Proxy Sites Offer Secret Passage to Myspace

JafSquared writes "As sites like MySpace.com gain popularity in young adults, schools all over are finding that taking measures to keep kids blocked out of these websites is becoming increasingly difficult. As this hype continues, proxy servers such as "Box of Prox" are springing up like wildfire. While system admins furiously work to diminish the strain placed on their school's local networks from sites like MySpace, these proxy sites are enabling easy access to restricted areas. However, schools aren't the only places that are feeling the heat. Proxies have also been becoming a bit of a complication in the workplace. To the more advanced user, the proxy server can become a tool for malicious intent as this article, delivering an anecdote with the termination of an employee, so poignantly details."

Next it will be SSH tunneling...

[martinultima]

My school district already hates me, just because I was using a VNC connection over an SSH tunnel to work on some stuff at home (yes, this was for a school project). For whatever reason they thought I was trying to access banned sites... funny thing is, I don't even like MySpace. Or any of those sites.

Re:Proxies?

no but schools network ADmins are certianly pretty incapable of doing their job if they are not using a whitelist instead of a blacklist.

Have only a list of acceptable sites. when blocked put a link to submit for approval and teachers in the class or room can click on the link they wanted, view that it is not a backdoor to myspace or someplace inappropriate and then click "allow" which add's it to the whitelist.

simple works great and has near immediate access to sites not on the whitelist.

Too bad most schools cant afford IT staff that has the brains to do this stuff. They have to spend all that cash on the sports programs!

Filter Complainer

[Deviant+Q]

Just this last year, our school introduced an extremely-restrictive proxy that would often block legitimate research sites (as well as all the fun ones.) In addition to finding a few workarounds (ping to get IP address, use that instead; google translation; etc.), I wrote a happy little program that I distributed throughout the computer lab.

What did this program do? It ran in the background, monitoring Internet Explorer's address bar (couldn't find a nice API for Firefox, but mozilla.org was blocked anyway). When it detected that the proxy had taken over (http://www.lghs.net?blockedsite=mozilla.org&reaso n=ADULT-CONTENT), it sent a nice little email to the IT guy. It was very polite, just saying a sentence or two about how I believe site.com had been added to the filter list in error and I would request its removal. Multiply that by every blocked site ever visited, though... :-D.

(Yes, I know it's probably not moral to use school computers for this. Yes, I know he could have created an email filtering rule to send the messages to the trash. I liked it, and so did the users. *Shrug*.)

Re:Students vs. Public Schools

You had your grading, scheduling, and payroll systems on the same local network as the student lab computers? Sheesh.

I'm not the grandparent but I can respond to this. The way most K-12 systems are setup this is largely unavoidable. All computers are on one network within each school building. I know in the system I worked for most schools had one router and a class C of address space. The Internet access was provided by the state, and all sites ran through central office and through a firewall there. There was no way to provide completely seperate VLANs and routing because the state controlled the core routers and wouldn't do so. Our policy was that bookkeeping and other critical systems were kept off the network unless absolutely necessary.

Personally I wanted to use cheap Linux boxes as NAT routers/firewalls and put the entire office of each school behind one but that never came to be. It also never will, the system eliminated my position so now there is no network admin. Things will start falling part soon because I was the only person there who knew how to run most of the stuff I had implemented. (Which also greatly stabilized the network from how it was when I started. They had no network admin when I started either.)

Having the administrative systems on the same network as the computer lab and worrying about network hacking is sort of like teaching chemistry classes in the school cafeteria and worrying that students will poison the lunch.

Well yeah, but welcome to the reality of K-12 school systems. Often the network admins hands are tied by arbitary crap that's decided upstream. Even the most competent network admin can't do shit when they can't change parts of the network or the system refuses to buy the necessary equipment to implement even the simplest, cheapest solutions.

It's a pity that an insecure setup like that made it necessary to be so paranoid about your students -- whose education, after all, the computer lab exists to serve. I for one think it is cool to teach network programming to sophomores (or freshmen, for that matter). Isn't teaching the whole point?

I can tell you've never worked IT in a K-12 system, and so can anyone else who has. I've done systems and network administration for years and in places other than K-12, and K-12 is an absolute nightmare. The students are your enemies, there's no two ways around it. It's not all of them, some are simply curious, some really want to learn but quite a few simply want to do whatever the hell they want to do, when they want to do it, and don't give a damn about learning anything that they don't need to know to access their game/porn/social networking site. They'll damage software installs if they can, they'll hose profiles, they'll screw up entire labs to the point of near being unusable all so they can play a game. I've encountered every one of those situations, and it's very hard, and very time consuming to get ACLs and permissions exactly right on every single point of attack that they'll use. (Also keep in mind that in my case I had 18 sites to deal with and was the only network admin. A lot of time I simply didn't have time to get all the fine details exactly right because I had fires to put out in other schools.) They also use attacks that you'll never see anywhere else, and frankly it's amazing and scary both. If these kids would bother to direct that intensity at learning they'd probably end up being brilliant, as it is they're generally hardcore slackers who don't care if they get suspended or expelled as long as they can play their game one more time.

I don't think it's necessarily bad to teach network programming to sophomores, but you don't know the realities of K-12 network administration at all or you'd understand why the grandparent said it was a bad idea. It IS a bad idea the way most K-12 networks are forced to be designed, and until that part is fixed (and you'll have to talk to people much higher up the chain than your local system to get that fixed, like your state congresspeople) it will remain a bad idea.