mac-mla 2008 do you really know who is using your systems? stephan spitzer lead developer/dba,...
TRANSCRIPT
![Page 1: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/1.jpg)
MAC-MLA 2008
Do You Really Know Who is Using Your
Systems?
Do You Really Know Who is Using Your
Systems?Stephan Spitzer
Lead Developer/DBA, Applied Medical Informatics
James A. Zimble Learning Resource Center
Stephan SpitzerLead Developer/DBA, Applied Medical
InformaticsJames A. Zimble Learning Resource
Center
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
![Page 2: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/2.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Problem OverviewProblem Overview
“On the Internet, Nobody Knows You’re a Dog”
A cartoon by Paul Steiner, which appeared in The New Yorker, July 5th, 1993
“On the Internet, Nobody Knows You’re a Dog”
A cartoon by Paul Steiner, which appeared in The New Yorker, July 5th, 1993
![Page 3: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/3.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Who We Are?Who We Are?
• Uniformed Services University of the Health Sciences (USUHS) • Medical education and
research facility for the nation’s military and public health community
• Located in Bethesda, Maryland
• Uniformed Services University of the Health Sciences (USUHS) • Medical education and
research facility for the nation’s military and public health community
• Located in Bethesda, Maryland
![Page 4: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/4.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Electronic Resources (ER)Electronic Resources (ER)
• Portal to over 9,000 electronic resources
• Services over 7,500 global users:• Current students and staff• Alumni• Affiliate institutions
• Portal to over 9,000 electronic resources
• Services over 7,500 global users:• Current students and staff• Alumni• Affiliate institutions
![Page 5: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/5.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
ER - Main DisplayER - Main Display
![Page 6: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/6.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Why Worry About Access? Why Worry About Access?
• Most of our resource offerings are limited by license agreements
• We need to have accurate usage statistics so that we supply resources for our legitimate users
• Affiliate institutions pay us per user• We have a large, mobile, diverse,
and dispersed user population
• Most of our resource offerings are limited by license agreements
• We need to have accurate usage statistics so that we supply resources for our legitimate users
• Affiliate institutions pay us per user• We have a large, mobile, diverse,
and dispersed user population
![Page 7: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/7.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
First Step - Record Access Information
First Step - Record Access Information
ACTION:• Each user signon date and time is saved
with patron record
ACTION:• Each user signon date and time is saved
with patron recordRESULT:
• Inactive users can be purged from the active user database
RESULT:• Inactive users can be purged from the
active user databaseACTION:• Each user access of an electronic resource
is logged, including browser’s IP address
ACTION:• Each user access of an electronic resource
is logged, including browser’s IP address
RESULT:• Have basis for more detailed checking
RESULT:• Have basis for more detailed checking
![Page 8: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/8.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Google Analytics - Next StepGoogle Analytics - Next Step• Free service gathers various
usage information about web sites
• Simple to configure
• Free service gathers various usage information about web sites
• Simple to configure
![Page 9: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/9.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Google Analytics - DashboardGoogle Analytics - Dashboard
![Page 10: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/10.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Google Anayltics - Network Detail
Google Anayltics - Network Detail
![Page 11: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/11.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
What’s Missing?What’s Missing?
• We have user’s access information
• We have locations that accessed our resources
• Need to match: LOCATION <> USER
• We have user’s access information
• We have locations that accessed our resources
• Need to match: LOCATION <> USER
![Page 12: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/12.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Matching IP to Location - What Doesn’t Work (Well)Matching IP to Location -
What Doesn’t Work (Well)• Internet’s Domain Name
System (DNS) • Distributed database of name
servers• Resolve names to locations
• http://network-tools.com/ information via browser
• Nslookup,whois client, etc. are real-time (ie, too slow)
• Need something static and fast
• Internet’s Domain Name System (DNS) • Distributed database of name
servers• Resolve names to locations
• http://network-tools.com/ information via browser
• Nslookup,whois client, etc. are real-time (ie, too slow)
• Need something static and fast
![Page 13: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/13.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
GeoLite City - The Missing Link
GeoLite City - The Missing Link
• Open Source (free) database of geographic information
• Maps IP to City/Country, world-wide
• Self-contained database• Simple API available for most
programming languages
• Open Source (free) database of geographic information
• Maps IP to City/Country, world-wide
• Self-contained database• Simple API available for most
programming languages
![Page 14: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/14.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Putting It All Together Putting It All Together
• Wrote PHP script to query MySQL access logs and call GeoCity API to get user locations
• Find each patron access within a timeframe and list where and when they accessed our resources
• Wrote PHP script to query MySQL access logs and call GeoCity API to get user locations
• Find each patron access within a timeframe and list where and when they accessed our resources
![Page 15: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/15.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Suspicious ActivitySuspicious Activity
• Odd Locations• Siberia?; Philippines?
• “Excessive” Usage• Access 24x7; lots of access in short
timeframes; consistent high access
• Impossible Geographic/Timeframe Usage• Different cities/countries/continents
in same day/hour
• Odd Locations• Siberia?; Philippines?
• “Excessive” Usage• Access 24x7; lots of access in short
timeframes; consistent high access
• Impossible Geographic/Timeframe Usage• Different cities/countries/continents
in same day/hour
![Page 16: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/16.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Example - Odd LocationExample - Odd Location
• Found our Siberian user:• Found our Siberian user:
![Page 17: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/17.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Example - “Excessive” Usage Example - “Excessive” Usage • This is one user for one day:• This is one user for one day:
![Page 18: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/18.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Example - Impossible Geography
Example - Impossible Geography
• Two Users - Two Stories:• Legitimate
• Problematic
• Two Users - Two Stories:• Legitimate
• Problematic
![Page 19: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/19.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
FindingsFindings• Site/Organization utilizes
proxies• Account info left in browser• Explicit sharing of account• Account compromised
• Site/Organization utilizes proxies
• Account info left in browser• Explicit sharing of account• Account compromised
![Page 20: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/20.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Access ResultsAccess Results 2007 2008
-------- --------Apr 30,526 38,666
--- take user access actions ---
2007 2008 -------- --------Apr 30,526 38,666
--- take user access actions ---
May 28,469 32,003June 29,439 25,656July 31,747 30,935
![Page 21: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/21.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Follow-UpFollow-Up”Doveryai, No Proveryai”
(Trust, but Verify)• Re-run script periodically to
check compliance
”Doveryai, No Proveryai” (Trust, but Verify)• Re-run script periodically to
check compliance
![Page 22: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/22.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
ResourcesResources• Google Analytics• http://www.google.com/analytics/
• GeoLite City• http://www.maxmind.com/app/
geolitecity• This Presentation
• http://www.lrc.usuhs.mil/brown/MAC-MLA2008_Spitzer.pps
• My Contact Information• [email protected]
• Google Analytics• http://www.google.com/analytics/
• GeoLite City• http://www.maxmind.com/app/
geolitecity• This Presentation
• http://www.lrc.usuhs.mil/brown/MAC-MLA2008_Spitzer.pps
• My Contact Information• [email protected]
![Page 23: MAC-MLA 2008 Do You Really Know Who is Using Your Systems? Stephan Spitzer Lead Developer/DBA, Applied Medical Informatics James A. Zimble Learning Resource](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649f335503460f94c4fa23/html5/thumbnails/23.jpg)
UNIFORMED SERVICES UNIVERSITYof the Health Sciences
James A. Zimble Learning Resource Center
MAC-MLA 2008
Questions? Questions?