Slashdot Mirror
Ask Slashdot: Dealing With University Firewalls?
An anonymous reader writes "My university only provides access to the web, via a restrictive content filter and proxy service. There is no access to the wider internet. I was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do. I've also spoken to the head of the IT department who spouted lines about 'protecting the network.' This is very frustrating, I've seen a number of students making use of 3G/4G dongles to get access to the net and this just seems crazy. The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked." What would you do to get better access?
Get over it.
Sigs. We don't need no steenking sigs.
In that case buy a ssh shell minimal hosting account for 2-3$/month.
Create a tunnel.
And browse.
If paid public VPN services are allowed, you can also subscribe to such services. Of course, your browsing will be slower.
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
Become friends with a member of the IT department. Alcohol can go a long way in beginning an IT related friendship.
My university doesn't restrict internet access - they, however, ask you to not do anything illegal and log your activities. They give me 1GBit internet connection by cable or 450 MBit/s over WLAN (which I don't know how it is possible) so I can download stuff as quick as my slow laptop harddisk can save it.
However, if they'd restrict access, I'd probably use TOR or some proxies to get full access or I'd set up a VPN connection to my server and access the internet in that way.
If they're dumb enough to lock down internet access to the point that it becomes unusable for work purposes whilst still allowing their network to be trivially bridged by 3G dongles then you're already fighting a losing battle. Chances are that the people writing the policy don't have the slighest clue what they're doing but have read some stuff about how the internet is bad and so should be blocked; be glad they don't do things like blocking all Javascript from running, which I've seen in some companies, thus breaking just about every site they don't already block (though arguably that's as much the fault of the websites in question as the security policy).
Depending on their application security policies, if you've got a PC somewhere (friends, home, hosted box) with access to the internet proper, run an SSHd listening on a port you can get outbound on from the university network (if there even are any) and proxy all your traffic through that with a copy of Putty and something like Portable Firefox run off a USB key.
Otherwise, you could try organising students and lecturers against the stupid IT policy, but I wouldn't hold out too much hope of getting anywhere.
Why not just setup a VPN real fast with someones DD-WRT router. I did this at a job that had a really obnoxious content filtering thing that actually prevented me from doing my job. I just vpn'd to home, but you probably have at least one friend in town that has something good enough for you to work with. Even a shitty VPN will do, since your not trying to protect anything so much as evade things.
"Computers will never truly be free until the last windows user is strangled with the entrails of the last mac user."
You imagine he's going to school for free, do you? I work in university IT and understand the pros and cons and plusses and minuses, and while we don't do this, we do some of our own foolish things. However, I don't think for a second that the students aren't already paying for this connection.
In all Universities there is an "Inner Circle" formed by network admins, who are impervious to proxy filtering.
The incantation to enter that select group is:
"Hey, I'd like to help with the university network maintenance. Can I do it as a practice? I'll do it for free."
This psalm recited to the right university demon will get you access to the University's network system. With luck, in 1 or 2 months you will have the relevant network keys/info. Probably you will have the rights to whitelist the pages you want.
Then move out of there.
Back when I was at university, I bought a cable for my phone and got myself some sweet, sweet 9k6 access over GSM. It was faster and more reliable than the connection in the uni's computer labs ever was, not to mention no BS filtering. Paying by the minute made me focus on getting the job done and hanging up, too...
As far as filtering goes, the conventional way around that was to log in as someone else. After all, their username was their matriculation number and the default password was their date of birth... If you couldn't read a classmate's ID and social-engineer his birthday out of him, no matter - the uni helpfully had an easily-accessible printout of the entire student body's personal information (in fact, you had to sign to get your grant, so they left it on the public side of the window), and those last few pages were awfully loose...
Because Slashdot is a joke now. It used to be a place where IT people hung out.
Put identity in the browser.
I'd say the university isn't fulfilling its role, and you should definitely rally to change things. The purpose of the university network (besides supporting research communications) is to allow you to learn.
During my undergrad the university I attended provided full firewall-free internet with a *public* IP from their block for everyone who plugged in (and no-questions asked CNAMEs). The wireless was of course NAT'd but I had no problems.
This all worked because of the genius way they solved problems was genius. If IT detected any funny business, a tech would physically show up at your lab/office and ask you what was going on and make you fix the problem right then and there.
