Slashdot Mirror
Ask Slashdot: Dealing With University Firewalls?
An anonymous reader writes "My university only provides access to the web, via a restrictive content filter and proxy service. There is no access to the wider internet. I was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do. I've also spoken to the head of the IT department who spouted lines about 'protecting the network.' This is very frustrating, I've seen a number of students making use of 3G/4G dongles to get access to the net and this just seems crazy. The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked." What would you do to get better access?
Get over it.
Sigs. We don't need no steenking sigs.
In that case buy a ssh shell minimal hosting account for 2-3$/month.
Create a tunnel.
And browse.
If paid public VPN services are allowed, you can also subscribe to such services. Of course, your browsing will be slower.
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
The University probably has policies about Internet Access that the IT Manager is obliged to enforce. Go about it the correct way and see if you can get the policies changed instead of acting like its your right to have access to everything you want, just because YOU want it
If you want unrestricted web access then pay for your own connection. Don't bitch about IT people doing their job properly, their primary goal is not to be an ISP for you to surf the web. Most corporates and government agencies all apply these so called "draconian" restrictions on thier staff and it isn't because they are all bastards. Basically your average user can be trusted about half the distance you can kick them, they all think they know what they are doing until something goes wrong then it is IT's fault for not protecting them.
My university doesn't restrict internet access - they, however, ask you to not do anything illegal and log your activities. They give me 1GBit internet connection by cable or 450 MBit/s over WLAN (which I don't know how it is possible) so I can download stuff as quick as my slow laptop harddisk can save it.
However, if they'd restrict access, I'd probably use TOR or some proxies to get full access or I'd set up a VPN connection to my server and access the internet in that way.
If they're dumb enough to lock down internet access to the point that it becomes unusable for work purposes whilst still allowing their network to be trivially bridged by 3G dongles then you're already fighting a losing battle. Chances are that the people writing the policy don't have the slighest clue what they're doing but have read some stuff about how the internet is bad and so should be blocked; be glad they don't do things like blocking all Javascript from running, which I've seen in some companies, thus breaking just about every site they don't already block (though arguably that's as much the fault of the websites in question as the security policy).
Depending on their application security policies, if you've got a PC somewhere (friends, home, hosted box) with access to the internet proper, run an SSHd listening on a port you can get outbound on from the university network (if there even are any) and proxy all your traffic through that with a copy of Putty and something like Portable Firefox run off a USB key.
Otherwise, you could try organising students and lecturers against the stupid IT policy, but I wouldn't hold out too much hope of getting anywhere.
Bloody hell, get a life. As other people have said, but missed the point, the University's IT Dept. is there to provide a service. That service does not include catering to your stupid browsing whims. From the sounds of it, they're using a category based filter on web content. So Something Awful will probably be classed as "Adult". Your complaint in a nutshell is that you can't access your stupid cartoons. Man up and do some work. You want to private browse, get a private connection. If the Uni was actively preventing you from studying, you might have a point. Unfortunately the slash-bots on here seem to agree with you so I'm sure you'll at least get some feel-good factor from the hive mind.
In all Universities there is an "Inner Circle" formed by network admins, who are impervious to proxy filtering.
The incantation to enter that select group is:
"Hey, I'd like to help with the university network maintenance. Can I do it as a practice? I'll do it for free."
This psalm recited to the right university demon will get you access to the University's network system. With luck, in 1 or 2 months you will have the relevant network keys/info. Probably you will have the rights to whitelist the pages you want.
Then move out of there.
As a /. reader, I can only assume you're rather technical. Isn't this something you discovered before going there?
Frankly, I wouldn't go to a school that did this. And I didn't. Thankfully, my first choice doesn't do anything like this. Traffic is unmonitored, but for legal reasons you have to register your MAC address to your university credentials to get out of the VLAN. This happens automatically with authentication to the wireless network, or manually through a captive portal for Ethernet.
As required by law of all ISPs, they will use this to forward DMCA notices, which happens pretty frequently. I can't exactly fault them for that. They'll also notice if you're really hammering the network with worm traffic or something, in which case they'll kick you off until you get the system cleaned up, which I can't fault them for either.
But other than that, they're pretty much out-of-the-way. They definitely view themselves as more of an ISP than anything academically-relevant, which is good. The university structure also places them at the same level as the individual schools (liberal arts, engineering, business, etc), and each school has its own school-specific IT that runs their own email and webhosting and so on, all of which helps keep them pretty much service-oriented. They pretty much provide internet access and server space to any university department that wants it (and pays for it, in one of those interdepartmental money-shuffling schemes), and otherwise back off from content management. Individual schools are free to filter whatever they want, but only in the school-managed network. In practice, none do. Even if they did, the dorms are separated out from that.
Not to mention the university is almost as liberal as they come in terms of information freedom.
But in any case, the university is your home for the time you're there. I wouldn't live somewhere that did this, and I wouldn't go to a school that did this. Not even because of the inconvenience - think about what that suggests about how they view academic and intellectual freedom.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Unfortunately, 90% of the headache of running a network is the userbase. Even in a small secondary school it can be difficult to keep people from abusing the connection (hell, I know I abused my uni's connection when I was there, not to mention their storage, FTP, CPU time, etc.) without policies like this.
They are providing you the service for things related to your work. Those sites you mention are not related to your work. Even if they were, the abuse of people using for things NOT related to their work is a burden that the IT department will be able to statistically measure. Otherwise they wouldn't bother with the hassle from students, staff, and technical problems associated with limiting your access.
