Hi Everyone,
We are implementing WAM on our library server and are looking at it from
a security perspective. It would be very useful if other WAM libraries could
let us know how their system is set-up:
1) Is your library server inside or outside your institution's firewall?
2) Do you use port scanning software on your library server (see III FAQ)?
3) Does your institution have an intranet? And, if so, does this use
EZproxy to authenticate?
4) If the answer to both parts of question 3 is yes - then are there any
issues with one domain having 2 servers - both authenticating via
separate EZproxy software?
5) If your institution has an intranet (whether EZproxy based or not) are
there links on records between the library catalogue and pages on that
Intranet (for example: institution-wide passwords for e-resources)?
6) If the answer to question 5 is yes, do the users need to authenticate
again on entry into the intranet or is the authentication on the library
server sufficient and they proxy right through?
7) Do you reverse proxy your institution on the WAM table (so in our case
this would be an entry of *.chester.ac.uk)?
8) If the answer to question 7 is yes, did you seek permission from your
I.T. department (or whoever looks after the institution's network) to do
this?
9) Has your library server ever been hacked or acquired a trojan whilst
running WAM?
Thanks in advance.
Joan Millington
University College Chester
Learning Resources
Parkgate Road
Chester
CH1 4BJ
tel 01244-375444 x3312
fax 01244-392811
email [log in to unmask]
|