I am also in university IT. The students are NOT paying for a free unlimited Internet connection. They are paying for their degree, and can expect Internet access relevant to their degree, nothing more. Since a large amount of University funding comes from tax payers, why should they/we foot the bill for students to waste terabytes of data on Youtube and torrents?
As a /. reader, I can only assume you're rather technical. Isn't this something you discovered before going there?
Frankly, I wouldn't go to a school that did this. And I didn't. Thankfully, my first choice doesn't do anything like this. Traffic is unmonitored, but for legal reasons you have to register your MAC address to your university credentials to get out of the VLAN. This happens automatically with authentication to the wireless network, or manually through a captive portal for Ethernet.
As required by law of all ISPs, they will use this to forward DMCA notices, which happens pretty frequently. I can't exactly fault them for that. They'll also notice if you're really hammering the network with worm traffic or something, in which case they'll kick you off until you get the system cleaned up, which I can't fault them for either.
But other than that, they're pretty much out-of-the-way. They definitely view themselves as more of an ISP than anything academically-relevant, which is good. The university structure also places them at the same level as the individual schools (liberal arts, engineering, business, etc), and each school has its own school-specific IT that runs their own email and webhosting and so on, all of which helps keep them pretty much service-oriented. They pretty much provide internet access and server space to any university department that wants it (and pays for it, in one of those interdepartmental money-shuffling schemes), and otherwise back off from content management. Individual schools are free to filter whatever they want, but only in the school-managed network. In practice, none do. Even if they did, the dorms are separated out from that.
Not to mention the university is almost as liberal as they come in terms of information freedom.
But in any case, the university is your home for the time you're there. I wouldn't live somewhere that did this, and I wouldn't go to a school that did this. Not even because of the inconvenience - think about what that suggests about how they view academic and intellectual freedom.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
No it isn't, OpenVPN is a protocol in its own right, the security comes from SSL. Usually it runs on UDP/1194, though you could run it on TCP/443.
It wouldn't be over HTTPS, but even so it may well be able to get through the firewall this way - assuming the firewall isn't doing some clever DPI work to fingerprint traffic type. (Possible, but IME rare).
I think you may have got the HTTP/S idea from the full version of OpenVPN that also installs a web-based GUI. But when users log in, the first thing they're prompted to do is download a pre-configured client.
Unfortunately, 90% of the headache of running a network is the userbase. Even in a small secondary school it can be difficult to keep people from abusing the connection (hell, I know I abused my uni's connection when I was there, not to mention their storage, FTP, CPU time, etc.) without policies like this.
They are providing you the service for things related to your work. Those sites you mention are not related to your work. Even if they were, the abuse of people using for things NOT related to their work is a burden that the IT department will be able to statistically measure. Otherwise they wouldn't bother with the hassle from students, staff, and technical problems associated with limiting your access.
It's not a question of "experts vs students", it's a question of different priorities. Even if you escalated it to the Dean themselves with the aid of staff, you would all end up sitting in a room with the IT guys who would explain exactly how much traffic that system cuts out, how many lost hours, how fewer abuse complaints they receive, how many more PC's they'd need to cope with the extra demand because of people hogging the computers for personal use, etc. and all for something that - if a site is genuinely vital to your work - they would gladly adjust to make sure it didn't interfere with your studies.
And then either you or the Dean would end up basically agreeing that what's in place isn't actually that draconian after all, and standard practice for most places for SEVERAL, very good, measurable, verifiable reasons. And every year you'd have the students/staff make the same argument and every year since the 90's it's been less of an issue because - as you point out - if you want unfiltered Internet for personal use, you can get it for next to nothing. And hell, in any university town I've ever been in, every cafe has free Internet to draw students in.
You have paid the uni, indirectly, to support your studies. If they are not supporting your studies, you can complain. But you can't complain that they aren't other personal Internet services to all X thousand students on their campus without paying the difference it would cost.
In my experience, working in schools rather than universities, I wouldn't be surprised if traffic (and therefore costs) quadrupled the second they relax their policy, even if they DON'T announce that they've done so. And those sorts of places usually run HUGE dedicated lines that are the backbone of the Internet - X thousand students accessing junk sites is NOT more important than the chemistry lab pushing a few Gigabytes around the world to their research partner. I assure you.
You have a workaround in the form of your own Internet connection, use it. If you want the uni to provide it, they will charge you MORE for the same thing because they are NOT an end-user ISP.
Universities do not exist to restrict information. Anybody who thinks they do, is not doing their job.
