School Internet Filtering – Part 1
by SysAdmin OzDisk on Jul.13, 2010, under CensorBlox, ISA Server, Internet Filtering, Squid Proxy, Web Proxy Servers
After being contacted many times of the last year or two, I have put together the following.
I had been working in and around schools for many years. The number of children that attempt to access internet content that they should not can be overwhelming. Many technicians and teachers have enough to do without having to police the internet that chldren use.
Installing an internet filter and locking down external access is the only way to go. Children range from barely being able to use a computer right through to Year 12 students. This is a recipe for problems that any technician that has worked in a school can tell you. Installing a proxy server that has some access controls is a start, making sure a firewall allows only the required external ports will reduce workload. Children will all ways try to bypass your proxy controls. Learn to deal with that.
Children are learning that internet filters can be bypassed by using internet hosted SSH, VPN and even PHP style hosting.
SSH – This method creates a secure tunnel in which they send and receive the data from a remote host that has un filtered access to the internet.
VPN – much the same as SSH, this creates a secure tunnel to a remote host that has unfiltered access to the internet.
PHP (Web) Proxy – This method is becoming very common, the end user sets up the required software on remote hosting where there is no internet filter and then using accesses that site, the url string is usually altered to cover there tracks. This method hides what they are accessing and only shows traffic to the orginal site.
Restrict access to VPN and monitor utilised ports, installing a firewall or ISA server can help you control this.
Blocking Malware, Spyware and known virus domains is another process that I recommend. Subscribing to a hosts file, malware blocklist and any other feed that will notify you of new sites, then collate this information together and deny access to those sites will decrease infections and reduce workload.
Bandwidth costs can accumulate very fast within schools, if a school has 100 computers that are used daily and download 10MB means 1000MB per day and thats going to end up using 20000MB approx. You need to cache whatever you can, I have seen some proxy servers cache 30-40% with some even higher. If you can tune your proxy server for high hit rates you will reduce your bandwidth bill.