It's not a question of "experts vs students", it's a question of different priorities. Even if you escalated it to the Dean themselves with the aid of staff, you would all end up sitting in a room with the IT guys who would explain exactly how much traffic that system cuts out, how many lost hours, how fewer abuse complaints they receive, how many more PC's they'd need to cope with the extra demand because of people hogging the computers for personal use, etc. and all for something that - if a site is genuinely vital to your work - they would gladly adjust to make sure it didn't interfere with your studies.
And then either you or the Dean would end up basically agreeing that what's in place isn't actually that draconian after all, and standard practice for most places for SEVERAL, very good, measurable, verifiable reasons. And every year you'd have the students/staff make the same argument and every year since the 90's it's been less of an issue because - as you point out - if you want unfiltered Internet for personal use, you can get it for next to nothing. And hell, in any university town I've ever been in, every cafe has free Internet to draw students in.
You have paid the uni, indirectly, to support your studies. If they are not supporting your studies, you can complain. But you can't complain that they aren't other personal Internet services to all X thousand students on their campus without paying the difference it would cost.
In my experience, working in schools rather than universities, I wouldn't be surprised if traffic (and therefore costs) quadrupled the second they relax their policy, even if they DON'T announce that they've done so. And those sorts of places usually run HUGE dedicated lines that are the backbone of the Internet - X thousand students accessing junk sites is NOT more important than the chemistry lab pushing a few Gigabytes around the world to their research partner. I assure you.
You have a workaround in the form of your own Internet connection, use it. If you want the uni to provide it, they will charge you MORE for the same thing because they are NOT an end-user ISP.
Universities do not exist to restrict information. Anybody who thinks they do, is not doing their job.
I agree that it is likely and administrator, rather than the IT department, who is responsible, but don't count on it. That's just worthless guesswork. You can find out.
Whoever is responsible, don't listen to all these wimps who just tell you to cave and pay for ANOTHER internet source when you're already paying for this one. Get hold of EFF, EPIC, the ACLU, and anybody else you can, and tell them your academic freedom is being repressed. Because it is true. But get some help. There are organizations out there who can not only help you find who is responsible, but put pressure on them to change the status quo.
Don't cave and just buy an expensive cell phone data connection (especially with prices going up). Fight the BS. Because that's what it is: BS.
As a member of an IT systems admin team for a faculty we've often got specific mandates which services we must restrict, and to what end. What you may also be up against, other than 'unprivileged' access - is politics. Students do Naughty Stuff (tm) - that's just a fact that keeps on proving itself true time and time again. Even if you can speak for you, your friends, or your entire course - I can bet dollars to donuts that there's someone out there trying to do something shifty. Case in point: I was seriously asked to relax the restrictions on banning Steam so a student could "download 10 or 15 gig so i didn't have to do it over dial-up". On-campus living - sure, i can see where restrictions like that may diminish any sort of sanity saving software platform ( Valve fan \o/ ), but I'm not going to open up a faculty network just so you can play games. It's an education facility, not your personal high speed connection to the 'net. If you were a postgraduate student researching something that required access - then by all means get your supervisor to approve your request and I'll be more than happy to make it happen.
That being said - outline a clear case of why you need certain things re-classified and you may have a better case to work with. I am not suggesting that this tactic will work - as there's probably more to the story ( see - plug and play filter lists/software/appliances which remove the need to dedicate an entire FTE to putting classifications on traffic going out ) than you really know, but it will certainly stop you from seeming like a whinging student and more like an intellectual who is using sound reasoning. Hell - if you are able to find clear, repeated examples of wrongful clasification of websites, you may be able to enact a reconsideration of what's being used to deny you access or relax the level in which things are blocked.
Of course, they might not care. Who knows?
--- perl -e 'printf("%s\n", pack "H*", "7369670a676f6c677940676f6c67792e6e65740a2f736967")'
I've been the internet cop is several organizations during my employment history and have seen administrators (not IT people) declare everything from "ALL shall be free!" to "Don't let them do anything more than their job" as a standard to use for filtering. Most likely what is happening is that someone, not in IT, has the list of "categories" from the filter service provider, be it Dan's Guardian or a big company like Websense, and have picked the usual suspects of Adult, Security, Malware, and Offensive, along with Hate Speech, Violence, and IT related" and flipped the filter on. The University Administration will ask you one question and one question only, "What part of your EDUCATION" is being effected by this? AND remember these people have fairly well tuned BS detectors. This isn't your parents' basement, they have the right to do what they will to reduce costs (your tuition) by protecting their network and reducing bandwidth use. If you don't like the on campus connection then move off campus and PAY for your own net connection where you can surf to your heart's content and waste your parents' money on reading hackaday instead of getting the Business Degree your parents are paying for by working overtime. And if you want REALLY draconian, they know eveery website you attempt to go to, whether it's blocked or not, and with the newest tech, they are doing a man in the middle on all SSL traffic so they know what you are doing there as well.
~corporate tool, but employed~
Or, possibly, treat the students like students. You know, intelligent inquisitive drunks that want to explore new things, test boundaries, flirt with the law and read somethingawful.com
I really struggle to see why any university student network should be censored. Sure, firewall and lock down the staff network, where student data is held. Provide strong security on shared servers. But locking down all 'net access to filtered HTTP? That's a surefire way to damage innovation and discourage learning.
I went to a university that had no firewalls - you could telnet to the main servers from external servers, and we used that capability to build and maintain internet services. Many people at my uni went on to build companies in the dotcom boom, take on programming jobs, otherwise put their acquired skills and knowledge to use. I would heavily discourage anybody from attending a university that didn't want the same for its students.