I agree that it is likely and administrator, rather than the IT department, who is responsible, but don't count on it. That's just worthless guesswork. You can find out.
Whoever is responsible, don't listen to all these wimps who just tell you to cave and pay for ANOTHER internet source when you're already paying for this one. Get hold of EFF, EPIC, the ACLU, and anybody else you can, and tell them your academic freedom is being repressed. Because it is true. But get some help. There are organizations out there who can not only help you find who is responsible, but put pressure on them to change the status quo.
Don't cave and just buy an expensive cell phone data connection (especially with prices going up). Fight the BS. Because that's what it is: BS.
The following serve as an overview. You would like to do your further research.
(1) SSH client (inside) ---SSH Tunnel--> SSH server (outside, with webproxy)
This may be the simplest setup, and the client could be linux or putty on Windows; and the server could be linux or CYGWIN on Windows
(2) OpenVPN client (inside) ---OpenVPN handshake--> OpenVPN server (outside, with internet routing)
You need to setup an OpenVPN server outside. For example, I reflash a CISCO router with OpenWRT at home so that I can connect from anywhere with OpenVPN client and use home's internet. This method could drill through most firewall/proxy, because it can be configured on any port, and any protocol (TCP or UDP).
Above methods requires setting up Internet connection outside. You might want to circumvene University's security policies directly, say by malform URL request. However, I do not recommend you to do so, as it would be considered a direct attack on their firewall.
Because youtube and torrents are part of using the internet.
What part of education do you not understand?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
If you can go to your course lecturers and justify why you need access to Hackaday to complete your course, I am sure your lecturers have a process to unblock the sites.
In the meantime there are 1000s of other students trying to use campus PCs without needing to find them screwed over by the previous user. What you *might* be able to persuade the University to do is to provide an unrestricted wi-fi point on campus for personal use.
University isn't normally free.
Also they Uni is wasting additional money on licenses for software and products to block everything, when it would be cheaper for them to provide a wide open internet to paying students.
“Common sense is not so common.” — Voltaire
"draconian" restrictions are there because someone in IT/management is lazy or has twisted viewes about what moral powers they should have over students. In other words because they are bastards.
If you're staying in university accommodation, and they're in a monopoly position as your internet provider, then they have an obligation (moral and possibly legal) to provide an equivalent service to what you'd get from a commercial ISP in private housing.
I am trolling
Censorship has never worked whatever the energy wasted in it. There is a lot of pedagogical material on youtube.
You are wasting your time and the time of the students for a motivation that smells a bit like Nazism.
The single excuse I give you is that it teaches student how to bypass censorship.
As a member of an IT systems admin team for a faculty we've often got specific mandates which services we must restrict, and to what end. What you may also be up against, other than 'unprivileged' access - is politics. Students do Naughty Stuff (tm) - that's just a fact that keeps on proving itself true time and time again. Even if you can speak for you, your friends, or your entire course - I can bet dollars to donuts that there's someone out there trying to do something shifty. Case in point: I was seriously asked to relax the restrictions on banning Steam so a student could "download 10 or 15 gig so i didn't have to do it over dial-up". On-campus living - sure, i can see where restrictions like that may diminish any sort of sanity saving software platform ( Valve fan \o/ ), but I'm not going to open up a faculty network just so you can play games. It's an education facility, not your personal high speed connection to the 'net. If you were a postgraduate student researching something that required access - then by all means get your supervisor to approve your request and I'll be more than happy to make it happen.
That being said - outline a clear case of why you need certain things re-classified and you may have a better case to work with. I am not suggesting that this tactic will work - as there's probably more to the story ( see - plug and play filter lists/software/appliances which remove the need to dedicate an entire FTE to putting classifications on traffic going out ) than you really know, but it will certainly stop you from seeming like a whinging student and more like an intellectual who is using sound reasoning. Hell - if you are able to find clear, repeated examples of wrongful clasification of websites, you may be able to enact a reconsideration of what's being used to deny you access or relax the level in which things are blocked.
Of course, they might not care. Who knows?
--- perl -e 'printf("%s\n", pack "H*", "7369670a676f6c677940676f6c67792e6e65740a2f736967")'
Rutgers University bans ssh public keys. Ergo, all the students employ expect scripts that contain their passwords. These expect scripts aren't from students writing em' themselves, but just copied from friends. In particular, there are students who barley know what ls and rm do, but certainly won't know to change their password if their laptop gets stolen. And students commonly hack one another's accounts by copying said script.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Yes. But there also is research on porn.
