This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.
The enemy within:
Stop students from bypassing your defenses
The threat of the web
The web has replaced email as the primary entry point for malware into a network, with a brand new infected webpage discovered approximately every 4.5 seconds1. The majority of these are legitimate sites – government agencies, Google, MySpace, Facebook, the Cambridge Dictionary, BusinessWeek, and many more have all fallen victim to hackers. Clicking on such pages poses a multitude of risks to networks, including the loss of confidential information, virus and spyware infection and botnet recruitment.
Schools in the front line
K-12 schools are particularly at risk from web-delivered malware – and it is often introduced by the very people they need to protect: students. Not only are many children extremely technically skilled, but they have ample opportunity to work unobserved in internet-connected computer labs and libraries, which are used by hundreds of different students every day.
Unlike corporate environments, where adult users have jobs, salaries and reputations to worry about, K-12 students often don’t know or don’t care about the consequences of their actions to the school network. Bypassing network controls to access restricted websites is usually just considered an entertaining challenge, or a way to burnish an anti-establishment image. However, in addition to ensuring their own network security, schools are held responsible by parents and state and federal laws – such as the Children’s Internet Protection Act (CIPA) – with protecting young, impressionable minds from web predators and harmful content. One example of a student bypassing a school’s web filters involved an eighth grader in Texas who downloaded pornography during a study group2.
Bypassing web filters
Students across North America are increasingly turning to anonymizing proxies to bypass their school’s web filters to view pornography or access banned social networking sites. Anonymizing proxies are widespread, with several hundred new proxies published daily. Easy to access and difficult for traditional security software to detect, anonymizing proxies are web sites that trick an organization’s web filter into thinking the user is browsing legitimate content. The user visits the anonymizing site first and enters their intended URL, and the proxy then opens a portal to the student’s desired destination. Traditional web filters only identify the anonymizing proxy URL, not the destination URL, and as such often allow the request. In some cases, the student simply configures his or her web browser to point automatically to the anonymizing proxy, ensuring that all web activity is hidden.
K-12 schools are particularly at risk from web-delivered malware – and it is often introduced by the very people they need to protect: students.
Aside from disguising banned content, anonymizing proxies change constantly, with scores of new ones appearing daily. K-12 school IT administrators spend hours each week tracking down and blocking anonymizing proxies, significantly affecting resources and overheads.
Many web sites also offer daily updated lists of anonymizing proxies. A quick Google search will produce hundreds of anonymizing proxy sites. There are even video instructions on YouTube that show students how to construct one. It is also not difficult for computer savvy students to set up their own anonymizing proxies at home, using one of the many free utilities available online.
Defeating anonymizing proxies
There are a number of ways that schools can complement their existing web filtering technology to identify and block anonymizing proxies:
Reputation detection services••
Real-time proxy detection••
User education••
Reputation detection services
Reputation detection services constantly track publicly known anonymizing proxy sites and the forums3 that exchange their details. They are then able to update a school’s web filters – ideally every 15 minutes or faster – to ensure that the web gateway security solution stays ahead of the student grapevine. Reducing the amount of time an anonymizing proxy is available to a student provides a major inconvenience to their ability to track and use such services.
Real-time proxy detection
Some anonymizing proxies are kept a closely guarded secret, or built at home for the exclusive use of one person. Because their details are not shared they are immune to reputation detection services and must be tracked in real time.
Real-time detection monitors and analyzes all web requests and responses for signs that traffic is being routed through an anonymizing proxy. If one is detected, the request can be blocked. Signs that a student is using an anonymizing proxy include URL strings hidden within other URLs, and partially encrypted URLs. Real-time detection relies on strong decryption capabilities, as many proxies use encryption to hide their actions.
Anonymizing proxies are widespread, with several hundred new proxies published daily.
User education
User education is always a central pillar of enforcing a web acceptable use policy (AUP), and many schools require students and their parents to formally sign their acceptance of such policies and ensure that they are aware of the consequences of violating them. AUPs should always contain a clause forbidding the use of anonymizing proxies, and state that controls are in place to monitor and detect their use. Formal AUPs do deter many students from trying to get around the rules, particularly if that information is part of a memo sent to parents.
Many schools also run internet safety classes as part of their computer curriculum, which can be utilized to explain more fully the dangers of anonymizing proxies and the thinking behind the AUP.
Summary
Anonymizing proxies allow students to bypass their school’s web filters to access inappropriate and blocked content. Their large and ever-changing numbers and ease-of-use make them difficult to block, and schools can find themselves legally liable if minors are accessing pornography and other sites from within the network. However, reputation and real-time detection will identify and block anonymizing proxies, and user education will ensure that students and parents are aware of the risks in bypassing web filters.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Computer and Internet Security
- Important Computer and Internet Security Issues You Need to be Aware Of
- Online Security - 5 Top Tips to Protect Your Computer Against Internet Security Threats
- Computer and Internet Security Issues That you Should Know
- free password recovery software talks Computer and Internet Security Issues that you Should Know
- Protecting your Computer the Best Way Through Kaspersky Internet Security
- Verizon Internet Security Suite: the Perfect Software to Protect your Computer
- Importance of Internet Security for Businesses
AntiVirus & Firewall Software - Best AntiVirus & Firewall Software Revealed!
