OZDISK PTY LTD

After being contacted many times of the last year or two, I have put together the following.

I had been working in and around schools for many years. The number of children that attempt to access internet content that they should not can be overwhelming. Many technicians and teachers have enough to do without having to police the internet that chldren use.

Installing an internet filter and locking down external access is the only way to go. Children range from barely being able to use a computer right through to Year 12 students. This is a recipe for problems that any technician that has worked in a school can tell you.  Installing a proxy server that has some access controls is a start, making sure a firewall allows only the required external ports will reduce workload. Children will all ways try to bypass your proxy controls. Learn to deal with that.

Children are learning that internet filters can be bypassed by using internet hosted SSH, VPN and even PHP style hosting.

SSH – This method creates a secure tunnel in which they send and receive the data from a remote host that has un filtered access to the internet.

VPN – much the same as SSH, this creates a secure tunnel to a remote host that has unfiltered access to the internet.

PHP (Web) Proxy – This method is becoming very common, the end user sets up the required software on remote hosting where there is no internet filter and then using accesses that site, the url string is usually altered to cover there tracks. This method hides what they are accessing and only shows traffic to the orginal site.

Restrict access to VPN and monitor utilised ports, installing a firewall or ISA server can help you control this.

Blocking Malware, Spyware and known virus domains is another process that I recommend. Subscribing to a hosts file, malware blocklist and any other feed that will notify you of new sites, then collate this information together and deny access to those sites will decrease infections and reduce workload.

Bandwidth costs can accumulate very fast within schools, if a school has 100 computers that are used daily and download 10MB means 1000MB per day and thats going to end up using 20000MB approx. You need to cache whatever you can, I have seen some proxy servers cache 30-40% with some even higher. If you can tune your proxy server for high hit rates you will reduce your bandwidth bill.

SPAMMERS

.look019.com
.vehawiih.com
.jarubyim.com
.gibimain.com
.0rz.tw
.keyekdid.com
.demaszen.com
.iokodeit.com
.iadoksiw.com
sunechae.com
hmolilxsersu.com
dzgdxnynminl.com
giaphucnguyen.vn
doclu.com
ladmnrqnzwch.com
mjsattbtzqwv.com
ncbdumlebpzt.com
qsesdauxghau.com
hjecflhqvdai.com
kziiimxkewqk.com
ysrhfxlwgovc.com
lsophyfystqx.com
yciidvrhxkaf.com
gyniwdoqhtsr.com
.lkcwswscvfeh.com
.uwhwvihmbkgh.com
.njwortzubdjc.com
.lowest-rate-loans.com
.inspiredwebcreation.co.uk
.nutshellurl.com
.mosterhok22.com
.jeol.co.kR
.starvipplays.net
.iblp-rd.org
.iycnl.com
.poisonstrawberry.com

DNS (Domain Name Server) is what is used everytime someone tries to access a website. If you type www.ozdisk.com.au into your browser a small query goes off to find what IP  the webserver has in order to access it. It works like a phone book, that can update its information from other DNS servers located on the Internet. By tricking a local DNS server into replying with either a loopback address (127.0.0.1) or an internal address you stop the query from going further onto the Internet.

Once a computer is infected with malware or spyware, it can send information onto the internet for malicious hackers to turn computers into zombies or gather information which is confidential or even install more malicious softyware. Persons responsible for infected computers should remove the infected computers from the network and then remove the infections. Once it is clean or reimaged then put it back onto the network for use.

Now thats out of the way, here is way to help block and protect computers. Although this wont stop all infections it will reduce computers from accessing the domains that are known bad sites.

Stopping Malware & Spyware from talking to the internet by using a DNS null zone is very simple and does not require large hardware or specialised equipment. When a computer tries to access one of the sites on the list the DNS server will reply with a local IP thus keeping the data from going out onto the Internet.

It can be as simple as loading a local DNS application to your server. If you run a Windows server then you more than likely have this setup partially already. If you run Apple or Linux you can install and run a DNS server fairly easily. (Although the later will require further techs skills.)

For further information and details please visit “Black Hole DNS White Paper by David Glosser”

Another thing that can be looked at is using a HOSTS file http://www.mvps.org/winhelp2002/hosts.htm