Professional Documents
Culture Documents
As a K-12 IT professional, your top priority is ensuring all the students in your
school or district have safe and secure access to the educational content and
courseware they need, and that critical learning applications perform optimally
whenever students and teachers need them. The majority of school districts
have implemented firewalls and content filters to aid in enforcing appropriate
use of the network and to prevent students from accessing prohibited content,
but this is no longer enough. Advances in technology and the rising popularity
of BYOD and 1:1 programs have given your students the tools they need to
get around traditional content filters. And given how smart today’s connected
generation is, it’s likely that some students in your district are actively
bypassing your web filter today to access restricted materials without your
knowledge.
Additionally, there are legal implications that make providing a safe learning
environment for your students by restricting access to harmful content even
more critical. Regulations like the Children’s Internet Protection Act clearly
state that your IT department is responsible for the online safety of your
students, and funding such as E-Rate is often tied to your team’s ability to
prove you are maintaining compliance and blocking access to content outside
of your district’s Acceptable Use Policy.
This white paper will outline seven ways K-12 students are currently using
technology to circumvent your web filter, access content and applications
outside of your Acceptable Use Policy, and put your funding at risk.
White Paper
7 Ways Students Are Bypassing Your Content Filter and Putting Your K-12 Network at Risk
No matter how secure you think your K-12 network is today, there will
always be a select group of rogue students that will be able to find a
way to evade your filtering tools to access unauthorized content. In fact,
there’s a good chance that the firewall and web filter you currently have in
place are not catching all the traffic traversing your network. You may be
surprised, but some if not all of the following traffic types outlined below
are being used on your network every day to bypass your content filter.
Solution
Use a real-time network monitoring tool to analyze and inspect all
application traffic crossing your network at layer 7. The tool you select
should be sophisticated enough to allow you to not only see and identify
VPN traffic, but allow you to drill down to associate specific users
with these traffic flows. From there, you can discern if the VPN user
in question is faculty and using VPN for legitimate purposes, or if the
user is a student using VPN to bypass your web filter. If you detect that
VPN is being misused by students, you can quickly create a policy to
limit the user or user group’s ability to access VPN on your network.
White Paper
7 Ways Students Are Bypassing Your Content Filter and Putting Your K-12 Network at Risk
Solution
As Tor traffic can easily slip past your web filter, investing in an additional
tool with deep packet inspection that can complement your filter is
key if you want to ensure you have complete coverage across your
network and keep students from accessing inappropriate material.
Because Tor runs on web service ports, only a comprehensive DPI tool
can detect, inspect and classify this traffic with the level of granularity
needed. Once Tor traffic has been identified, setting a policy to discard
those packets will effectively prevent students from using it.
Solution
Your network monitoring tool’s classification engine should be able to
easily identify and expose this bypass traffic in real time. From there,
you should be able to apply QoS policies to traffic using Anonymous
Proxies to either block it completely or limit the amount of bandwidth
it can use. To make your life easier, your solution should also be
receiving daily auto-updates containing new Anonymous Proxy sites
as they go live. This allows you to be proactive in protecting your
students from accessing harmful content and saves you the headache
of constantly adding new URLs to your blacklisted database.
Solution
Make sure that your solution is able to provide full visibility and control
over all applications and secured browsing traffic crossing your network
to stop students from bypassing your filter through encrypted sessions.
However, you don’t want to cut off access to HTTPS traffic altogether, as
students and teachers also connect securely to a myriad of e-learning
applications, as well as their learning management systems. To achieve
this, create policies as you normally would to prioritize HTTP and HTTPS
access to your critical learning applications, and set policies to limit HTTPs
access to URLs and applications outside of your Acceptable Use Policy.
White Paper
7 Ways Students Are Bypassing Your Content Filter and Putting Your K-12 Network at Risk
Solution
Your network management solution should also be fully integrated
with Microsoft Active Directory, to easily allow or limit access to
specific URLs or applications at the user or group level. If you have
particular users or groups in your district that have a legitimate
need to access an SSH tunnel, you can create a policy that only
allows those specific users or groups access, and restricts
access to the rest of the students and faculty in your district.
Solution
Eliminating remote desktop application usage from your K-12 network
can be done in a matter of clicks. Using a robust bandwidth management
solution with built-in traffic shaping capabilities, it’s easy to create policies
that either completely block access to these applications, or only allow
access to certain user groups, such as faculty or administrative staff.
White Paper
7 Ways Students Are Bypassing Your Content Filter and Putting Your K-12 Network at Risk
Solution
The network monitoring solution you select should come equipped with
a robust layer 7 signature database that is able to classify these types of
purpose-built programs. Tools with integrated bandwidth management
capabilities allow your IT staff to throttle or discard the traffic completely
to control how bandwidth should be allocated to these applications. C
White Paper
7 Ways Students Are Bypassing Your Content Filter and Putting Your K-12 Network at Risk
Conclusion
Next Steps
Do you suspect that students in your district are bypassing your firewall
or web filter to access inappropriate content? Contact an Exinda Solutions
Expert today to arrange a quick demo and see how we can help.