bank Enrollment.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Computer Monitoring System for EE Faculty By Yaroslav Ross And Denis Zakrevsky Supervisor: Viktor Kulikov.

Security Controls – What Works

Active Directory: Final Solution to Enterprise System Integration

Integrating Learning Resources in StudyNet Paul Hudson Learning Technology Development Unit Learning and Information Services University of Hertfordshire.

Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Using a Third-Party Proxy System with the Innovative Patron API Emalee Craft, Jennifer Ward University of Washington Libraries Innovative Users Group Meeting,

Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.

Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.

Ken Dorsey KA8OAD. What is EchoLink? The simple answer is EchoLink software uses VoIP technology to link ham radio stations together around the world.

Getting started on informaworld™ How do I register my institution with informaworld™? How is my institution’s online access activated? What do I do if.

SOCKS Group: Challenger Member: Lichun Zhan. Agenda Introduction SOCKS v4 SOCKS v5 Summary Conclusion References Questions.

University of Kentucky Proxy Service Presentation By Kelly Vickery

Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.

5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 

Copyright 2000 eMation SECURITY - Controlling Data Access with

Introducing The eLearning solution for the Archdiocese of Brisbane Building the capability of our people through flexible learning.

The National Grid Service User Accounting System Katie Weeks Science and Technology Facilities Council.

University Health Care Computer Systems Fellows, Residents, & Interns.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department Prepared By Ahmed Obaid Wassim Salem Supervised.

In the web address box enter Enter your user ID (first and last initial 7 digit ID number) Select Log in.

Electronic data collection system eSTAT in Statistics Estonia: functionality, authentication and further developments issues 4th June 2007 Maia Ennok,

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

Licensing Evolution ICOLC October 2006 – Rome Lorraine Estelle.

WISER: Remote access to databases and datasets This session will help you to set up access to Oxford online resources from your home computer. The session.

PubMed Overview From the main HINARI webpage, we can access PubMed by clicking on Search HINARI journal articles through PubMed (Medline). Note: If you.

We now will use Advanced Search Builder option. Access to Advanced is from the initial PubMed page or the Search Results page. Advanced Search.

1 Visalia Unified School District SRTS User Training November 21, 2005 By SRTS Support

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Presentation of the Online Pre-Screening Process on EasyAppsOnline.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

Configuring and Deploying Web Applications Lesson 7.

1 Visalia Unified School District Principal & Area Administrator Service Request Approval Processing Using The SRTS November 16, 2005 Administrative Services.

Policies and Security for Internet Access

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

2017 SCHOLASTIC WORLD RECORD BOOK 2017 SCHOLASTIC WORLD RECORD BOOK HELP FLOYD MAKE IT INTO THE 2017 SCHOLASTIC WORLD RECORD BOOK!!! THIS SUMMER FLOYD.

An Open Source Software Initiative for CD Content Management Present by M.Manivannan, Information Analyst Central Library, IIT Kharagpur Online CD Library.

FIRST DAY OF CLASS Registration Instructions Access Code.

CitiBuy Support January, 2009 This guide will provide you with a quick overview of the new Support Portal for the Baltimore CitiBuy Purchasing System City.

Architecture Review 10/11/2004

INFORMATION TECHNOLOGY NEW USER ORIENTATION

Control system network security issues and recommendations

Yahoo Support Ireland Toll-Free Number:

Chapter 27: System Security

The University of Texas at El Paso

INFORMATION TECHNOLOGY NEW USER ORIENTATION

SharePoint Online Authentication Patterns

Access eJournals Form Your Home

INFORMATION TECHNOLOGY NEW USER ORIENTATION

Smart Business for eGeneration Companies

To the ETS – Accounts Setup and Preferences Online Training Course

Patient Access to Electronic Medical Records

In-house Developed Library Solutions

Security - Forms Authentication

Office of Research and Sponsored Projects

Presentation transcript:

Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library

Summary Exploration of how Leeds solved the knotty problem of regulating access to our online resources for our external users. Not advocating that this is the only possible solution – just a neat one which works for us

