Open Proxy Servers Kevin Guthrie ALA, January 2003.

Slides:

Advertisements

Similar presentations

Access Problems and Solutions for Full-text Articles Via OARE, the Journal of Forest Research has been opened.

Advertisements

HINARI – Accessing Articles: Problems and Solutions.

HINARI – Access Problems and Solutions. Full-text Article Access Problems Using the Journals by title A-Z list, we are attempting to access a full-text.

The results for this search are displayed in the Summary format with a total of 3808 citations.

E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.

Enabling Secure Internet Access with ISA Server

OhioNET EZProxy Service

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

HINARI Portal (Basic Course: Module 3). Table of Contents  Background  Finding the HINARI website  Logging in to the HINARI website  Finding journals.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

PubMed Search Options (Basic Course: Module 6). Table of Contents  History  Advanced Search  Accessing full text articles from HINARI/PubMed  Failure.

TUTORIAL NO. 24 Create Alerts and files in EBSCO.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

MSF Testing Introduction Functional Testing Performance Testing.

1 Enabling Secure Internet Access with ISA Server.

PubMed/History; Accessing Full-Text Articles (module 4.4)

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

Using JSTOR November What is JSTOR?JSTOR 2.JSTOR demonstration −Searching JSTOR −Format of the journal content −Using a MyJSTOR account to organize.

Internet Filtering with DansGuardian By Daniel Zobel Director of Technology Heyworth CUSD#4.

Technology Coordinators Training. Confidential Copyright © 2007 Pearson Education, Inc. and/or one or more of its direct or indirect affiliates. All rights.

Getting started on informaworld™ How do I register my institution with informaworld™? How is my institution’s online access activated? What do I do if.

Full electronic participation in society Issues: Lack of technology for everyone Not allowing/accounting for accommodations that students need Properly.

5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.

HINARI Basic Course Module 3 Appendix HINARI – Accessing Articles: Problems and Solutions HINARI – Printing, Copying, Saving and ing Articles: Problems.

Company profile John Wiley & Sons Founded 1807 Wiley-VCH Acquisition 1995 International publisher of scientific and professional.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

PubMed/History, Advanced Search and Review (module 4.3)

Office of Campus Information Security Incident Response Briefing Jeffrey Savoy, CISSP.

Sustainability: Web Site Statistics Marieke Napier UKOLN University of Bath Bath, BA2 7AY UKOLN is supported by: URL

Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.

Accessing journals by via PubMed Note the link to find articles through HINARI/PubMed. Using this option will be covered in later in the Short Course.

JSTOR Open Proxy Session ALA Midwinter January 26, 2003.

We now will use Advanced Search Builder option. Access to Advanced is from the initial PubMed page or the Search Results page. Advanced Search.

Review of last Session Learning Objectives 1. Create an on-line account with weebly.com along with a blank website 2. What a domain names are & how to.

HINARI – Accessing Articles: Problems and Solutions (Appendix 1)

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

Journals can be accessed by title from an alphabetical list. For this exercise, click on ‘L’ from the A-Z list. Note: there also is a View complete list.

HINARI Basic Course Module 3 Appendix HINARI – Accessing Articles: Problems and Solutions HINARI – Printing, Copying, Saving and ing Articles: Problems.

Full-text Article Access Problems Using the ‘Journals by title A-Z’ list, we are attempting to access a full-text article from the Blood. Although HINARI.

From the Free Collections drop down menu, you can access other free e-journal gateways and be able to obtain full-text articles. We will examine one of.

Role Of Network IDS in Network Perimeter Defense.

We now will sample several of the resources from the Other Free Collections drop down menu.

Certificate-based Authentication to JSTOR Spencer W. Thomas Dec 1, 2001.

Using Content Presented by Karen Andrews Physical Sciences & Engineering Librarian, U.C. Davis Tuesday, September 13, :30-9:30 ASIDIC Fall 2005 Meeting.

PROXY SERVER Kalyani Ravi. A proxy server is essentially an electronic gatekeeper, residing between an organization's internal network and the Internet,

Collecting Copyright Transfers and Disclosures via Editorial Manager™ -- Editorial Office Guide 2015.

USER GUIDE TO BOOKS AT JSTOR November WHAT IS BOOKS AT JSTOR? Books at JSTOR is a program that offers ebooks from leading scholarly publishers,

Page PearsonAccess™ Technology Training Online Test Configuration.

Once logged-in, you will be taken into the Full text journals, databases, and other resources sub-page of the website. Note the ‘You are logged’ in message.

Accessing journals by title 1 Journals can be accessed by title from an alphabetical list. For this exercise, click on ‘L’ from the A-Z list. Note: there.

