headers
Bob Pearson | 1 Apr 2007 11:41
Picon
Picon
Favicon

RE: Berkeley Electronic Press Journals

With help from Chris and some experimenting, it looks like Rebecca has
it right, ie, the D line must be D, not DJ.

Bob

-----Original Message-----
From: Rebecca Bauerschmidt [mailto:rebs <at> unm.edu] 
Sent: Friday, 30 March 2007 5:04 a.m.
To: EZProxy discussion list
Subject: Re: [ezproxy] Berkeley Electronic Press Journals

Our config for BEPRESS is:

T Berkeley Electronic Press (BEPRESS) Journals
U http://www.bepress.com/
D bepress.com

We only license 2 journals from them but I was able to conduct a search 
within the journal and the proxy held and produced results that were
also 
proxied.

rebs/Rebecca Bauerschmidt/rebs <at> unm.edu
University of New Mexico University Libraries
Electronic Resources and LIBROS Technical Support

--On Thursday, March 29, 2007 11:57 AM -0400 Mason Hall 
<mrhall <at> mailer.fsu.edu> wrote:

> Rehashing this one that didn't seem to get a response the first time
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew White | 2 Apr 2007 01:44
Picon
Picon
Favicon

ISI Web of Science : Analyze Results

We have had a report that the "Analyze Results" feature in ISI Web of Science is returning 
blank pages for an off-campus user, using the Opera browser.

Can anyone confirm that "Analyze Results" is working for them, using the recommended ISI 
configuration from the EZProxy web site?

The was a problem reported with this feature back in March 2006, with the last message 
from Chris Zagar being:

-----------------------------------------------
I am a bit confused about why the HJ lines are making a difference in all 
of this. For what it is worth, using # comments at the end of ezproxy.cfg 
lines is not supported, and can lead to unusual problems (they just happen 
to be ignored in this case, but it's not something to count on).

I'm following up off-list to try to find out exactly what is needed as the 
minimum version of the configuration to support this.

> Option DomainCookieOnly
> Title ISI Databases
> URL http://isiknowledge.com/
> DJ isiknowledge.com
> DJ isihighlycited.com
> HJ portal.isiknowledge.com #Added line
> HJ ra.isiknowledge.com #Added line
> HJ wos.isiknowledge.com #Added line
> HJ esti.isiknowledge.com #Added line
> HJ gateway.isiknowledge.com #Added line
> Find value="http://
> Replace value="http://^A
(Continue reading)

Permalink | Reply | 0 comments |
headers
Neil Renison | 2 Apr 2007 02:32
Picon
Picon
Favicon

Re: ISI Web of Science : Analyze Results

Hello Andrew,

Works OK for us on at least some browsers. I don't have Opera.

Only significant difference in our configuration is that we have HJ 
lines after the Find and Replace instructions.

Neil

Option DomainCookieOnly
T Current Contents Connect and ISI Databases
URL http://isiknowledge.com/
DJ isiknowledge.com
DJ isihighlycited.com
Find value="http://
Replace value="http://^A
Find VALUE="http://
Replace VALUE="http://^A
Find rurl=http://
Replace rurl=http://^A
Find product_st_thomas=http://
Replace product_st_thomas=http://^A
Find return_url=http://
Replace return_url=http://^A
Find ST_URL=http://
Replace ST_URL=http://^A
HJ portal.isiknowledge.com
HJ admin.isiknowledge.com
HJ esi.isiknowledge.com
HJ isi10.isiknowledge.com
(Continue reading)

Permalink | Reply | 2 comments |
headers
Selden Deemer | 2 Apr 2007 17:44
Favicon

RE:Tricycle [was re: chronicle of higher ed problem]

"Rosenberger, Luke E" <luke.rosenberger <at> nhmccd.edu> writes:

 > Looking at the source code for that login page, it appears that
 > you might want to try:
 >
 > Find name="login_id" id="login_id" value="example: name <at> domain.com"
 > Replace name="login_id" id="login_id" value="someusername"
 > Find name="login_pwd"
 > Replace name="login_pwd" value="somepassword"
 >
 > This is, of course, going to change anytime they re-code their
 > login page, but that's kind of the nature of the beast.

Good tip -- I never though to look at the source. Unfortunately,
this didn't work either.

--

-- 
Selden Deemer, Library Systems Administrator
Emory University Libraries
Atlanta, Georgia
EMAIL:  libssd <at> emory.edu
PHONE:  404-727-0271
   FAX:  404-727-0827

---
You are currently subscribed to ezproxy as: gee-ezproxy <at> gmane.org.
To unsubscribe, send 'unsub ezproxy" command to listserv <at> ls.suny.edu
Permalink | Reply | 0 comments |
headers
David Lewis | 2 Apr 2007 20:46
Favicon

Remote Desktop

We have recently been advised that using remote desktop from on campus
behind the college firewall  to manage the  ezproxy configuration file
is a  "security risk"  even though it is behind the college firewall. 
As long as microsoft patches are up to date I don't see a significant
risk.  

No specifics about the risk were offered.  Can anyone comment on this? 
Thanks

David G. Lewis
Systems Librarian
Technical Services 
Electronic Information Resources
Tompkins-Cortland Community College
170 North St. P.O. Box 139
Dryden, N.Y. 13053-0139
voice   607-844-8211   x4387
fax       607-844-6540

---
You are currently subscribed to ezproxy as: gee-ezproxy <at> gmane.org.
To unsubscribe, send 'unsub ezproxy" command to listserv <at> ls.suny.edu
Permalink | Reply | 0 comments |
headers
Morgan, James J | 2 Apr 2007 20:53
Picon
Favicon

RE: Remote Desktop

I do it all the time, from both on and off campus, so if you do discover
any security risk, please post it to the list.  I'm unaware of any.
Jim Morgan

-----Original Message-----
From: David Lewis [mailto:lewisd <at> tc3.edu] 
Sent: Monday, April 02, 2007 2:47 PM
To: EZProxy discussion list
Subject: [ezproxy] Remote Desktop

We have recently been advised that using remote desktop from on campus
behind the college firewall  to manage the  ezproxy configuration file
is a  "security risk"  even though it is behind the college firewall. 
As long as microsoft patches are up to date I don't see a significant
risk.  

