View
282
Download
6
Embed Size (px)
Citation preview
Kara MullenClayton State [email protected] 7,000 studentsWorking with EZproxy for 3 years
Who we are
Kat GreerGeorgia Gwinnett [email protected]@libtechkatServe 11,000 studentsWorking with EZproxy for 1.5 years
Christina YauGeorgia Perimeter [email protected] 21,000 studentsWorking with EZproxy for 9 years
Melissa RobertsWesleyan [email protected] Serve 1,000 studentsWorking with EZproxy for 1 year
EZproxy Adventures: No Passport Required is licensed under a Creative Commons Attribution-Noncommercial-ShareAlike 3.0 United States License.
Melissa: OCLC Hosted OverviewOCLC Hosted EZproxy includes:• An EZproxy server and IP address dedicated to your institution
• All server maintenance, security checks, and 24/7/365 monitoring
• All EZproxy enhancements, upgrades and bug fixes (automatically received)
• Security certificate for your institution
Kara: Proxy by Port Limitations•Local Firewall Configuration•Users will receive page not found errors
•Remote Firewall Issues•Users multitasking at work are usually blocked
•Port Usage•One port required for each remote web server
Kara: Maintenance• Logs• Audit = basic monitoring, resolving security issues• EZproxy = usage, resolve potential security threats•Message.txt = troubleshooting problems, verifying system
details• SPU (starting point URL) = how often users are accessing
certain resources
Kat: Upgrade to v6.0.8http://www.oclc.org/support/services/ezproxy/release-notes.en.html
•Annual subscription model & WSKey•New server & authentication•v6.0 features• support for IPv6 addresses
•v.6.0.8 bug fixes•v6.1 is out
Christina: EZproxy Advanced FeaturesLDAP Authentication Config(https://www.oclc.org/support/services/ezproxy/documentation/usr/ldap.en.html)
• LDAP info from campus IT• Attribute / Class metadata info depends on IT organization
structure / mapping for LDAP• Enhanced security • user.txt use obscure password
Christina: Security Concern FeaturesOCLC documentation "Securing Your EZproxy Server" (http://www.oclc.org/support/services/ezproxy/documentation/example/securing.en.html)• Encryption: Option ForceHTTPSLogin• Monitoring Security• Audit Most: enable access to use details on admin page • IntruderAttempts: identify and automatically suspend / block users with repeatedly failed
attempts • Option LogUser: record username in log, for trobleshooting and needed for UsageLimit
monitoring • UsageLimit
• resource(s) specific: a position-dependent config.txt directive• for complying content provider requests, minimize the potential for the illicit download of
large amounts of content, and limit reductions in access speed.
Christina: Advanced Features• Group Membership
• To limit resource access to specific groups of users / with specific attribute value • Group assign in user.txt, specify resources for the group in config.txt• Group assignment depends on LDAP class / temp username (IfTest condition, can use wildcard)
• Temporary User Accounts • For vendor testing• For users outside LDAP• Can specify valid period (IfBefore, IfAfter)
• More conditions (http://www.oclc.org/support/services/ezproxy/documentation/usr/common.en.html) • IfCountry• IfUser
• non LDAP format -- e.g. ::User=*2014, Group=+hs
Image Attributions• https://pixabay.com/en/map-of-the-world-compass-antique-429784/• https://pixabay.com/en/animal-owl-eagle-owl-wisdom-483860• https://pixabay.com/en/road-sign-attention-right-of-way-63983/