These are my notes from the presentation “Anonymous Proxies, Spam and Email Archiving Simplified and Explained” by Anders Johnsson of CIPAFilter at the Oklahoma Technology Association (OTA) on 11 February 2009. MY REFLECTIONS AND COMMENTS ARE IN ALL CAPS. KEEP IN MIND CIPAFILTER IS A COMMERCIAL VENDOR, AND THIS IS THEIR SESSION. I AM RECORDING THIS SESSION WITH ANDERS’ PERMISSION AND MAY SHARE IT LATER AS A PODCAST HERE. [ADDENDUM: SINCE THIS WAS LARGELY A VENDOR ADVERTISEMENT SESSION, I AM NOT GOING TO PODCAST THIS. THERE WAS SOME GOOD CONTENT HERE, BUT THIS WAS REALLY NOT ABOUT CIPA, THIS IS ABOUT NETWORK MANAGEMENT.]
Our CIPAFilter product incorporates functionality which addresses the issues I am going to discuss in this presentation.
ANDERS IS NOW GIVING A COMMERCIAL FOR CIPAFILTER. I WONDER IF HE REALIZES THE PEOPLE SITTING IN THE AUDIENCE RIGHT NOW DID NOT COME TO HEAR A VENDOR AD / COMMERCIAL. WE ARE HERE TO LEARN ABOUT THE ISSUES, NOT BE A CAPTIVE AUDIENCE FOR AN ADVERTISEMENT. THAT IS A ROLE PROPERLY REGULATED TO THE VENDOR HALL, NOT A CONCURRENT SESSION LIKE THIS ONE. HOPEFULLY THE ADVERTISING WILL STOP SOON.
SOMEONE’S CELL PHONE IS PLAYING “CELEBRATION BY KOOL AND THE GANG.”
I WILL BE CUTTING OUT THIS ADVERTISEMENT PORTION OF THE RECORDING IF I END UP SHARING THIS AT ALL AS A PODCAST.
Our pornography filter uses a very small database
– sites that are image only are included
– other sites are filtered based on an alogrithm using the context of use (we allow through sites that use “breast” with other words like “chicken” and “cancer”)
DO I REALLY WANT TO BLOG THIS SESSION?
We can deep-inspect pages that other filters couldn’t block out
– we are running into problems with teachers who want to blog, but when you open up blogs you can link to one that is filth
Proxies are the big problem now
– school districts have filters they are paying big bucks for, and kids are using the next day’s proxies to get around them
– now kids are masking them
– there are a lot of money to be made from anonymous proxy servers
– they make lots of ad revenue
– they start to notice they are not getting the hits they used to, that
you will then see mathhomework1.com, mathhomework2.com – proxy server URLs changing
INTERESTING THAT THE PRESENTER IS NOT EVEN TALKING ABOUT CIPA. HE HAS JUMPED IMMEDIATELY FROM GIVING AN AD FOR HIS PRODUCT, TO TALKING ABOUT MICROMANGING FILTERING OF CONTENT
someone with CIPAfilter developed a fingerprint system to ID students who are circumventing filters to get to YouTube, MySpace, and Facebook
– our system then adds a page that matches our criteria to your blacklist
– then nobody can use those websites to anywhere, play games, do anything
At the end of the day we upload those lists from all the CIPAfilter customers we have
– a kid in South Carolina can find a proxy site, the CIPAfilter blocks it locally, then the next morning your CIPAfilter in your building is blocking that site
– we had some bugs in this initially
– we added about 15,000 anonymous proxy servers in the first week we started doing this [SHARING THESE BLOCKED SITES]
we discovered we had caught and discovered most of the major proxy sites
– we think students were just giving up, stopping looking for the proxies
– we add 40-50 anonymous proxy sites to our list each day
– when we have a https site, that doesn’t mean we don’t have sites without nonsecure versions
– to address this we take a new approach, instead of trying to break that encryption [FOR DEEP PACKET INSPECTION] we put students and teachers on different filtering
– you can do differentiated content filtering
we allow teachers to have https access
– can still block a good collection of https sites
rest of the sites, we just shut them down for students (for anonymous secure proxies)
– we have found in most schools, students just need 4 or 5 https websites when they are at school, to do online testing and things like that
we’ve also had kids bringing in their own thumbdrives with firefox, using
– we can lock that down as a firewall, so the kids can’t use another proxy besides CIPAfilter
audience question: does it also do transparent, so people don’t have to do logins
– yes it will
For us to be able to block secure proxy sites, we have to be setup as a proxy site
– you have to lock down each of your browsers to have locked proxy settings
– we have a client you can push out to do that
when someone makes a secure request to another site, that creates a tunnel which goes thorugh all your networking equipment
– so then your filter just sees jargon
– this is the reason we have to act as a proxy server
– that is the proper and best way to deal with secure websites
audience question about setting up DNS forwarding
– his answer: “I am not a tech”
SO THIS MEANS HE IS JUST A SALESMAN FOR CIPAFILTER. NICE.
