How to Prevent Students from Bypassing School Internet Filters

How to Prevent Students from Bypassing School Internet Filters
Page content

Some rules are just made to be broken- Or are they?

Let’s face it: Some kids just like to break rules, and will go about it in any way they can or want. School Internet filters are often targeted because kids just want to check their myspace or facebook page, or just waste time while in class. School IT administrators go to a lot of trouble to prevent kids from breaking through it, and really nothing is bulletproof. That doesn’t mean that it can’t be made a WHOLE lot harder. Follow along as we examine some ways that kids tend to go around filters, and how the filters can be hardened against such ‘hacking’ attempts. This article will show you how to prevent students from bypassing school Internet filters

What Kids Do, and How to Prevent them.

So let us find out what kids do. They can be very creative! The idea is to limit their options. We need to make it so difficult to get through that those young ones who try the easy things will be deterred. The most driven ones will keep trying, but fear not. If anyone is determined enough, most of the methods won’t work anyway. There is no one solution that will block everything short of corporate security firewalls. For larger school districts with a unified wire area network, this may be a good option.

PROBLEM: Kids look up IP address and try to use the IP instead of the website name. That is very easy to do and gets through a lot of filters.

SOLUTION: Filter by IP number as well as host name. If that isn’t possible, then use a service like OpenDNS.org. They disallow DNS lookups of blocked websites. DNS lookups only return the IP for OpenDNS.

PROBLEM: Kids use web proxies sites such as unblocked.org and browse007.com. Online translation tools and mobile search engines are also used as a proxy.

SOLUTION: Use OpenDNS.org to block access to web proxies, translators, and mobile search engines. Block by DNS names and by IP number.

PROBLEM: Kids use a public proxy server. They change settings in the browser to go through the proxy instead of the school network.

SOLUTION: Set up an anonymous proxy on port 80, and block other outgoing ports.

More extensive options

You can see that it’s a cat and mouse game. Aside from putting together an expensive filtering system using commercially available equipment, cheaper options are limited. A good, inexpensive solution is to setup a Linux router to handle a schools’ network traffic and filter it effectively. By setting up the squid proxy server, a private DNS server and an iptables firewall, it is possible to block any unwanted outgoing and incoming traffic. It would take a lot of work, but there are premade solutions for you. Here are some links to such Linux distributions:

https://www.zeroshell.net/eng/

https://sourceforge.net/apps/trac/ipcop/wiki

Here is a “How To” that will help with the Linux solution:

https://www.faqs.org/docs/Linux-mini/TransparentProxy.html