EZproxy v7.1 will introduce security features that can detect and disable compromised credentials. Once these new security features are integrated into your library’s workflows, your IT department will gain access to data that can aid in preventing data breaches.
What are the new security features in EZproxy v7.1?
EZproxy v7.1 will include the following security features:
- A security rules engine designed to detect and disable compromised accounts
- A user interface for managing the security rules and compromised accounts
- The ability to augment and share ideas for improving the rules
- The ability to send a pseudonymous identifier to content providers, allowing for more seamless access and better detection of compromised user accounts in an anonymized way
How will these security features benefit my library?
These new security features are designed to do the following:
- Detect compromised credentials before they can be used to exploit other systems and data
- Save your staff time from sifting through log files for compromised credentials
- Reduce interruptions in remote e-content access
What security rules will be enabled and how do they work?
The security rules below are currently being tested with our pilots and as a result, the thresholds may be refined before the release. OCLC has developed these rules based on unauthorized usage patterns we have identified in our hosted environment. Data generated by the rules resides on your EZproxy server and is not shared with third parties.
- Disable a user account that logs in over single and/or multiple sessions on more than 5 different IP addresses in a 60-minute period
- Disable a user account that downloads more than 500 megabytes of data in 60 minutes
- Disable a user account that logs in from more than 2 countries in a 60-minute period
- Disable a user account that has more than 10 login failures in a 60-minute period
- Disable a user account (potentially in multiple sessions) that downloads more than 100 PDFs in a 60-minute period
Can I augment the security rules?
Yes. You will have the ability to augment OCLC’s rules based on your library’s unique needs.
How does the pseudonymous user identifier feature work?
Pseudonymization is a data management and de-identification procedure by which personally identifiable information is replaced with one or more pseudonymous identifiers. EZproxy v7.1 will give you the ability to send a pseudonymous user identifier with every request to authorized content providers, allowing for more seamless access and better detection of compromised user accounts in an anonymized way.
OCLC will implement this feature with the following characteristics:
- OCLC will provide configuration options so that you can turn the feature on/off
- Pseudonymous user identifiers are constructed so personally identifiable information cannot be extrapolated
- If the feature is turned on, pseudonymous user identifiers are sent with every EZproxy request via a HTTP header to content providers that have signed a data protection agreement with OCLC
- EZproxy libraries and content providers can use this feature to improve their feedback loop when a compromised user account is detected while preserving patron privacy
Add security features into your workflow
How can I start integrating these security features into my workflows?
EZproxy stand-alone users:
EZproxy v7.1 will be released later this year. If you have a stand-alone license, there are some steps you can take today to integrate these security features into your workflows more quickly at release time:
- Watch the Product Insights recording to learn more about the new security features.
- Check what EZproxy version you are running and upgrade to v7.0.16 if you are running an earlier version.
- Request credentials for EZproxy Community Center access if you do not have them—we will be posting Office Hour times and dates there.
- Register for an upcoming panel discussion in which EZproxy experts will answer common questions about upgrading your server.
If you have any questions about upgrading your system, please contact OCLC Support in your region.
EZproxy hosted users:
If you have a hosted license, OCLC will migrate your server to the new version within 90 days of the release. Contact OCLC Support in your region if you would like to take advantage of these features sooner.
Support ending for EZproxy versions earlier than 7.1
Why is OCLC ending support for EZproxy versions earlier than v7.1?
To ensure your library can provide the most secure and continuous remote access possible, OCLC is investing additional resources in strengthening EZproxy security. We are ending support for versions earlier than v7.1 on 31 August 2021.