Evolution of User Authentication Practices: Moving Beyond IP Filtering

Slide Note
Embed
Share

The article explores the obsolescence of IP filtering in user authentication, highlighting the challenges posed by evolving technology and the limitations of IP-based authentication methods. It discusses the shift towards improving user experience and addressing security concerns by focusing on user identity rather than physical location. The need for modern authentication practices, such as institutional credentials and single sign-on solutions, is emphasized to enhance security and convenience for users accessing online resources.

rin_fi
rin_fi Follow

Uploaded on Sep 22, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. IP Filtering is Obsolete Where do we go from here? Rich Wenger, E-Resource Systems Manager MIT Library

  2. TOC In the beginning The march of technology Playing games Two broad goals A way forward Page 2

  3. In the beginning.. Early days of the internet No portable devices Static IP addresses Unspoken assumptions Page 3

  4. The march of technology Portable PCs, laptops, tablets, smart phones DHCP non-static IP addresses Off-campus users Page 4

  5. Playing games Virtualization at multiple levels Pretending that nothing had changed VPN and proxy servers Page 5

  6. Bottom line The assumption that an IP address = a physical location = an authenticated, authorized user is false. IP filtering is about where a user is (which is completely obscured by proxy servers and VPNs), not who the user is. Page 6

  7. Bottom line IP filtering Conflates IP address with location and identity. Creates proprietary portals, the opposite of modern Discovery practices. Is a maintenance nightmare. Is unsecure and easily exploitable. Without IP filtering, Scihub could not exist * * Atypon presentation on Piracy at SSP conference in Boston, June 2017 Page 7

  8. Two areas of concern We need to: Improve the user experience. Respond to the security problems. Page 8

  9. Improving the user experience The point of referral for authentication must be located at the providers sites, not in our portals. Affiliation defaults must be preserved across browser sessions. All devices must be robustly supported. Page 9

  10. Security We need to: Focus on who the patron is, not where they are. Use institutional credentials. Arrest the proliferation of resource-specific userids and passwords. Support SSO across all devices. Page 10

  11. A way forward Federated Identity Management, robustly implemented by providers and subscribers. SAML-based systems Ex. Shibboleth, OpenAthens, etc. Federated metadata. Authentication referral at the point of need. Use of institutional credentials. Support for affiliation at multiple institutions. Page 11

  12. FIM FIM has been available for many years, but its uptake has been halting and sporadic. Providers and subscribers were/are each waiting for the other to take the initiative. SAML-based systems are becoming ubiquitous, but the quality of implementations varies widely. Page 12

  13. RA21 Initiative RA21, a convergence of efforts by STM Scientific, Technical, and Medical publishers PDR Pharma Documentation Ring URA Universal Resource Access Page 13

  14. RA21 Initiative RA21 SAML-based Federated ID Management. Authentication at the point of need. Collaboration on a set of recommended best practices for providers and subscribers. Open process. Page 14

  15. RA21 Addresses issues important to academic libraries Privacy Walk-ins Protection of personally-identifying history and usage data Uneven quality of some providers SAML implementations Page 15

  16. RA21 Improved user experience - Authentication at the point of need - Single Sign On (SSO) - Comprehensive device support - Support for multiple institutional affiliations Page 16

  17. RA21 Simplified technical environment - More granular control - Federated metadata - No need to maintain IP ranges with providers - Reduced dependence on proxy servers Page 17

  18. RA21 Challenges - Gaining library management s attention to this issue - Getting buy-in and support from campus IT - Resisting fragmentation of effort Page 18

  19. RA21 Participants Steering Committee Participants Page 19

  20. Case study Improve the user experience of students and researchers https://scholarlykitchen.sspnet.org/2015/11/13/dismantl ing-the-stumbling-blocks-that-impede-researcher-access- to-e-resources/ Page 20

  21. A way forward A goal to work toward, NOT an abrupt change Dual stack support for the foreseeable future Libraries need to get involved If we do this carefully and well, it should be minimally disruptive to users. Page 21

  22. Finis Rich Wenger rwenger@mit.edu Phone 617-253-0035 Page 22

Related


Understanding Authentication Mechanisms and Security Vulnerabilities

Understanding Authentication Mechanisms and Security Vulnerabilities

lev_tre
Understanding Shuttling and Filtering of Multiple Ion Species in Segmented Linear Trap

Understanding Shuttling and Filtering of Multiple Ion Species in Segmented Linear Trap

xzayvier_k
Fast High-Dimensional Filtering and Inference in Fully-Connected CRF

Fast High-Dimensional Filtering and Inference in Fully-Connected CRF

sclau
Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

harri
DAVA Drugs Authentication & Verification Application by National Informatics Centre

