Securing the Learning Environment Against Anonymous Proxies
Ask most administrators what the biggest threat to the online learning environment is today, and you'll most likely be deafened by the resounding reply of "anonymous proxies!" Gone are the days when bandwidth, safety and budget were an administrator's primary concerns and could be easily maintained with an Internet filter. Today, students can conveniently bypass all safety measures put in place with a few strokes on the keyboard that allow them to connect to "bad" sites.
With their limited time and resources, most IT staff I know cannot compete with and keep track of the number of proxies that pop up every day. This leads to other problems: schools end up failing in their compliance with CIPA standards, students are exposed to harmful material and bandwidth is drastically diminished. Take, for example, our district, Duval County Public Schools (DCPS) in Jacksonville, FL. Although we were utilizing an Internet filter, students were still accessing MySpace.com and other "blocked" sites about 300,000 times per week. Not only were these targeted sites disrupting study time, but the traffic was hogging a significant amount of bandwidth that could have been used for more appropriate educational applications. Students were bypassing DCPS's then-filter by accessing anonymous proxies--and this was as easy for them as learning their ABCs.
We know kids are really knowledgeable about using Web proxies, so they always find a way to get to them to access sites that are otherwise blocked by school network filters. The only way to find students who attempt to access bad sites is if you identify them or if they get blocked. The fastest way to identify these users is through authentication.
We implemented 8e6 Technologies--a filtering and monitoring solution that completely eliminated any access to anonymous proxies, something our previous filter was unable to do. The first thing we did was to enable an invisible authentication feature. Authentication is a must for a safe and secure Internet environment. It prevents kids from accessing inappropriate material whether on purpose or accidental. Even though they may not do it intentionally, kids will many times type in a wrong word or misspell a word, but authentication ensures that they are being filtered. This transparent authentication is superior to others offered in the filtering industry. However, our battle against proxies did not end there.
We also had to employ a signature-based blocking feature, also from 8e6, which effectively prevents users from accessing peer to peer applications, instant messaging and anonymous proxies. This feature catches requests for anonymous proxies on the fly, giving us zero-day protection against many open-source proxies. Therefore, if the site is not categorized as a proxy in the database, the system will still be able to block access to the site based on the signature files in the Database. Not only does the "Proxy Pattern Blocking" feature identify attempts to set up proxy tunnels and prevents these connections from being made, it keeps a record of the number of times a student tries to evade the filter in this way. After a predetermined number of attempts, the would-be tunnelers are denied Internet access. This feature helps us secure the network from hacker attacks and loss of private information.
8e6's filtering and reporting solution has not only helped save the IT staff time, but it has proven to be a benefit to the entire DCPS community. Administrators benefit from increased production from their employees, teachers benefit from students staying on task, and students benefit by not being subjected to inappropriate material. Finally, everyone, including parents, benefit from a safer environment.
:: READ MORE FEATURES AND CASE STUDIES ::
About the author: Jim Culbert is an information security analyst at Duval County Public Schools in Florida.
Have any additional questions? Want to share your story? Want to pass along a news tip? Contact Dave Nagel, executive editor, at email@example.com.