Access Problems and Solutions for Full-text Articles or E-books

Module 3: Enabling Access to Internet Resources

Enabling Secure Internet Access with TMG

User guide to books at jstor

The Move to Hosted Ezproxy Experienced by Texas Tech University

Using JSTOR November 2013.

Access Problems and Solutions for Full-text Articles or E-books

HINARI – Accessing Articles: Problems and Solutions (Appendix 1)

Configuring Internet-related services

Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.

Open Proxy Servers Kevin Guthrie ALA, January 2003

HINARI – Access Problems and Solutions

HINARI – Accessing Articles: Problems and Solutions

Designing IIS Security (IIS – Internet Information Service)

Hinari Basic Course Module 3 Appendix 1

The Internet and Electronic mail

How Enterprise Agents can be installed remotely on protected objects

Presentation transcript:

Open Proxy Servers Kevin Guthrie ALA, January 2003

JSTOR – January Outline Background: what are “open proxies”? What’s the exposure? What happened? How was it done? Not an isolated case What to do

JSTOR – January What has been taken: 51,392 Articles from 11 Titles # of articlesPct. of Run Sociology Journal 1 4,99795% Sociology Journal 2 11,34087% Economics Journal 3 5,51477% Sociology Journal % Economics Journal % Sociology Journal 5 14,53765% Economics Journal 3 3,61955% Statistics Journal 1 6,55544% Economics Journal % Sociology Journal 6 3,72823% Economics Journal 4 231<1%

JSTOR – January Proxy Servers A proxy server is a web server that acts as an intermediary or relay station between a workstation user and the Internet.

proxy.inst.edu IP: User IP:

JSTOR – January Proxy Servers Common Reasons for Their Use Caching Remote access Usage tracking Controlled access Approved filtering

JSTOR – January What is an “open” proxy server? There is a configuration process to specify who is authorized to access the server. It is similar to the configuration process for any web server When a proxy server is not set up with the appropriate access controls, anyone can access that machine and “assume its identity”

JSTOR – January “Open” Proxy Servers: How and Why are they Created Some are organizational or departmental proxy servers incorrectly configured. Some are set up intentionally to provide access to restricted resources (probably for convenience). We believe many are set up accidentally as an unknown by-product of setting up a web server.

What’s the Exposure?

Search For Lists of Open Proxy Servers

Find Lists of Open Proxy Servers

Lists of Open Proxy Servers by Domain Type

A List of Open.edu Proxies [The server hostnames have been edited to protect the institutions with open proxy servers listed on this page.]

What Happened and How it was Discovered

JSTOR – January JSTOR Monitors Use We have triggers to alert us to unusual levels of usage activity We investigate when usage seems unusual

JSTOR – January The Abuse What Happened August 22 nd to the 27 th articles are downloaded from Proxy #1. August 27 th we deny this IP access to JSTOR August 26 th to September 4 th articles are downloaded from Proxy #2 at a different participating site. September 4 th we deny the IP address of this second proxy.

JSTOR – January The Abuse What Happened It appeared the two abuse situations were related: 1.There was an overlap in journals downloaded, but not an overlap in articles downloaded. 2.Analysis of our log files showed that the URLs being downloaded via Proxy #2 were created through use at Proxy #1.

JSTOR – January The Abuse The Pattern Continues Between August 27 th and October 31 st downloads occurred from: –27 open proxy servers at –16 different sites As JSTOR staff denied each proxy server, the abuse moved on. ~51,000 articles downloaded from 11 journals

How Is It Done?

JSTOR – January Automate The Process Download lists of open proxies Automate a process to probe each to see if there is access to restricted resources Identify a set of open proxy servers with such access and set them aside Automate a process to download content From the “confirmed” list – commence downloading.

JSTOR – January Not an Isolated Case We have found web pages providing explicit instructions for others to help them exploit open proxies in order to download content.

Not an Isolated Case

JSTOR – January Not an Isolated Case - Translations –“The Bible for Downloading Journal Articles” –“To be blunt about it, you find an overseas proxy. The institution that the proxy server belongs to has spent money to buy the electronic edition of some journal, and then you use this proxy, (so) of course you can download the entire text of that journal!” –“I cannot deny that some servers can download complete texts from many journals, but please, everyone, let’s not grab onto the ones which are easy to use and use them madly. The result of doing so will be to hasten the death of that server! So when you are using them, it’s best to do so equitably!”

Not an Isolated Case

Questions & Discussion

JSTOR – January What to do? Shibboleth DLF Certificates Education Drive all campus access through a set of properly authenticated proxy servers