It is a long time that I have been to university, but I have similar trouble with customers. Our Engineers waste a lot of time trying to get software we developed for a customer to the customers engineers because any of the following occur frequently:
* dropbox is blocked .exe and .dll are not allowed in e-mail
*
* our hoster is in a class A net blacklisted by customers spam-filter
* we chose a file name that matches some regular expression deemed dangerous by their IT staff
* sftp is blocked
and so on, and so on
This is fine, if there is a clear procedure handling these exceptions. (e.g. if a researcher writing a paper on porn site can walk up to the IT appartment and get a list of sites opened for his computer within in minutes.) But ultimately these restrictions serve no real purpose and just waste a lot of money in the form of time lost by both IT, administrative and research staff.
Also, I wonder if research really works, if researches have to convince a censoring body that there request to access a site is legitimate before they can proceed with their research. (Yes sir, gamesexpert.com is not a sex site!)
And how much does it cost to setup and maintain those filters vs. give unlimited access?
It's on America's tortured brow, That Mickey Mouse has grown up a cow
Because, funnily enough, important education content like Stanford's machine learning lectures are available exactly via Youtube and torrents: http://see.stanford.edu/see/lecturelist.aspx?coll=348ca38a-3a6d-4052-937d-cb017338d7b1
Dilbert RSS feed
http://en.wikipedia.org/wiki/Godwin's_law
If so ...
This is the basic test to see if you are worth letting back for the second semester. /. I suggest your consider a different career path.
As you have posted this question on
As you obviously want other technical people to get you out of trouble and solve all of your problems for you, I suggest you look at Sales and or Marketing.
Something tells me you have a natural aptitude for either of these.
I've read the comments from stories from 2002. I don't see how are they much better. Are you sure you haven't forgot to take off the rose-colored glasses?
Dilbert RSS feed
Would you advocate or approve of similar restrictions on the university library?
What's the difference?
Most (all?) universities have a union to represent the needs of the students. Get them to raise the issue and it's likely to be a lot more effective than one man's personal protest.
If it is a private university, then yes, they can do whatever they like, no matter how stupid it is. If they are a public university, then no it isn't "their bandwidth" it is "the public's bandwidth" and they have certain responsibilities.
So that's the first question to answer: Public or private? If it is private, well then suck it up. Private schools can, and often are, stupid with some of their rules. My recommendation is don't go to them, go to a public university.
If it is public then the thing to find out is where this is coming from. If it is from on high, the board of regents, there may be little you can do, though you can investigate state law, maybe talk to FIRE. However if it is coming from an overzealous IT department, then maybe it is time for them to get smacked around and learn that they are there to provide a service, not to act like despots.
In that case maybe talk to the faculty senate. The faculty and administration can ultimately tell the IT department to sit down and shut up, they perhaps just need to be made aware of that fact. Get information from other universities, see how they do it. You'll have no trouble finding places that provide essentially unrestricted Internet access (the university I work at does). Present the faculty with ammunition that it can and should be done a different way and they may choose to affect a change.
As something of an example of the second scenario in the private sector, my dad worked as a VP for a company;s American branch for many years. They decided to bring him over to the British branch for a bit to clean shit up. So he is over there, meets the guy who is the director in everything but title of that place (that was forthcoming). Guy says "Hi, welcome, I've got to go to this meeting, here's my office make yourself comfortable, I'll be back in an hour." My dad decides he'll check his e-mail and such things on the guys computer. No luck, can't get on the Internet.
He has someone call IT for him. IT comes down and says "Oh ya he doesn't have Internet access, he doesn't need it." Umm what? The guy in charge doesn't have Internet access? And who the fuck decided he didn't need it? There was no company policy to this effect. Dad snarls at them, 5 minutes later computer has Internet access. The IT department there was very tyrannical. They made rules all of their own and it just never really occurred anyone to yank on their chain.
Remember, and I say this as someone who works in IT: IT is a service industry. You are there to help people get their jobs done. That means not putting up artificial blocks to shit. That doesn't mean no blocks at all, you have to do things for security, compliance, and so on. However it does mean not being asshats and doing things like offering nothing but extremely locked down web access.