No specifics about the risk were offered.  Can anyone comment on this? 
Thanks

David G. Lewis
Systems Librarian
Technical Services 
Electronic Information Resources
Tompkins-Cortland Community College
170 North St. P.O. Box 139
Dryden, N.Y. 13053-0139
voice   607-844-8211   x4387
fax       607-844-6540

---
(Continue reading)

Permalink | Reply | 0 comments |
headers
Julien Savoie | 2 Apr 2007 21:13
Picon

Re: Remote Desktop

Morgan, James J wrote:
> I do it all the time, from both on and off campus, so if you do discover
> any security risk, please post it to the list.  I'm unaware of any.
> Jim Morgan
The security of microsoft's rdp protocol has been considered weak for 
many years now.

- Without some sort of tcpwrapping, or packet filtering restrictions 
you're effectively allowing connections from anywhere to connect and 
attempt authentication.  Without some sort of rate limiting or account 
locking protection in place this can be problematic. One of the many 
reasons why we require an ssh port forwarded connection in order to 
connect to rdp on our servers.

- The actual rdp service itself runs with very high privilege, because 
of it's need to authenticate and switch into the user session of the 
authenticated user.  This means any zero day remote in the ms-rdp 
service effectively gets remote administrator rights on the system.  
While Microsoft has done a lot of work to make injection of exploit code 
more difficult, it's still rather easy.

- The actual encryption / handshake being used isn't all that good.  
There's no way for the client to authenticate the server, ie with some 
sort of memorized host keys.  While the rdp service does support host 
based certificates, it's very rarely used.  Most people will happily 
connect to a rogue man in the middle RDP service and enter their user 
creds without a second thought.  This makes mitm a very real concern 
with rdp connections over networks you don't control.  In a university 
environment, you pretty much have to consider your local network hostile 
too.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Arthur Christy | 2 Apr 2007 21:18
Favicon

RE: Remote Desktop

I connect to over 100 computers and servers everyday from our internal
network and over the internet.  It may be a good idea to use VPN if you
want to do it from the internet.  

Arthur Christy

-----Original Message-----
From: David Lewis [mailto:lewisd <at> tc3.edu] 
Sent: Monday, April 02, 2007 1:47 PM
To: EZProxy discussion list
Subject: [ezproxy] Remote Desktop

We have recently been advised that using remote desktop from on campus
behind the college firewall  to manage the  ezproxy configuration file
is a  "security risk"  even though it is behind the college firewall. 
As long as microsoft patches are up to date I don't see a significant
risk.  

No specifics about the risk were offered.  Can anyone comment on this? 
Thanks

David G. Lewis
Systems Librarian
Technical Services 
Electronic Information Resources
Tompkins-Cortland Community College
170 North St. P.O. Box 139
Dryden, N.Y. 13053-0139
voice   607-844-8211   x4387
fax       607-844-6540
(Continue reading)

Permalink | Reply | 0 comments |
headers
Laurens Dehaan | 2 Apr 2007 21:26
Favicon

RE: Remote Desktop

This might shed some light on this issue.

http://www.windowsecurity.com/articles/Windows_Terminal_Services.html

-----Original Message-----
From: David Lewis [mailto:lewisd <at> tc3.edu] 
Sent: Monday, April 02, 2007 11:47 AM
To: EZProxy discussion list
Subject: [ezproxy] Remote Desktop

We have recently been advised that using remote desktop from on campus
behind the college firewall  to manage the  ezproxy configuration file is a
"security risk"  even though it is behind the college firewall. 
As long as microsoft patches are up to date I don't see a significant risk.

No specifics about the risk were offered.  Can anyone comment on this? 
Thanks

David G. Lewis
Systems Librarian
Technical Services 
Electronic Information Resources
Tompkins-Cortland Community College
170 North St. P.O. Box 139
Dryden, N.Y. 13053-0139
voice   607-844-8211   x4387
fax       607-844-6540

---
You are currently subscribed to ezproxy as: ldehaan <at> saybrook.edu. To
(Continue reading)

Permalink | Reply | 0 comments |
headers
Barnes, William | 2 Apr 2007 21:28
Favicon

RE: Remote Desktop

There was a denial of service flaw in remote desktop:
http://www.microsoft.com/technet/security/Bulletin/MS05-041.mspx

but that was in 2005.

We let users remote desktop to their machines, however, we require our
IT people (myself includes) to VPN to be able to remote desktop to
machines on server subnets, just incase another flaw shows up.

Thanks! 
--Bill 
******************************************* 
* Bill Barnes, RHCE
* Library Network Administrator 
* Harvey A. Andruss Library 
* Bloomsburg University 
* ph: 570-389-2813 
* e-mail: wbarnes <at> bloomu.edu 
******************************************* 

-----Original Message-----
From: Arthur Christy [mailto:Arthur.Christy <at> tamut.edu] 
Sent: Monday, April 02, 2007 3:19 PM
To: EZProxy discussion list
Subject: RE: [ezproxy] Remote Desktop

I connect to over 100 computers and servers everyday from our internal
network and over the internet.  It may be a good idea to use VPN if you
want to do it from the internet.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane