11
edits
Changes
no edit summary
The recently released Learning Tool Interoperability (LTI) protocol, developed by IMS, now greatly simplifies this process by allowing libraries (and others) to develop and maintain “tools” that function like a native plugin or building block within the LMS, but ultimately live outside of it. In this presentation, David will provide an overview of Basic LTI, a simplified subset (or profile) of the wider LTI protocol, showing how libraries can use this to easily integrate their external systems into any major LMS. He’ll showcase the work Cal State has done to do just that.
== Turn your Library Proxy Server into a Honeypot ==
* Calvin Mah, Simon Fraser University, calvinm@sfu.ca (@calvinmah)
Ezproxy has provided libraries with a useful tool for providing patrons with offsite online access to licensed electronic resources. This has not gone unnoticed for the unscrupulous users of the Internet who are either unwilling or unable to obtain legitimate access to these materials for themselves. Instead, they buy or share hacked university computing accounts for unauthorized access. When undetected, abuse of compromised university accounts can lead to abuse of vendor resources which lead to the blocking of the entire campus block of IP addresses from accessing that resource.
Simon Fraser University Library has been pro actively detecting and thwarting unauthorized attempts through log analysis. Since SFU has begun analysing our ezproxy logs, the number of new SFU login credentials which are posted and shared in publicly accessible forums has been reduced to zero. Since our log monitoring began in 2008, the annual average number of SFU login credentials that are compromised or hacked is 140. Instead of being a single point of weakness in campus IT security, the library’s proxy server is a honeypot exposing weak passwords, keystroke logging trojans installed on patron PCs and campus network password sniffers.
This talk will discuss techniques such as geomapping login attempts, strategies such as seeding phishing attempts and tools such as statistical log analysis used in detecting compromised login credentials.
[[Category: Code4Lib2012]]