Presentation is loading. Please wait.

Presentation is loading. Please wait.

MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource.

Published byJulie McLaughlin Modified over 9 years ago

Similar presentations

Presentation on theme: "MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource."— Presentation transcript:

1 MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource Center Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource Center U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center

2 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Problem Overview “On the Internet, Nobody Knows You’re a Dog” A cartoon by Paul Steiner, which appeared in The New Yorker, July 5 th, 1993 “On the Internet, Nobody Knows You’re a Dog” A cartoon by Paul Steiner, which appeared in The New Yorker, July 5 th, 1993

3 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Who We Are? Uniformed Services University of the Health Sciences (USUHS) Medical education and research facility for the nation’s military and public health community Located in Bethesda, Maryland Uniformed Services University of the Health Sciences (USUHS) Medical education and research facility for the nation’s military and public health community Located in Bethesda, Maryland

4 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Electronic Resources (ER) Portal to over 9,000 electronic resources Services over 7,500 global users: Current students and staff Alumni Affiliate institutions Portal to over 9,000 electronic resources Services over 7,500 global users: Current students and staff Alumni Affiliate institutions

5 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 ER - Main Display

6 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Why Worry About Access? Most of our resource offerings are limited by license agreements We need to have accurate usage statistics so that we supply resources for our legitimate users Affiliate institutions pay us per user We have a large, mobile, diverse, and dispersed user population Most of our resource offerings are limited by license agreements We need to have accurate usage statistics so that we supply resources for our legitimate users Affiliate institutions pay us per user We have a large, mobile, diverse, and dispersed user population

7 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 First Step - Record Access Information ACTION: Each user signon date and time is saved with patron record ACTION: Each user signon date and time is saved with patron record RESULT: Inactive users can be purged from the active user database RESULT: Inactive users can be purged from the active user database ACTION: Each user access of an electronic resource is logged, including browser’s IP address ACTION: Each user access of an electronic resource is logged, including browser’s IP address RESULT: Have basis for more detailed checking RESULT: Have basis for more detailed checking

8 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Google Analytics - Next Step Free service gathers various usage information about web sites Simple to configure Free service gathers various usage information about web sites Simple to configure

9 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Google Analytics - Dashboard

10 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Google Anayltics - Network Detail

11 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 What’s Missing? We have user’s access information We have locations that accessed our resources Need to match: LOCATION <> USER We have user’s access information We have locations that accessed our resources Need to match: LOCATION <> USER

12 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Matching IP to Location - What Doesn’t Work (Well) Internet’s Domain Name System (DNS) Distributed database of name servers Resolve names to locations http://network-tools.com/ information via browserhttp://network-tools.com/ Nslookup,whois client, etc. are real- time (ie, too slow) Need something static and fast Internet’s Domain Name System (DNS) Distributed database of name servers Resolve names to locations http://network-tools.com/ information via browserhttp://network-tools.com/ Nslookup,whois client, etc. are real- time (ie, too slow) Need something static and fast

13 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 GeoLite City - The Missing Link Open Source (free) database of geographic information Maps IP to City/Country, world- wide Self-contained database Simple API available for most programming languages Open Source (free) database of geographic information Maps IP to City/Country, world- wide Self-contained database Simple API available for most programming languages

14 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Putting It All Together Wrote PHP script to query MySQL access logs and call GeoCity API to get user locations Find each patron access within a timeframe and list where and when they accessed our resources Wrote PHP script to query MySQL access logs and call GeoCity API to get user locations Find each patron access within a timeframe and list where and when they accessed our resources

15 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Suspicious Activity Odd Locations Siberia?; Philippines? “Excessive” Usage Access 24x7; lots of access in short timeframes; consistent high access Impossible Geographic/Timeframe Usage Different cities/countries/continents in same day/hour Odd Locations Siberia?; Philippines? “Excessive” Usage Access 24x7; lots of access in short timeframes; consistent high access Impossible Geographic/Timeframe Usage Different cities/countries/continents in same day/hour

16 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Example - Odd Location Found our Siberian user:

17 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Example - “Excessive” Usage This is one user for one day:

18 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Example - Impossible Geography Two Users - Two Stories: Legitimate Problematic Two Users - Two Stories: Legitimate Problematic

19 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Findings Site/Organization utilizes proxies Account info left in browser Explicit sharing of account Account compromised Site/Organization utilizes proxies Account info left in browser Explicit sharing of account Account compromised

