Handling Requests from Vendors for Dealing with Security Abuse

Procedure for Handling Requests from Vendors for Dealing with Security Abuse on the Cornell Network
The Library has been contacted in recent weeks by two vendor, Books 24x7 and JSTOR, about incidents involving the systematic downloading of documents from licensed databases. In both cases, users outside the Cornell network (using non-Cornell IP's) exploited "open proxies" to access the Cornell network and the Library's licensed resources. Late last year, JSTOR brought the issue of open proxies to the attention of its user community and there is background information about them on the JSTOR Web site, http://www.jstor.org/news/2002.12/open-proxy.html.
The Cornell proxy server, maintained by CIT, requires users at non-Cornell IP's to authenticate and, therefore, is not an open proxy. There are, however, servers at Cornell that do function as open proxies. These allow anyone from any IP address to access the Cornell network without having to authenticate. CIT has provided the Library with a procedure to follow if we are notified by a vendor of a security violation or patterns indicating a possible precursor to a security violation. This procedure applies whether or not an open proxy is involved. I am sending it to you so that you know what to do if you are contacted by a vendor. I am also appending some background information about open proxies from JSTOR.
If you receive word from a Library vendor that someone on the Cornell network is misusing a licensed service, use the following procedure:
1) From the vendor, gather the source IP address, time frame of the incident, and any relevant user information (if possible).
2) Contact the Network Operations Center (NOC) with this information, asking them to contact the owner of that IP address so that the owner can take the appropriate action. You can either phone the NOC at 255-9900 or email them at . The NOC will contact the appropriate administrator and take corrective action if necessary (network blocks, port blocks, etc.). The NOC will also contact the Security Team, which will help coordinate remediation efforts.
3) The NOC will supply you with a case number. Use this case number in future correspondence regarding this issue.
4) Copy libit-l@cornell.edu on all of your correspondence.
- Edward Weissman
Assistant to the University Librarian, 7/17/03

What Are Open Proxies?
Proxy servers, for those unfamiliar with the term, are networked machines that can relay requests from one machine on the Internet to another. If a user's request is relayed through a proxy server, then his or her activity will appear to the rest of the Internet to have originated from the proxy server itself. Proxy servers are extremely useful when configured correctly. They are commonly used to provide access to licensed electronic resources to machines not attached to the local campus network, such as students' or faculty members' home computers. Proxy servers are perfectly acceptable as long as measures are in place to ensure that only authorized users are allowed to access them.
Many machines on the Internet, however, have proxy servers set up without proper access restrictions. For example, when a student or faculty member sets up a web server on his or her computer, a proxy server might also be installed. Without special measures being taken, these proxy servers often have no access restrictions in place. If the computer is within a range of IP addresses that have access to an electronic resource such as JSTOR, then the result is that literally anyone in the world can use that proxy server to enter JSTOR, as well as other electronic resources.