DAVA Drugs Authentication & Verification Application by National Informatics Centre

ruxt_322
Setting Up Multi-Factor Authentication at Moraine Park

Setting Up Multi-Factor Authentication at Moraine Park

leid_3
Implementing 2FA for UW Azure AD: Best Practices and Options

Implementing 2FA for UW Azure AD: Best Practices and Options

adlai
Understanding BGP Protocol and Configuration for Routing Policy Filtering

Understanding BGP Protocol and Configuration for Routing Policy Filtering

kenzelkr
Understanding Different Types of Recommender Systems

Understanding Different Types of Recommender Systems

adam43
Collaborative Bayesian Filtering in Online Recommendation Systems

Collaborative Bayesian Filtering in Online Recommendation Systems

khoss
Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

torquil
Authentication and Authorization in Astronomy: A Deep Dive into ASTERICS

Authentication and Authorization in Astronomy: A Deep Dive into ASTERICS

anna_ght
Hybrid Mobile Applications at TalTech IT College Fall Semester

Hybrid Mobile Applications at TalTech IT College Fall Semester

opopp
Mobile App Security: Vulnerabilities in User and Session Authentication

Mobile App Security: Vulnerabilities in User and Session Authentication

kama_g
Collaborative Filtering in Data Mining: Techniques and Methods

Collaborative Filtering in Data Mining: Techniques and Methods

eviemae
Guide to Setting Up EU Login and Two-Factor Authentication

Guide to Setting Up EU Login and Two-Factor Authentication

wolfgang
Two-Step Authentication Implementation for Enhanced Security

Two-Step Authentication Implementation for Enhanced Security

lumina
Setting Up Two-Factor Authentication for HRMS Access

Setting Up Two-Factor Authentication for HRMS Access

japp320
An Open-Source SPDM Implementation for Secure Device Communication

An Open-Source SPDM Implementation for Secure Device Communication

eley395
Understanding Weighted Moving Average Charts for Process Monitoring

Understanding Weighted Moving Average Charts for Process Monitoring

viviana
Addressing User Credentials and Security in CCSDS Service Interfaces

Addressing User Credentials and Security in CCSDS Service Interfaces

latimer_f
Personalized Spam Filtering for Gray Mail Analysis

Personalized Spam Filtering for Gray Mail Analysis

chel_122
Enhancements and Updates in TRICS System: Recent Features Unveiled

Enhancements and Updates in TRICS System: Recent Features Unveiled

ariadne
Ethics in IT-Configured Societies: Google's Controversy and Plagiarism Detection

Ethics in IT-Configured Societies: Google's Controversy and Plagiarism Detection

gaia

More Related Content

IGX Orientation 2023: Logging In, Two-Factor Authentication, Dashboard Setup
IGX Orientation 2023: Logging In, Two-Factor Authentication, Dashboard Setup
Understanding SAML for Secure Single Sign-On
Understanding SAML for Secure Single Sign-On
Ensuring Compliance with Prevent Duty in Higher Education
Ensuring Compliance with Prevent Duty in Higher Education
Exploring Proteomics Data Analysis Workflows in Perseus
Exploring Proteomics Data Analysis Workflows in Perseus
Distance-Based Suspicion Score for Audit Selection
Distance-Based Suspicion Score for Audit Selection
Understanding Enterprise Network Security and Firewalls
Understanding Enterprise Network Security and Firewalls
High-Resolution 3D Seafloor Topography Enhancement Using Kalman Filtering
High-Resolution 3D Seafloor Topography Enhancement Using Kalman Filtering
Multi-phase System Call Filtering for Container Security Enhancement
Multi-phase System Call Filtering for Container Security Enhancement
Exploring Moving Walkways with Distance-Time Graphs
Exploring Moving Walkways with Distance-Time Graphs
Telisca Suite: Enhancing MS Teams Integration with Advanced Tools
Telisca Suite: Enhancing MS Teams Integration with Advanced Tools
Public key encryption, Digital signature and authentication
Public key encryption, Digital signature and authentication
Overcoming the UX Challenges Faced by FIDO Credentials in the Faced by FIDO Credentials in the Consumer Space
Overcoming the UX Challenges Faced by FIDO Credentials in the Faced by FIDO Credentials in the Consumer Space
Enhancing Security with Multi-Factor Authentication for NHS Mail Users
Enhancing Security with Multi-Factor Authentication for NHS Mail Users
WFDSS Login Changes and New authentication Process Overview
WFDSS Login Changes and New authentication Process Overview
Enhancing Security with Multi-Factor Authentication in IAM
Enhancing Security with Multi-Factor Authentication in IAM
Efficient Payment System Registration Process with Secure OTP Authentication
Efficient Payment System Registration Process with Secure OTP Authentication
Importance of Multi-Factor Authentication in Ensuring Data Security
Importance of Multi-Factor Authentication in Ensuring Data Security
Understanding Electronically Stored Information in Legal Cases
Understanding Electronically Stored Information in Legal Cases
UTORMFA: Enhancing Security with Multi-Factor Authentication at University of Toronto
UTORMFA: Enhancing Security with Multi-Factor Authentication at University of Toronto
Challenges in DUNE Computing: Addressing Authentication and Authorization Needs
Challenges in DUNE Computing: Addressing Authentication and Authorization Needs
Understanding Distance Bounding Protocols in Authentication
Understanding Distance Bounding Protocols in Authentication
Security and Privacy in 3G/4G/5G Networks: The AKA Protocol
Security and Privacy in 3G/4G/5G Networks: The AKA Protocol
Enhancing Security with Multifactor Authentication for PIMS
Enhancing Security with Multifactor Authentication for PIMS
Comprehensive Guide for Setting Up WireGuard Securely
Comprehensive Guide for Setting Up WireGuard Securely