There are a number of technical approaches that could be used to identify
which accounts have been compromised.
But it's easier to just make the problem go away by setting usage limits so
EZP locks the account out after it downloads too much. Alternatively, just
block the Chinese IP's unless you have students/faculty accessing resources
from there.
kyle
On Wed, Nov 19, 2014 at 12:52 PM, Joshua Welker <[log in to unmask]> wrote:
> Balancing security and privacy with EZproxy
>
> In recent months, we have been contacted several times by one of our
> vendors about our databases being accessed by rogue Chinese IP addresses.
> With the massive proliferation of online security breaches and password
> dumps, attackers are gaining access to student accounts and using them to
> access subscription resources through EZproxy. The vendor catches this
> happening and alerts us sometimes, but probably more often than not we have
> no idea. When we do find out, we force the students to change their
> passwords.
>
> We currently log IP addresses in EZproxy and can see when one of these
> rogue IP addresses is accessing a resource. However, we do not log user IDs
> in EZproxy, so we can’t tell which student account was compromised. Logging
> the user IDs would be a quick fix, but it has major privacy implications
> for our patrons, as we would have a record of every document they access.
> Have any other institutions encountered this problem? Are any best
> practices established for how to deal with these security breaches?
>
> I apologize for cross-posting.
>
> Josh Welker
> Information Technology Librarian
> James C. Kirkpatrick Library
> University of Central Missouri
> Warrensburg, MO 64093
> JCKL 2260
> 660.543.8022
>
|