High Level Security

Toggle sidebar Toggle sidebar
G

Guest

Guest
Hi,

I work as a consultant for Juvenile Justice Detention Facilities nationwide. A lot of our schools do not have internet access for teachers and students. I am trying to make some recommendations about how to set up a secure network that will comply with stringent rules for the youth. For example: There can be NO contact with the outside world. I am advising that they use an AUP and make student logins so they can pinpoint any security breaches and that student will be held accountable. I am hoping that you can help me with the more technical side...what software would you recommend to help with security of the web and filtering out sites that we do not want. Any advice on how security would be very much appreciated!

Thanks!
 
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,325
2,755
125,640
You are pretty much going to have to go with a commercial solution. I would normally say you can do it yourself but if you do not already know the 2 methods to do this you likely do not have the skills to build your own devices using the free software.

You can use a firewall or proxy server. A proxy server tends to have many more options since its main purpose is to filter web type of traffic. Some higher end firewalls also have nice filter ability. A company called bluecoat makes some of the better proxy...they are not cheap.

This is going to be very hard to accomplish. It is pretty easy to filter out porn sites and hacker sites and other categories of sites. With your requirement how would you prevent say going to CNN site and they put up a poll that lets you place comments. Even youtube lets you place comments. Its not to hard to image people using comment sections to communicate.
What you are almost going to have to do is block everything and then manually go though some sites and allow URL by URL within the site.

Now if you actually think a policy that says don't do it because we are watching will work. Then proxies have great logging of everything you did. That sounds really good until you are the person that has to try to go though the logs and see if someone violates it. It depends how much you trust...and even kids who are not in trouble already do not make the best decisions.
 
Upvote 0 Downvote
the great randini

the great randini

Distinguished
Dec 23, 2011
1,964
1
20,165
you should check out the great firewalls for Fortent, i have been working in it for a while and this is the best security tool i have used yet. You can control everything from what websites your users can go to, to what applications they can install. It has built in filter, dlp, application control and good reporting. They will set up everything for you if you dont feel comfortable and the support is good if you get stuck. I use 80c's at my locations with 100 users and 60c's at the locations with less than 50, they will all report to one 80 so that i dont have to pull logs from them all.
 
Upvote 0 Downvote
K

Katherine Crawford

Honorable
Mar 22, 2013
2
0
10,510
Thank you for recommendation. I am hoping that by using a classroom management tool like LanSchool we can avoid having to sort through logs and what nots. I looked up Blue Coat and I am going to research what it would cost for them to go down this route.
Every state will want to approve URLs based on their own requirements. They should all have staff that know how to put this together but it is more about us saying this is how you can make it safe for kids. I like your idea about starting with nothing and adding...maybe we can make a list of suggested sites. It is a delicate balance of complying with the laws each state has with access and giving kids the tools they need in education to be successful. Thank you for getting back with me.
 
Upvote 0 Downvote
K

Katherine Crawford

Honorable
Mar 22, 2013
2
0
10,510


Thank you! Do you know if you have limit pages of websites so they can only interact with certain parts?

 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,325
2,755
125,640
If you want to play with the bluecoat stuff they offer a free version for home users. This is only a pc based application but it uses exactly the same filters as the commercial product. It allows quite a bit of customization of rules and such. The commercial appliance has even more options but they cut them back I suspect to not burden the home users.
http://www1.k9webprotection.com/

It is called K9 because it makes barking sounds out the speakers when the kids try to access sites that are blocked...it does actually block them so turning off the speakers only prevents mom from catching you right away.

They do have a paid version of this if a client based solution would be acceptable....all depends how many machines you want to maintain.
 
Upvote 0 Downvote
the great randini

the great randini

Distinguished
Dec 23, 2011
1,964
1
20,165
you can exclude or allow any page you want, you also have the option the just warn the users. you can block by category or on a individual site by site basis. http://www.fortinet.com/products/fortigate/80C.html

we used a software solution in the past, the problem with that is you have to touch every pc, which is alot of work, and there were alot of ways users could get around the filter. the software filters have an option for overrides, to bypass the filter and we noticed that people who were excluded from filtering rarely changed their windows password, which was used for the override and they would share with other users who were filtered when i.t. was not available which defeated the whole purpose of the filter.
 
Upvote 0 Downvote
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
171,459
17,919
184,590
I highly recommend you get in touch with your states IT dept, and your local Dept of Ed. They already have contacts within the industry, and the DoEd has already done this for regular public schools.
They can probably also advise on specific vendors, maybe even getting you a better price.

The previous comments here are good, but setting up a nationwide network with the level of security you require is a non-trivial task. Logging and blocking URLs is just the first step.

ex. Student logins - How do you 'prove' it was Jim logged in, and not Bill using Jim's password? Or worse, a teachers password.
How do you prevent the kids from rebooting the machine into a different operating system (via CD or USB)?
How do you prevent bypassing your network altogether with an unauthorized wifi dongle?

Then we get to physical security. A sufficiently motivated teen could put a keylogger on a teachers workstation, thereby giving him the keys to the kingdom.

This is just scratching the surface. It can be done, but it is a non-trivial exercise.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom