4 Comments

How to Bypass a School Firewall

Written by:  • Edited by: Bill Bunter
Updated May 5, 2010 • Related Guides: Google | Proxy Server | MySpace

School firewalls are in unique positions. Every year or semester, a new batch of young, curious Internet explorers appears to probe and search for new surreptitious means to circumvent firewalls and their access rules. How do students bypass a school firewall when they try?

Introduction

"How to bypass a school firewall" is one of the most popular searches on Google. This article isn't going to explain how to bypass a school firewall; rather it will explain how school IT admins can ensure that their firewall isn't bypassed using the information that students find during their Google search. There are several methods consistently used by students to bypass, or try to bypass firewalls. Some of these persist and are still effective due to the firewall technology in place. Even installing the latest and greatest firewall tech is no assurance of security. The firewall is only as good as the configuration and rules in place. Let's take a look at the basics to prevent firewall bypass by students.

Firewall Bypass Prevention

Use application layer firewalls - Application-layer inspection ensures that filtering is possible on types of content, types of program function, and repurposing of protocols is prevented.

Use very restrictive rule bases - This may seem obvious, but it always bears repeating. Allow only the absolute minimum traffic of the fewest types, from only the locations needed. The rule base will be more detailed and complex, but bypassing becomes vastly more difficult.

Force proxy use for access - Some firewalls include a proxy server or proxy interface. If all traffic for proxy-capable protocols must pass through via the proxy, possibilities for circumventing the firewall are greatly reduced.

Limit access by IP address - Ensure that systems students have access to and use are limited access by IP address. If a rogue system is put on the network or someone manages to change its address, no access at all is possible.

Require authentication for access - Along with the other restrictions in place, require authentication and authorization for use of even allowed protocols. If they don't have a valid user id and password, and aren't in an authorized group, they're blocked.

Don't allow users to install programs or change configurations - It's rare that students would need to change IP addresses, proxy settings, or install software on computers. Don't allow everyday users this level of privilege.

Next Steps

These are the beginnings of a secure perimeter firewall and network configuration. Advanced techniques for tunneling protocols, piggybacking on other traffic, and repurposing protocols exist. Usually a modern, strong application-layer firewall can greatly reduce the efficacy of these methods of bypassing the firewall. Encryption (and more generally, tunneling of any sort) is much harder to prevent as a means of bypass. Consider denying the use of encrypted protocols by students or denying them without authentication at the firewall first, and have only a trusted user group that can utilize them.

Next Article »
We Also Recommend...

Comments

Showing all 4 comments
 
reigna sanders Sep 2, 2010 11:46 AM
this dude
to this other dude thats sittin here thinkin he is just so damn smart what the hell are you doing disclosing that sort of imforation bout proxies you sir are not a true student but a dervived geek at heart i like your still though....
reigna sanders Sep 2, 2010 11:42 AM
computer proxies
so your goin to tell us how we cant and that the schools are doing a good job at preventing it. well that was not very helpful...whats the use of the computers then cause now and days we dont really even use the computers so why not be able to check your email an use it for what its really meant for... their jus sittin here collectin dust.. its stupid your stupid dude...
chris howard Oct 4, 2009 6:00 PM
sure
yeah, sure. do you really think that you could put something like that on a school computer? they log eerything you type on there you know. just ask my class. we were all playing halo online one day, and they shut every computer in the room down, and caled the substitute, who then gave every one of us a warning. and if you even attempt to go on a forbidden website to many times, they will turn off your computer without your consent. so, yeah, right.
c. nile demencha Oct 2, 2009 8:15 AM
bypassing firewalls
to be quite honest with you, i am a student who takes an avid delight in punching through security countermeasures. i read your article, and i would like to provide a point of comparison, or maybe even something you werent aware of. my school recently began using a system by lightspeed systems, which, rather than using a finite list of forbidden websites, instead covers a blanket of almost all websites categorized in a certain format. or at least, that was the idea. needless to say, as the novelty of the blanket ban wore off, we students forged ahead, and have now found a great many hole in the supposedly impenetrable system. first and foremost, my personal favorite way of accessing, say, facebook, is through the use of an outside program. i will not specify as to which, or even disclose how, except to tell you that it involves using an uploaded file from a flash drive, and taking advantage of invisible programs. im going to assume, after reading your article, that you know exactley what i am talking about. you could use this, and provide further advice on how to stop this form of evasion. now, i have really no good reason for disclosing this, but i cannot consientously allow people that i know to keep doing the things that they are doing. also, i do not wish to disclose the information myself, so im giving you small hints and nudges in the hope that you take the cue, and research this. also, there is only so much a school can restrict, so using flash drives is actually encouraged.
 
blog comments powered by Disqus
Computer Security
FEATURED AUTHORS
Mccordrm Michael Guerrero DavidK Steve McFarlane
Steven Bowcut, CPP R.L. Flowers KateG Radell Hunter
Most Popular Articles
Email to a friend