Also any time you say no to something, you need to have an alternative. So you say "No, you can't have an FTP server. The passwords are clear text and that is insecure. However we will happily help you setup an SFTP (SSH) server instead which is fully secure."
At any rate step one is to find out from where this policy comes, then you can see if anything can be done about it.
HARDEN THE FUCK UP!
And how much does it cost to setup and maintain those filters vs. give unlimited access?
If you begin factoring in:
Then you find that "unlimited access" is everything but free.
What the university needs is a process / form so the student can argue why he needs to access the page for his work (for example, in the same "blocked content page") so he has a way to get through if there are legitimate reasons (not everybody has the same needs, and also the filtering has just plain errors). Apart from that, it is all up IT department decission.
Why can't
Get friends to start buying old linksys routers and create your own rouge wireless internet campus wide. Get people to donate to pay for hardware and a few cable modems at the perimiter so your mesh network can have multiple internet gateways to balance the load.
Old routers and openWRT will do this, then start putting them up.
you are in college, it's time to be subversive and community building. a non uni owned student run wireless internet setup is the best way to do this.
Do not look at laser with remaining good eye.
When I was at University the way to get things changed was to get a group of people who were interested enough, and then go and occupy something inconvenient to the administration to get the message heard.
Korma: Good
I've been the internet cop is several organizations during my employment history and have seen administrators (not IT people) declare everything from "ALL shall be free!" to "Don't let them do anything more than their job" as a standard to use for filtering. Most likely what is happening is that someone, not in IT, has the list of "categories" from the filter service provider, be it Dan's Guardian or a big company like Websense, and have picked the usual suspects of Adult, Security, Malware, and Offensive, along with Hate Speech, Violence, and IT related" and flipped the filter on. The University Administration will ask you one question and one question only, "What part of your EDUCATION" is being effected by this? AND remember these people have fairly well tuned BS detectors. This isn't your parents' basement, they have the right to do what they will to reduce costs (your tuition) by protecting their network and reducing bandwidth use. If you don't like the on campus connection then move off campus and PAY for your own net connection where you can surf to your heart's content and waste your parents' money on reading hackaday instead of getting the Business Degree your parents are paying for by working overtime. And if you want REALLY draconian, they know eveery website you attempt to go to, whether it's blocked or not, and with the newest tech, they are doing a man in the middle on all SSL traffic so they know what you are doing there as well.
~corporate tool, but employed~
Why does it seem bizarre? I actually find you attitude strange. I left uni a long time ago but if I had access to alternate lectures of the same material from other universities I would have been all over that shit.
Ass|u|me
You assume that this is a public university, and by and large, I think that's irrelevant. Students are paying for an education, not a degree. I'll open a corner market selling degrees if you'll come in and buy one. To say what you wrote is to say, students are "paying for their degree, not access to a comprehensive library. They will only see books directly relevant to their degree, nothing more." So, I'm sure you, in your infinite wisdom, can effectively make a comprehensive, always up-to-date list of approved books, periodicals, etc?
This sounds like a possibly religious-based school. Those of that only schools I've run into who have filtered internet. Some public schools might limit outbound services, but I haven't seen much content filtering. Most school networks I've used have had separate dorm/student and university/faculty/staff networks. With computer labs being on the university network.
I am also in university IT. The students are NOT paying for a free unlimited Internet connection. They are paying for their degree, and can expect Internet access relevant to their degree, nothing more. Since a large amount of University funding comes from tax payers, why should they/we foot the bill for students to waste terabytes of data on Youtube and torrents?
Umm, not sure what state or country you are in but most universities I know get no more than about 33% of their money from the state (most of that is used for salaries). The rest comes from tuition ( more than 50%) and donations/gifts to the university. So, OP not only could be paying for his/her connection, they are most likely supporting the entire university connection to the Internet. The university has a right to protect its systems and data, but not the right to restrict what people do with their own on their own time. There are very easy ways to cordon off dorm and other student networks (campus wireless) from the rest of campus while allowing general access to university systems and the Internet. Draconian access policies do not make better students nor more secure systems. In fact the exact opposite is almost assured in this case as students will be working from inside your network to breach whatever they can for the access they want. You will have more problems to deal with not less. I know, I have seen it happen. Unless the IT department is running on the bad metric of more tickets is good, you're creating more problems than you solve.