Context in Library Internet PCs User authentication not required All people permitted access to our buildings could access the Web Included c12,000 external users And a number of day visitors But the system basically worked

What changed? Growing number of incidents of computer misuse Clarification at University level of the requirement to authenticate

LEEDS UNIVERSITY ACCESS CONTROL & ACCOUNT MANAGEMENT POLICY 2.5 Identification and Authentication All users of University systems must be identified and authenticated by systems that they access using at least two sources of information. Prior to using University systems, users must: Present their identity to the security mechanisms of the system by entering a user-id or user-name that has been allocated to their computer account, or by presenting some other form of system recognised identity; and, authenticate themselves by providing information, such as a password or PIN, that the system corroborates as a binding between the person and the identifier, and validates them as being an authorised user.

What changed? Growing number of incidents of computer misuse Clarification at University level of the requirement to authenticate Guidance from CHEST and JISC about the University’s responsibilities

CHEST Public Access and Library Terminals Use - Definitions Walk-in User A person who is not a currently registered student, faculty member or employee of the licensed institution but is permitted by the institution to access the secure network* via a computer or terminal within the Library premises is deemed to be an authorised user but only for the duration they are within the Library premises. Institutions that provide access to networks, and users who benefit from that access, should regard it as normal to require an individual identity. Secure Network shall mean a network (whether a stand alone network or a virtual network within the Internet) which is only accessible to Authorised Users whose identities are authenticated by the Institution at the time of log-in and periodically thereafter consistent with current best practice and whose conduct is subject to regulation by the Institution. (

What changed? Growing number of incidents of computer misuse Clarification at University level of the requirement to authenticate Guidance from CHEST and JISC about the University’s responsibilities Dawning realisation within the Library that the status quo was unsustainable.

Possible Options Option One Require a University Login to all Library PCs but… ISS not willing to register 12,000 new users Library unable to withdraw access for these users

Possible Options Option Two Issue a Generic Login to External Users from our Counter but… Time consuming to administer Inconvenient for our users What about when the Library is unstaffed?

Possible Options Option Three Forget about users logging in and instead run an extensive CCTV system overlooking the Library Intranet PCs but… Very expensive No authentication of PC users Therefore failed to meet the minimum institutional and national standards

Possible Options Option Four Authenticate our users using a third-party product (CybraryN) linked to our Innovative system via the Patron API interface Reasonable cost Track record of Innovative integration Achieves authentication for all Library users Permits access whenever the Library is open Minimal administration Meets national and institutional standards

How Does It Work : Out of the Box

Issues to Overcome 1.Patron API Security Hole Notoriously insecure Confidential data sent over the network IP address restriction not effective Threat of data harvesting

Issues to Overcome 1.Patron API Security Hole 2.Consistency with WAM Had recently been introduced CybraryN more stringent WAM more forgiving Wanted to avoid user confusion

Issues to Overcome 1.Patron API Security Hole 2.Consistency with WAM 3.Logging of usage data Pattern of ‘external’ PC use a mystery Collecting data from individual PCs inefficient Central log of usage preferable

Issues to Overcome 1.Patron API Security Hole 2.Consistency with WAM 3.Logging of usage data 4.Limitations of CybraryN software Product designed to work with various LMS (including Innovative) An alternative setup required development work by CybraryN themselves

Middle Service Based Authentication

Middle Service Key Points Simple CGI Script written in Perl using existing modules Sits on the University’s main webserver Configured so that the CybraryN client thinks the Middle Service is a web page While WAM treats it as a web browser making a WAM request All requests logged on the webserver – successful or not Log can be used for troubleshooting or for usage statistics

Implementation Introduced in Summer 2005 in our six campus Libraries Our Main Libraries began with four CybraryN PCs each Health Sciences Library began with fourteen External members can use their name and Library barcode to authenticate themselves Day visitors have to produce ID and sign the University’s Acceptable Use Policy in order to receive a day ticket Has proved very nearly trouble free

And finally… Any Questions? If you are interested we are happy to answer further questions, share the script and provide implementation advice. But we cannot offer ongoing support Contact :