Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Library IT A View From The Ground

Published byEugenia Franklin Modified over 6 years ago

Similar presentations

Presentation on theme: "Securing Library IT A View From The Ground"— Presentation transcript:

1 Securing Library IT A View From The Ground
Marc Comeau Director, Library IT

2 The Dalhousie Libraries
5 physical libraries Serving over students Primary mission is to support learning and research We do that through our services and resources

3 Library Information Technology Services
Provide IT services to all libraries From desktop to server infrastructure Some behind the scenes, some front facing Distinct from central IT group (ITS) Strong collaborations

4 Our Mission Our mission is three-fold:
To support teaching and learning through innovative services, physical and virtual spaces and the dissemination of knowledge in all forms. To actively partner in the research endeavour through collaboration, dissemination and management of information resources and the preservation of Dalhousie’s scholarly output. To provide inclusive and inviting spaces to enable our diverse communities to thrive intellectually. 90% of our security problems exist because of our mission of “dissemination and management of information resources“ – Make slide transitions so that it goes from the Library mission to bold this chunk and pull it out.

5 “dissemination and management of information resources”
Our Mission “dissemination and management of information resources” 90% of our security problems exist because of our mission of “dissemination and management of information resources“ – Make slide transitions so that it goes from the Library mission to bold this chunk and pull it out.

6 Our Challenge “Information Wants To Be Free. Information also wants to be expensive. …That tension will not go away.” – Stewart Brand Brand, S. (1987). The Media Lab : Inventing the future at MIT. New York: Viking.

7 Our Challenge Conflicting values between libraries and vendors
We want to provide access for all They must limit access to create scarcity Despite differing goals, we work together

8 Our Challenge Goal is access wherever, whenever by users covered under license Access starts either in our Learning Commons or personal devices via our proxy server Easy with our open access resources Vendor provided resources are more complicated

9 Learning Commons Challenges
Open workstations for public Secure multi-user desktops for students Leverage Ghost and Deep Freeze A lot of work goes into providing a secure environment Mistakes are rare but…

10 Digital Security

11 Physical Security

12 Server Side Security Housed in Killam server room
Covers the physical and some digital Proxy server is different A launching point to our resources from off-campus

13 The Old Threats Distributed Denial of Service Brute force attempts
Spam code injection Single end-user breach Viagra ad injection for *66.* where it should have been 66.* Only seen in Computer Science, but only on some of them.

14 Vendor Response Different responses from different vendors
From passive to aggressive We get a brief window between first notice and action taken Can result in patrons losing access to resources Communications can be a challenge

15 Library Response We take information that vendors send us and analyze logs Often have to go back to ask for more information Normally can respond quickly when provided with details Sometimes push back since usage is normal to our eye

16 Emergence Of Sci-Hub Essentially The Pirate Bay for academic research
Leverages automation and scale Uses accounts from schools all over “donated” credentials vs phishing

17 Evolution Of Threat Change in footprint No longer a mass harvest
More scattered

18 Playing Catch-Up At first, we struggled to identify patterns
Challenging communications with vendors Experience improved both But vendors have incomplete information at their end

19 Working With Vendors With one vendor using some technical strategies
Provides us with better information We use that to then trace the breach Less content blocked by vendors Shorter time where an account is breached

20 Further Evolution Breaches moved to leverage VPN
Bypasses the proxy server Direct to vendor Bypasses libraries logs

21 Problem! We don’t have logs VPN logs were not frequently used
Little automation, labour intensive We had a good partner

22 Leveraging Partners Central IT had just completed a tool to help them draw from log files safely and quickly Small modifications to allow us as a trusted partner to run queries Worked just as efficiently as if the data was in our own log files

23 Impact Our patrons can lose access to content
The genie is out of the bottle If Sci-Hub goes down, there will likely be another No expectation that the threat will abate Work to contain the problem

24 Containment Breached account must have password reset
Locks user out of all services Libraries have become the front line for phishing

25 Looking Forward Automated, predictive or other aggressive methods create false positives That creates service problems Expect that threats will continue to evolve, leveraging new exploits

26 Back To The Tension Libraries also want information to be free
Using a very different approach Open Access Slower, more difficult strategy, but operates within copyright law

27 Looking Forward Information tension will continue
That tension means we will continue to be a target Phishing is the root of the problem Education helps but is an incomplete solution

28 Questions?

Download ppt "Securing Library IT A View From The Ground"

Similar presentations

Research Councils ICT Conference Welcome Malcolm Atkinson Director www.nesc.ac.uk 17 th May 2004.

Research Councils ICT Conference Welcome Malcolm Atkinson Director 17 th May 2004.
The Future of Scholarship in the Digital Age: The Role of Institutional Repositories Ann J. Wolpert Director of Libraries Massachusetts Institute of Technology.

The Future of Scholarship in the Digital Age: The Role of Institutional Repositories Ann J. Wolpert Director of Libraries Massachusetts Institute of Technology.
The Fiesole Collection Development Retreat Series, Number 7 Professor Neil McLean Saturday 30 April, 2005.

The Fiesole Collection Development Retreat Series, Number 7 Professor Neil McLean Saturday 30 April, 2005.
Tom Lewis Director, Academic & Collaborative Applications University of Washington.

Tom Lewis Director, Academic & Collaborative Applications University of Washington.
Can public libraries & their users benefit & profit from Europeana ?

Can public libraries & their users benefit & profit from Europeana ?
TRLN Research Hubs Seminar: NCSU Libraries Steve Morris Interim Associate Director for the Digital Library November 4, 2014.

TRLN Research Hubs Seminar: NCSU Libraries Steve Morris Interim Associate Director for the Digital Library November 4, 2014.
11© 2011 Hitachi Data Systems. All rights reserved. HITACHI DATA DISCOVERY FOR MICROSOFT® SHAREPOINT ® SOLUTION SCALING YOUR SHAREPOINT ENVIRONMENT PRESENTER.

11© 2011 Hitachi Data Systems. All rights reserved. HITACHI DATA DISCOVERY FOR MICROSOFT® SHAREPOINT ® SOLUTION SCALING YOUR SHAREPOINT ENVIRONMENT PRESENTER.
@MAKERERE DSpace Development At Makerere University An overview of the Uganda Science Digital Library (USDL) Pilot Project A paper presented at the DSpace.

@MAKERERE DSpace Development At Makerere University An overview of the Uganda Science Digital Library (USDL) Pilot Project A paper presented at the DSpace.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Level 2 IT Users Qualification – Unit 1 Improving Productivity Name.

Level 2 IT Users Qualification – Unit 1 Improving Productivity Name.
Elizabeth Newbold and Samantha Tillett GL8 New Orleans, December 2006

Elizabeth Newbold and Samantha Tillett GL8 New Orleans, December 2006
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.

Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Network Security in a Business Setting By: Brian Haumschild.

Network Security in a Business Setting By: Brian Haumschild.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
Embedded and visible: balancing the university library in the digital age Jo Norry Director of Libraries and Learning Innovation Leeds Beckett University.

Embedded and visible: balancing the university library in the digital age Jo Norry Director of Libraries and Learning Innovation Leeds Beckett University.
Networks and Hackers Copyright © Texas Education Agency, 2013. All rights reserved. 1.

Networks and Hackers Copyright © Texas Education Agency, All rights reserved. 1.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Similar presentations

Ads by Google