JSTOR Open Proxy Session ALA Midwinter January 26, 2003.

Slides:

Advertisements

Similar presentations

Example policy elements and their role in bandwidth management and optimisation.

Advertisements

HINARI – Access Problems and Solutions. Full-text Article Access Problems Using the Journals by title A-Z list, we are attempting to access a full-text.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

OhioNET EZProxy Service

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

University of Florida Incident Tracking and Reporting Kathy Bergsma

Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Information Security Policies and Standards

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Open Proxy Servers Kevin Guthrie ALA, January 2003.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Computer Security: Principles and Practice

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Network security policy: best practices

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

1 Enabling Secure Internet Access with ISA Server.

1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.

Website Hardening HUIT IT Security | Sep

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

1. What is the DMCA? Digital Millennium Copyright Act. Signed into law in Provides the legal framework for copyright holders to claim copyright.

Test Organization and Management

Aoife Lawton Systems Librarian HSE. Outline eLibrary models of authentication Library/Librarian visibility – some tips Mobile technologies Federated Search.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Lecture 7 Network & ISP security. Firewall Simple packet-filters Simple packet-filters evaluate packets based solely on IP headers. Source-IP spoofing.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

CSCD 434 Network Security Spring 2014 Lecture 1 Course Overview.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.

WISER: Remote access to databases and datasets This session will help you to set up access to Oxford online resources from your home computer. The session.

Digital Preservation Ontario Consortium of University Libraries (OCUL) Caitlin Tillman OCUL IR Chair With notes from Kathy Scardellato, OCUL Executive.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Wireless Intrusion Prevention System

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.

Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Sally Chambers University of London TERENA Networking Conference, Rhodes, Greece: June 2004 Supporting authorised access to Online Library resources: the.

Optimising Internet Bandwidth in Developing Country Higher Education Sara Gwynn INASP

Role Of Network IDS in Network Perimeter Defense.

1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.

Jakob Gadegaard Bendixen, Shibboleth protected proxy servers a case study from the Danish library sector.

Information Security tools for records managers Frank Rankin.

Bepress Session – ALA Midwinter, Philadelphia Supporting Undergraduate Success; Institutional Repositories as curricular tools Teresa A. Fishel January.

Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –

Hosting of Open Access Titles: Why and How for Libraries Wendy Robertson The University of Iowa Libraries ILA/ACRL Spring.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.

Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.

The Move to Hosted Ezproxy Experienced by Texas Tech University

SECURITY INFORMATION AND EVENT MANAGEMENT

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

I have many checklists: how do I get started with cyber security?

Information Security Session October 24, 2005

CSCD 434 Network Security Spring 2012 Lecture 1 Course Overview.

Open Proxy Servers Kevin Guthrie ALA, January 2003

JSTOR as a Shibboleth Target

CSCD 434 Network Security Spring 2019 Lecture 1 Course Overview.

Open access in REF – Planning Workshop

Presentation transcript:

JSTOR Open Proxy Session ALA Midwinter January 26, 2003

Implications for the Scholarly Community Heidi McGregor Director of Publisher Relations

JSTOR Open Proxy Session Community Reactions Publisher and library reactions similar and positive. Characterized by a shared sense of responsibility. Looking for practical solutions.

JSTOR Open Proxy Session Risks of Unauthorized Access Undermines legal obligations and trust. Challenges ability to sustain electronic resources. Raises questions of authenticity.

Technological Implications David Yakimischak, CTO, JSTOR Dan Oberst, OIT, Princeton

JSTOR Open Proxy Session JSTOR Perspective Tools for Automated Monitoring Human Actions

JSTOR Open Proxy Session Tools for Automated Monitoring 24x7 Hourly Web Log Analysis Look at Activity per IP Address Look for Sequential Journal Coverage Suspicion => Scan for Open Proxies If open, suspend further printing and notify Look for other patterns and signatures

JSTOR Open Proxy Session Human Intervention Review logs and look for patterns Oversight of robots Liaison with User Services, Legal, and others

JSTOR Open Proxy Session Campus Network Perspective Policies Monitoring Current Ideas Future Ideas

JSTOR Open Proxy Session Policies Each institution needs to determine how it will address this issue Review existing policies and precedents Determine new policies, enact, and notify Typical policies cover: monitoring, notification, action, and responses Common policy is to respond to incidents What to do about proactive steps?

JSTOR Open Proxy Session Monitoring Scan campus networks for open proxies Test access to [external] restricted resources Frequency and composition of scans Part of overall campus intrusion detection Proactive monitoring for vulnerabilities

JSTOR Open Proxy Session Possibilities for Discussion Consider a central proxy as the only means to access licensed resources Consider if JSTOR should scan machines for open proxies before providing access Smaller institutions are implementing firewalls and tightly monitoring for abuse

JSTOR Open Proxy Session Future Ideas Shibboleth ( International efforts such as Athens ( Digital Certificates (

The Role of the Librarian Sherry Aschenbrenner Director of User Services

JSTOR Open Proxy Session Librarian Response Response has been overwhelmingly positive, and interest is high. This is new territory for many librarians, including those of us at JSTOR. We can be all be informed by looking at the questions JSTOR has received.

JSTOR Open Proxy Session Library Proxy Servers Is it possible that my library’s proxy server is unrestricted? –It is very unlikely that your main library proxy server is unrestricted. –It is much more likely that an individual has set up a web server without realizing that they may have also implemented an unrestricted proxy server.

JSTOR Open Proxy Session Detecting Open Proxies Should we scan our network for open proxies? –Contact network staff to determine if there are existing procedures on your campus for identifying open proxies. Some campuses, for example, already perform periodic scans. –Scanning should only be done in conjunction with or by your technology staff. We recommend that you don’t scan for open proxies yourself. You could trigger campus alarms.

JSTOR Open Proxy Session Unauthorized Downloading How do I know if our campus network was involved in the unauthorized downloading of JSTOR articles last fall? –We have notified our contacts at the affected participating institutions. –Who is your contact?

JSTOR Open Proxy Session If JSTOR Calls… What steps are taken if JSTOR discovers an open proxy on your campus? –We will let you know we have detected an open proxy, its IP number, port number, and the date and time of access. –Printing from this IP address will have been automatically denied. –The owner of the proxy will need to change the configuration of the proxy -- “close it.” –As soon as we can verify that the proxy is no longer unrestricted, we will re-establish the ability to print at this IP number.

JSTOR Open Proxy Session Testing for an Open Proxy

JSTOR Open Proxy Session What More Can Librarians Do? Become familiar with proxy servers. Be assured that: –JSTOR’s access policies have not changed –JSTOR does allow the use of legitimate proxies Educate patrons and staff about the risks and issues associated with open proxies. If necessary, talk to campus IT staff to make sure they are aware of these issues. Learn more about new initiatives that may present alternatives to IP authentication.