By: Brad Montagno | 21/11/2009Looking for a superior virus & firewall software? Well I'm going to show you where to get the best of the best!
Choosing the Right Antivirus Program
By: Hannah Miller | 20/11/2009With the constant possibility of viruses and other malware affecting your computer, surfing the Internet can seem quite dangerous. So you want to stay safe while you’re online, but you’re not sure which program will do the job. If you are overwhelmed by the plethora of anti-virus programs and other “computer protection” programs, here are a few suggestions to help you decide what anti-virus program will work for you.
Computer Viruses and Spyware - Silent Killers and Thieves
By: Rob Ferrall | 20/11/2009Not all computer viruses, or spyware, are easily visible on our PCs. Are you one of the unknowingly infected?
Government Internet Surveillance in the USA
By: Jim Rjindael | 20/11/2009Surely, this doesn't happen, I mean people monitoring ordinary peoples web browsing in the USA. Well if you don't believe me I'd like to tell you briefly about a room, and not just an ordinary room - this room has sparked a scandal.
Using A Business Firewall to Secure Your Network
By: Brian Reed | 20/11/2009Your business probably flourishes because of the internet. Chances are good that you are going to be able to see and do more things with the computer than you have ever been able to do before, and this can only mean good things for your business. With the right internet network, you can communicate with customers, allow yourself to have a chance to get business all around the world, and really help yourself help others with your business. As long as you have the right business firewall.
How important it is to make sure that your security system is not being hacked?
By: Lifestyle Writer | 19/11/2009The article ( http://www.wired.com/threatlevel/2009/07/video-hijack/ ) on how a malicious intruder in a LAN can hijack an IP camera and insert his/her own IP feed into the system. The intruder uses a simple but effective technique called ARP cache poisoning / ARP spoofing. This way, the intruder can inject any video feed that it wants into the NVR. How can one avoid this?
Penetration Testing is Required to Ensure Network Security
By: Jeff | 19/11/2009Penetration testing is also known as "ethical hacking". This network security tool is very helpful in vulnerability assessment. It actively finds the loopholes and deploys attacks and penetration efforts against your network to uncover potential vulnerabilities and threats.
Vulnerability Testing is Required to Strengthen your Network Security System
By: Jeff | 19/11/2009There are a lot of reasons your organization needs to conduct vulnerability testing. It can be done to perform a checkup of your overall web security system. If there are a number of servers in your organization then the vulnerability assessment is a must. First of all you need to decide which applications are to be assessed, and why. It can be a part of your PCI audit requirements, or a step to check the web security of an application that is to be deployed.
Enabling a safer internet
By: MFrizzi | 13/11/2009 | SecurityThe positive approach to web security a safer internet: the positive approach to web security One newly infected webpage is discovered every 4.5 seconds.
Free yourself to do more, while securing your business simply and cost-effectively
By: MFrizzi | 13/11/2009 | SecurityIn tough economic times, with tightened budgets and heightened competition, it’s vital for businesses to secure their systems and data against a growing field of threats. However, implementing and maintaining full-spectrum protection can be a heavy drain on financial and human resources if not done right. A more efficient approach to security means that resources – both human and physical – are freed up to improve and expand other areas. The end result is your business becomes more efficient, f
The enemy within: Stop students from bypassing your defenses
By: MFrizzi | 13/11/2009 | SecurityComputer literate K-12 students regularly use anonymizing proxies to bypass their school’s web filters to access pornography, social networking, and other blocked websites. This is a major security flaw because most infected networks are first exposed via the web. Moreover, it has serious legal ramifications for schools that are not in compliance with state and federal laws. However, reputation and real-time detection can automatically identify and block anonymizing proxies. This white paper dis
Securing your mobile workforce: Extending security to mobile devices
By: MFrizzi | 11/11/2009 | SecurityPDAs and smart phones are becoming standard business tools storing sensitive business information and enabling email on the move. This makes them vulnerable to attack from malware authors seeking out new ways to defraud users and steal confidential business data.
Spyware-free networks
By: MFrizzi | 11/11/2009 | SecurityThree points of security against the threat of data theft
Phishing, vishing, phaxing and other identity threats
By: MFrizzi | 11/11/2009 | SecurityThe evolution of online fraud
Facebook: The privacy and productivity challenge
By: MFrizzi | 11/11/2009 | SecurityAvoid identity theft when social networking on websites like Facebook, and learn how companies can block employees from visiting inappropriate websites. Facebook is an internet phenomenon, with a reported 100,000 new people joining the social networking website every day. But do you think carefully about your privacy settings, or do you reveal too much information about yourself to potential identity thieves? ID fraudsters can use confidential information to commit crimes against individuals an
Zero-day threats: Guarding against the unknown enemy
By: MFrizzi | 11/11/2009 | SecurityThe risk from viruses, spyware, Trojans and other malware is constantly changing. Systems are often more vulnerable than they need to be to attacks from new and unknown sources . By following a few simple guidelines, you can maximize your protection against zero-day threats.