the way CIPAfilter sets up categories
– we don’t haev 50 or 60 categories
– most of those are corporate categories
– most schools don’t use those, blocking sports sites, CNN, other news sites
– we have gotten rid of those categories, we market our product just to schools
– we have about 12 categories
– we don’t subcategorize sites much, so we just have “shopping” as a category
You can maintain your own global whitelists and blacklists
Some of your teachers are complaining because they are being treated as kids on the network
– with CIPAfilter you can do differentiated filtering
THE PRESENTER HAS SAID NOTHING ABOUT WHAT IS REQUIRED BY THE ACTUAL CIPA LAW. THE ACTUAL CIPA LAW REQUIRES THAT PORNOGRAPHIC IMAGES BE BLOCKED, BUT IT DOES NOT REQUIRE ANY OF WHAT HE IS TALKING ABOUT HERE, LIKE BLOCKING ALL SHOPPING SITES. THIS IS NOT EVEN BEING ADDRESSED IN THIS SESSION. THIS SESSION WAS VERY MISLEADING AND SHOULD HAVE BEEN TITLED, “COME SEE AN ADVERTISEMENT FOR CIPAFILTER.”
CIPAfilter can now also permit bandwidth control
– throttle traffic by protocol and IP address or subnet
– provide Quality of Service for important traffic
– manage upload and download
– advanced traffic shaping rules included
my question to him: do all your routers have to support QoS for this
– he said no
Complete Virus Protection
– blocks viruses at gateway as primary defense
– real-time software client for all workstations
– scans all traffic automatically
– extremely cost-effective
Our virus solution does not have a disinfect functionality
– our scanning works for Windows systems and Linux, not on Macs (Macs don’t have virus problems)
– targets operating methods of spammers
– no management
– no over blocking (false positives)
– no spam
– idea that spammers operate in a different way from legitimate
– we designed a mail filter that uses greylisting concepts
– is compatible with any mail server
We look for SPF records, reverse MX records
– also record other things that make that message unique
mail is not instant-protocol
– it has to go through its processes to be delivered to the end user
so we delay the receiving of that message to make sure all 5 criteria in our database matches, and if not we bounce it out
– 90% of legitimate spam does not get through our system
there are legitimate and illegitimate spammers
– hacked accounts, hacked IP addresses, using software
– this is a big one
– lots of school districts are now deciding this is what we need to do
– archives all mail including attachments
– we did this because some school districts ran into problems and needed this
– easy, fast searches and custom queries included with support
– keep emails for years without worry expensive storage requirements
Some schools are archiving for 3 years, some for 5 years, 7 years
– I talked to the head of Iowa schools and he told all his folks they didn’t need to do it [ARCHIVE EMAIL]
– In Texas someone told schools they just need to do it for 1 year
APPARENTLY THE PRESENTER IS NOT FAMILIAR WITH THE RULES OF E-DISCOVERY
– someone in the audience said they had emailed Eric H and asked him, and he doesn’t know
CLEARLY WE NEED SOME CLEARER GUIDELINES FOR SCHOOLS ON THIS ISSUE. THIS SESSION WAS MARKETED AS A PRESENTATION WHICH WOULD CLARIFY ISSUES SPECIFIC TO EMAIL ARCHIVING REQUIREMENTS. THAT IS NOT BEING PROVIDED HERE, THIS IS BASICALLY JUST A VENDOR AD.
I hope you all didn’t come to this session looking for answers on this from me, I don’t know [IN REFERENCE TO EMAIL ARCHIVING]
– It appears that you need to have a policy and enforce it
CIPAfilter has two 250 GB hard drives
– we can back up to a server of your choice, then burn to DVD, or whatever you want
my question does this work with webmail like yahoo mail or gmail?
