We do log userids with ezproxy. However we collect logs as monthly files. When we process them for patron statistical categories, we then delete the original log file. So what log files we have older than one month are anonymized.
Systems Specialist Librarian [log in to unmask]
David and Lorraine Cheng Library Tel: +1 973 720-3192
William Paterson University Fax: +1 973 720-2585
300 Pompton Road Mobile: +1 201 424-4491
Wayne, NJ 07470-2103 USA http://nova.wpunj.edu/schwartzr2/
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Joshua Welker
Sent: Wednesday, November 19, 2014 3:53 PM
To: [log in to unmask]
Subject: [CODE4LIB] Balancing security and privacy with EZproxy
Balancing security and privacy with EZproxy
In recent months, we have been contacted several times by one of our vendors about our databases being accessed by rogue Chinese IP addresses.
With the massive proliferation of online security breaches and password dumps, attackers are gaining access to student accounts and using them to access subscription resources through EZproxy. The vendor catches this happening and alerts us sometimes, but probably more often than not we have no idea. When we do find out, we force the students to change their passwords.
We currently log IP addresses in EZproxy and can see when one of these rogue IP addresses is accessing a resource. However, we do not log user IDs in EZproxy, so we can’t tell which student account was compromised. Logging the user IDs would be a quick fix, but it has major privacy implications for our patrons, as we would have a record of every document they access.
Have any other institutions encountered this problem? Are any best practices established for how to deal with these security breaches?
I apologize for cross-posting.
Information Technology Librarian
James C. Kirkpatrick Library
University of Central Missouri
Warrensburg, MO 64093