Presentation is loading. Please wait.

Presentation is loading. Please wait.

Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library.

Published byNathen Silas Modified over 9 years ago

Similar presentations

Presentation on theme: "Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library."— Presentation transcript:

1 Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library

2 Summary Exploration of how Leeds solved the knotty problem of regulating access to our online resources for our external users. Not advocating that this is the only possible solution – just a neat one which works for us

3 Context in 2004 150 Library Internet PCs User authentication not required All people permitted access to our buildings could access the Web Included c12,000 external users And a number of day visitors But the system basically worked

4 What changed? Growing number of incidents of computer misuse Clarification at University level of the requirement to authenticate

5 LEEDS UNIVERSITY ACCESS CONTROL & ACCOUNT MANAGEMENT POLICY 2.5 Identification and Authentication All users of University systems must be identified and authenticated by systems that they access using at least two sources of information. Prior to using University systems, users must: Present their identity to the security mechanisms of the system by entering a user-id or user-name that has been allocated to their computer account, or by presenting some other form of system recognised identity; and, authenticate themselves by providing information, such as a password or PIN, that the system corroborates as a binding between the person and the identifier, and validates them as being an authorised user.

6 What changed? Growing number of incidents of computer misuse Clarification at University level of the requirement to authenticate Guidance from CHEST and JISC about the University’s responsibilities

7 CHEST Public Access and Library Terminals Use - Definitions Walk-in User A person who is not a currently registered student, faculty member or employee of the licensed institution but is permitted by the institution to access the secure network* via a computer or terminal within the Library premises is deemed to be an authorised user but only for the duration they are within the Library premises. Institutions that provide access to networks, and users who benefit from that access, should regard it as normal to require an individual identity. Secure Network shall mean a network (whether a stand alone network or a virtual network within the Internet) which is only accessible to Authorised Users whose identities are authenticated by the Institution at the time of log-in and periodically thereafter consistent with current best practice and whose conduct is subject to regulation by the Institution. (http://www.eduserv.org.uk/chest/datasets/walk-in-users.html)

8 What changed? Growing number of incidents of computer misuse Clarification at University level of the requirement to authenticate Guidance from CHEST and JISC about the University’s responsibilities Dawning realisation within the Library that the status quo was unsustainable.

9 Possible Options Option One Require a University Login to all Library PCs but… ISS not willing to register 12,000 new users Library unable to withdraw access for these users

10 Possible Options Option Two Issue a Generic Login to External Users from our Counter but… Time consuming to administer Inconvenient for our users What about when the Library is unstaffed?

11 Possible Options Option Three Forget about users logging in and instead run an extensive CCTV system overlooking the Library Intranet PCs but… Very expensive No authentication of PC users Therefore failed to meet the minimum institutional and national standards

12 Possible Options Option Four Authenticate our users using a third-party product (CybraryN) linked to our Innovative system via the Patron API interface Reasonable cost Track record of Innovative integration Achieves authentication for all Library users Permits access whenever the Library is open Minimal administration Meets national and institutional standards

13 How Does It Work : Out of the Box

14 Issues to Overcome 1.Patron API Security Hole Notoriously insecure Confidential data sent over the network IP address restriction not effective Threat of data harvesting

15 Issues to Overcome 1.Patron API Security Hole 2.Consistency with WAM Had recently been introduced CybraryN more stringent WAM more forgiving Wanted to avoid user confusion

16 Issues to Overcome 1.Patron API Security Hole 2.Consistency with WAM 3.Logging of usage data Pattern of ‘external’ PC use a mystery Collecting data from individual PCs inefficient Central log of usage preferable

17 Issues to Overcome 1.Patron API Security Hole 2.Consistency with WAM 3.Logging of usage data 4.Limitations of CybraryN software Product designed to work with various LMS (including Innovative) An alternative setup required development work by CybraryN themselves

18 Middle Service Based Authentication

19 Middle Service Key Points Simple CGI Script written in Perl using existing modules Sits on the University’s main webserver Configured so that the CybraryN client thinks the Middle Service is a web page While WAM treats it as a web browser making a WAM request All requests logged on the webserver – successful or not Log can be used for troubleshooting or for usage statistics

20 Implementation Introduced in Summer 2005 in our six campus Libraries Our Main Libraries began with four CybraryN PCs each Health Sciences Library began with fourteen External members can use their name and Library barcode to authenticate themselves Day visitors have to produce ID and sign the University’s Acceptable Use Policy in order to receive a day ticket Has proved very nearly trouble free

21 And finally… Any Questions? If you are interested we are happy to answer further questions, share the script and provide implementation advice. But we cannot offer ongoing support Contact : r.crowley@leeds.ac.ukr.crowley@leeds.ac.uk

Download ppt "Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library."

Similar presentations

The Complete Visitor Management System

The Complete Visitor Management System
PC Client Training Customer Name © 2010 CYPRESS COMMUNICATIONS, INC. 1.

PC Client Training Customer Name © 2010 CYPRESS COMMUNICATIONS, INC. 1.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Transforming the World of Employee Benefits For Our Policyowners www.regencelife.com.

Transforming the World of Employee Benefits For Our Policyowners
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
July 11 - September 2 2005 FFIEC Central Data Repository Bank Enrollment.

July 11 - September FFIEC Central Data Repository Bank Enrollment.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.

Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Computer Monitoring System for EE Faculty By Yaroslav Ross And Denis Zakrevsky Supervisor: Viktor Kulikov.

Computer Monitoring System for EE Faculty By Yaroslav Ross And Denis Zakrevsky Supervisor: Viktor Kulikov.
Security Controls – What Works

Security Controls – What Works
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Integrating Learning Resources in StudyNet Paul Hudson Learning Technology Development Unit Learning and Information Services University of Hertfordshire.

Integrating Learning Resources in StudyNet Paul Hudson Learning Technology Development Unit Learning and Information Services University of Hertfordshire.
Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.

Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Using a Third-Party Proxy System with the Innovative Patron API Emalee Craft, Jennifer Ward University of Washington Libraries Innovative Users Group Meeting,

Using a Third-Party Proxy System with the Innovative Patron API Emalee Craft, Jennifer Ward University of Washington Libraries Innovative Users Group Meeting,
Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.

Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.
Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.

Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.
Ken Dorsey KA8OAD. What is EchoLink? The simple answer is EchoLink software uses VoIP technology to link ham radio stations together around the world.

Ken Dorsey KA8OAD. What is EchoLink? The simple answer is EchoLink software uses VoIP technology to link ham radio stations together around the world.

Similar presentations

Ads by Google