– his answer: this only works with your own hosted mailserver
Have a solution with third party for Novell email archiving
– all email servers except Novell support journaling
– so in those cases, you enable journaling to send a copy of the mail to an external source (CIPAfilter in this case)
– for Novell clients, this third party program stops all users from deleting mail from their deleted items folder until it has been backed up
– you just buy that from the third party client, it is $3.50 per mail account
We are an advanced router and firewall
– secure yet very easy to manage
– stateful firewall with NAT support and routing protocols
– block chat, P2P, audio/video, proxy servers
my question: will you address CIPA rules
– all CIPA requires is to block pornography
– it is really a broad spectrum of what you are required
– some schools have used built-in IE browser security settings to try and block objectionable content
– now you have to block MySpace
THAT IS NOT TRUE. THERE IS NO CIPA REQUIREMENT TO BLOCK MYSPACE OR OTHER SOCIAL NETWORKING SITES.
My question: can you generate website visit reports for individual users by userid, IP, or MAC address, and then integrate that report into your student information systems in a 1:1 environment so parents can see all the places their child’s laptop has gone?
Reporting system now can create a PDF file for individual
– can go to a user activity tab, search for their userid or IP, and then see everything
– has a TV guide view, and a spreadsheet view
I THINK SYSTEMS LIKE THIS ARE THE FUTURE, OR NEED TO BE THE FUTURE, FOR CONTENT FILTERING. THIS WOULD BE KEY FOR CREATING PERCEPTIONS OF ACCOUNTABILITY, IN ALL COMPUTING ENVIRONMENTS BUT ESPECIALLY IN 1:1 ENVIRONMENTS. I DO NOT THINK THERE ARE ANY PRODUCTS, VENDOR OR OPEN SOURCE, WHICH CAN DO THIS NOW. SCHOOLS NEED THAT KIND OF FUNCTIONALITY, SO PARENTS CAN LOG INTO POWERSCHOOL VIA THE WEB INTERFACE AND IN ADDITION TO VIEWING THEIR CHILD’S GRADES AND ATTENDANCE, SEE THEIR DIGITAL FOOTPRINTS ON THE SCHOOL NETWORK.
cipa, network, filtering, block, filter, ota09, oklahoma, technology, school, proxy, proxies, cipafilter
If you enjoyed this post and found it useful, subscribe to Wes' free newsletter. Check out Wes' video tutorial library, "Playing with Media." Information about more ways to learn with Dr. Wesley Fryer are available on wesfryer.com/after.
On this day..
- How to Enable Comment Moderation on YouTube Videos - 2012
- Publish a Combined iCloud Calendar and Google Calendar - 2012
- Vimeo or YouTube? Where to Post Family Videos? - 2012
- Snow Day Scratch Fun: Using the Broadcast Tag - 2011
- Announcing The Digital Magic Tricks Workshop - 2010
- Great Project Based Learning Resources from the Buck Institute for Education and EduTopia - 2010
- Great quotations about learning with images - 2010
- Summarizing concepts in 5 or 6 images - 2010
- SINGing the Praises of NING by Dawn Danker - 2009
- Student-Created Virtual Field Trips: Howe Public Schools Live and On Location! - 2009
I hate presentations that are ads. When I review for conferences, I try to mark these down. I would rather get the real content than this. As you say, it should be done on the vendor floor, then if you want to sit through it they can give you a T-shirt
I attended this session not really expecting a sales presentation. We just recently purchased a new filtering appliance for the district – so we won’t be purchasing another anytime soon. Thought that we might pick up some tips on how to “tweak” our settings.
Sorry, I ended up leaving about half way through this presentation.
Why do you believe that it is necessary for
PARENTS to LOG INTO POWERSCHOOL VIA THE WEB INTERFACE AND IN ADDITION TO VIEWING THEIR CHILD?S GRADES AND ATTENDANCE, SEE THEIR DIGITAL FOOTPRINTS ON THE SCHOOL NETWORK?
I find the CIPA requirements rather excessive, but you are suggesting a much higher degree of monitoring as being desirable. Perhaps 1984 would be worth rereading?
(Disclaimer: my son attends a school that does some net filtering—I not sure how much. We do no net filtering at home.)
Your question deserves a much longer response than I have time to leave now, but here is the short version:
Accountability and perceptions of accountability for our behavior are very important when it comes to ethics. This is not just true for students, it is true for adults as well. I think virtual accountability for where we go and what we do is a key element in addressing the issues inherent with a free Internet.
More on this later… I’ll post in greater detail. I have addressed this in previous posts with the category “digital discipline.”
We need to prepare everyone (young and old) to make good decisions and choices in an unfiltered web environment. Schools receiving E-Rate funding in the US will continue to need to have at least a basic level of content filtering to meet legal requirements. Content filtering will not, however, help develop ethical decisionmaking on the part of individuals.
My November 2008 post “Cyberbullying and Cyberthreats: Responding to the Challenge by Nancy Willard” addresses this a bit.
Your thoughts / responses?