Re: [CODE4LIB] Balancing security and privacy with EZproxy

Personally, I'd be tempted to go the IP lockout route myself since the patterns should be clear in the logs, but be aware that # megabytes gives a reasonable level of control because you can set to log rather than lock out. I think the risk of locking legitimate users is low. Although people can

Re: [CODE4LIB] Balancing security and privacy with EZproxy

On 11/20/14 1:06 PM, Kyle Banerjee wrote: BTW, you can do some funky things with EZP that include conditional logic Can you say more about funky things you can do with EZProxy involving conditional logic? Cause I've often wanted that but haven't found any! Are you talking about a particular

Re: [CODE4LIB] Balancing security and privacy with EZproxy

I can't remember the details because I haven't worked with EZP for years and unfortunately, this stuff isn't documented. Where I used it was in the user.txt file when authenticating. Things you can do include setting/modifying session, regular EZP, and arbitrary variables, as well as doing

Re: [CODE4LIB] Balancing security and privacy with EZproxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here's some of the relevant documentation of the user.txt expressions Kyle mentioned. It is possible to set session variables and get them to be logged - we're doing this with certain Shibboleth attributes for business analysis. I have not had luck

Re: [CODE4LIB] Balancing security and privacy with EZproxy

On Nov 19, 2014, at 11:47 PM, Dan Scott wrote: On Wed, Nov 19, 2014 at 4:06 PM, Kyle Banerjee kyle.baner...@gmail.com wrote: There are a number of technical approaches that could be used to identify which accounts have been compromised. But it's easier to just make the problem go away by

Re: [CODE4LIB] Balancing security and privacy with EZproxy

Logging user ID's has a benefit if it's used properly (access tightly controlled to a select group) If campus ID's are being used by bots to harvest content, it means that you have users whose credentials are compromised. Whoever obtained this information also has access to e-mails, student

Re: [CODE4LIB] Balancing security and privacy with EZproxy

years. Josh Welker -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Joe Hourcle Sent: Thursday, November 20, 2014 2:15 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Balancing security and privacy with EZproxy On Nov 19, 2014, at 11:47

Re: [CODE4LIB] Balancing security and privacy with EZproxy

Welker -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Kyle Banerjee Sent: Thursday, November 20, 2014 12:07 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Balancing security and privacy with EZproxy Personally, I'd be tempted to go the IP

Re: [CODE4LIB] Balancing security and privacy with EZproxy

@LISTSERV.ND.EDU] On Behalf Of Michael Berkowski Sent: Thursday, November 20, 2014 1:02 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Balancing security and privacy with EZproxy -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here's some of the relevant documentation of the user.txt expressions

Re: [CODE4LIB] Balancing security and privacy with EZproxy

are shared between many systems. Josh Welker -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Kyle Banerjee Sent: Thursday, November 20, 2014 12:07 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Balancing security and privacy

[CODE4LIB] Balancing security and privacy with EZproxy

Balancing security and privacy with EZproxy In recent months, we have been contacted several times by one of our vendors about our databases being accessed by rogue Chinese IP addresses. With the massive proliferation of online security breaches and password dumps, attackers are gaining access

Re: [CODE4LIB] Balancing security and privacy with EZproxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Do you make use of the audit logs? They will log a username along with a session id enabling you to identify evil sessions by user, but importantly, the audit logs are purged away at a specified interval. I think it defaults to 7 days, but you could

Re: [CODE4LIB] Balancing security and privacy with EZProxy

Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Joshua Welker Sent: Wednesday, November 19, 2014 3:53 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: [CODE4LIB] Balancing security and privacy with EZproxy Balancing security and privacy with EZproxy In recent months

Re: [CODE4LIB] Balancing security and privacy with EZproxy

There are a number of technical approaches that could be used to identify which accounts have been compromised. But it's easier to just make the problem go away by setting usage limits so EZP locks the account out after it downloads too much. Alternatively, just block the Chinese IP's unless you

Re: [CODE4LIB] Balancing security and privacy with EZproxy

: 2014年11月19日 14:53 To: CODE4LIB@LISTSERV.ND.EDU Subject: [CODE4LIB] Balancing security and privacy with EZproxy Balancing security and privacy with EZproxy In recent months, we have been contacted several times by one of our vendors about our databases being accessed by rogue Chinese IP addresses

Re: [CODE4LIB] Balancing security and privacy with EZproxy

On Wed, Nov 19, 2014 at 4:06 PM, Kyle Banerjee kyle.baner...@gmail.com wrote: There are a number of technical approaches that could be used to identify which accounts have been compromised. But it's easier to just make the problem go away by setting usage limits so EZP locks the account out