20 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Access Results 2007 2008 ---------------- Apr30,52638,666 --- take user access actions --- 2007 2008 ---------------- Apr30,52638,666 --- take user access actions --- May28,46932,003 June29,43925,656 July31,74730,935

21 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Follow-Up ”Doveryai, No Proveryai” (Trust, but Verify) Re-run script periodically to check compliance ”Doveryai, No Proveryai” (Trust, but Verify) Re-run script periodically to check compliance

22 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Resources Google Analytics http://www.google.com/analytics/ GeoLite City http://www.maxmind.com/app/geoliteci ty This Presentation http://www.lrc.usuhs.mil/brown/MAC- MLA2008_Spitzer.pps My Contact Information Stephan.Spitzer.ctr@lrcm.usuhs.mil Google Analytics http://www.google.com/analytics/ GeoLite City http://www.maxmind.com/app/geoliteci ty This Presentation http://www.lrc.usuhs.mil/brown/MAC- MLA2008_Spitzer.pps My Contact Information Stephan.Spitzer.ctr@lrcm.usuhs.mil

23 U NIFORMED S ERVICES U NIVERSITY of the Health Sciences James A. Zimble Learning Resource Center MAC-MLA 2008 Questions?

Download ppt "MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource."

Similar presentations

WordPress Installation for Beginners Sheila Bergman

WordPress Installation for Beginners Sheila Bergman
Cancer Research UK Library The e-journals experience April 28 th 2010.

Cancer Research UK Library The e-journals experience April 28 th 2010.
10 Top Tips for Getting the Most out of HINARI

10 Top Tips for Getting the Most out of HINARI
XProtect ® Professional Efficient solutions for mid-sized installations.

XProtect ® Professional Efficient solutions for mid-sized installations.
Web Hosting Lan Vu. How does a Website work ? Web development concepts Web Design Web Hosting Domain Name.

Web Hosting Lan Vu. How does a Website work ? Web development concepts Web Design Web Hosting Domain Name.
XProtect ® Express Integration made easy. With support for up to 48 cameras, XProtect Express is easy and affordable IP video surveillance software with.

XProtect ® Express Integration made easy. With support for up to 48 cameras, XProtect Express is easy and affordable IP video surveillance software with.
Adjusting the Focus: Updating a Web Portal Using CSS, JavaScript, and AJAX Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble.

Adjusting the Focus: Updating a Web Portal Using CSS, JavaScript, and AJAX Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble.
July 2007 Health-e Web Entry. © ENS Inc, an INGENIX company. 2 Introduction  Before your installation appointment, complete the following: (Call your.

July 2007 Health-e Web Entry. © ENS Inc, an INGENIX company. 2 Introduction  Before your installation appointment, complete the following: (Call your.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Click a NOTUS Suite- product for a short description NOTUS REGIONAL NOTUS Regional helps regions perform the tasks related to the reimbursement of providers.

Click a NOTUS Suite- product for a short description NOTUS REGIONAL NOTUS Regional helps regions perform the tasks related to the reimbursement of providers.
Supervisor: Amichai Shulman Students: Vitaly Timofeev Eyal Shemesh.

Supervisor: Amichai Shulman Students: Vitaly Timofeev Eyal Shemesh.
Technology on the NGS Pete Oliver NGS Operations Manager.

Technology on the NGS Pete Oliver NGS Operations Manager.
ADMINISTRATION Sources of Information REVISION – BLOCK 6.

ADMINISTRATION Sources of Information REVISION – BLOCK 6.
1 The World Wide Web Architectural Overview Static Web Documents Dynamic Web Documents HTTP – The HyperText Transfer Protocol Performance Enhancements.

1 The World Wide Web Architectural Overview Static Web Documents Dynamic Web Documents HTTP – The HyperText Transfer Protocol Performance Enhancements.
Privacy – what do they know about you? This work is licensed under a Creative Commons Attribution-Noncommercial- Share Alike 3.0 License. Skills: none.

Privacy – what do they know about you? This work is licensed under a Creative Commons Attribution-Noncommercial- Share Alike 3.0 License. Skills: none.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
NEW PRODUCT INTRODUCTION: SalesLink TOUCH April 2015.

NEW PRODUCT INTRODUCTION: SalesLink TOUCH April 2015.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.

Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.
UNDERSTANDING WEB AND WEB PROJECT PLANNING AND DESIGNING AND EFFECTIVE WEBSITE Garni Dadaian.

UNDERSTANDING WEB AND WEB PROJECT PLANNING AND DESIGNING AND EFFECTIVE WEBSITE Garni Dadaian.

Similar presentations

Ads by Google