That's all fun and games to think that way. Until other people who are paying for that access bitch. Before we filtered content, we would get almost daily complaints from students about people watching porn in the library, or at a kiosk, or the guy who sat in our public area running a business (not a student, but he did pay for a gym membership so he is a paying customer....).
We would never have enough information to find and catch these people, so we would have to run around with our little "acceptable use policy" trying to find them and get them to sign it. Then hope that if they did it again, we would get enough notice to find them again and get them to sign it... again(you know the administration isn't going to expel a student over it...).
Then one day a big shot had his kid with him and she saw a student watching some really bad porn. Now we have content filters. (At least that's the story I'm told when I was told to implement the filters). The best part was that big shot thought we always had the filters. They were really mad that IT didn't take it on ourselves to filter content.
Universities exist to educate students, and I would say that the idea of a university censoring anything, including what websites its students can access, is antithetical to that -- and it should be unthinkable. If malware is a concern, just disconnect infected systems from the network and refuse to assign them IP addresses until the issue is resolved.
Palm trees and 8
In two ways:
1) JFGI is the go to strategy for most things IT related. It is one of the first things I teach our students. Have a problem you don't know the solution to? See if someone else already solved it. Don't waste time reinventing the wheel, the solution may be out there. Even if not, someone may have done something related that will set you down the right path.
2) Youtube is where we are now posting instructional videos. When there's something that students need to see over and over that doesn't change, like an introduction to lab equipment, I shoot video of it, edit it, and upload it to Youtube. Students can then watch it at the leisure, at home or on campus, rewatch it when needed, and other universities can make use of it, should they find the content useful. It is a valuable tool for reducing the time faculty spends on things as well as enhancing the education students receive.
The Internet isn't just for LOLcats anymore. It is used for real work and education.
Also, when you are talking the dorms, I feel (and we've been told here this is legally the case) that the university has an obligation to provide unfiltered access. It is your home, you do what you like. If they are unwilling or unable to do that, they ten need to open it up to competition: Let the phone and cable companies sell DSL and Cable Modem service. You can't go and declare yourself a monopoly and then also offer restricted service.
Probably the part where you attribute education as equivalent to allowing you to watch youtube and obtain torrents, rather than equating it with learning how to think and solve problems.
For this week's homework assignment, you need to deliver a 5,000 word essay on the effects of social media on the Arab Spring.
And I'm sorry, but some fucking moron in the IT department has youtube, twitter, and facebook blocked because he doesn't consider them "educationally relevant" or worthy of study in a College environment, so despite having paid the required Internet & Computer Lab access fees you'll have to go off campus to do your research.
And yet, you would be surprised at the number of professors who use YouTube videos in class because they're better than the VHS tapes and film strips they used to use, or just better quality of the same videos...
Besides, why should the tutors care? - If people waste the lessons updating Facebook instead of getting smart, they'll simply fail and thus have wasted their tuition. I hope Facebook was worth it, but the tutors shouldn't care less if the students are that stupid.
Because most teachers go into teaching to get students to learn? Because a lot of institutions tie student performance into their evaluations? Because students that aren't paying attention are more likely to distract their neighbors? etc etc...
Because teachers with no classroom management skills can't handle potential distractions? Because intro classes are too big for anyone to manage? Because a lot of institutions incorrectly apply industrial metrics to human dynamics?
There are other concerns about unfettered Internet access in the classroom that go beyond the ideals you mention. My wife has had unfettered internet access in her classrooms for seven years now, in three different schools, and has had very few problems and none recurring. Granted, she's at the middle-school / high-school level instead of university, but plenty of her students have had laptops and smartphones in class. The keys are 1) having small enough class sizes that you can manage them effectively, and 2) having the classroom management skills to get in front of any potential issues and making sure the kids are paying attention to you instead of Lady Gaga. She's found that classes upwards of about 28 students really start to spiral downwards.
As such, the many intro uni courses with 100+ students can't possibly work, unless the students themselves are invested in their own learning. That said, cutting off internet access is no guarantee that otherwise distracted students will suddenly find themselves raptly attending the teacher's words.
"What in the name of Fats Waller is that?"
"A four-foot prune."
Or, possibly, treat the students like students. You know, intelligent inquisitive drunks that want to explore new things, test boundaries, flirt with the law and read somethingawful.com
I really struggle to see why any university student network should be censored. Sure, firewall and lock down the staff network, where student data is held. Provide strong security on shared servers. But locking down all 'net access to filtered HTTP? That's a surefire way to damage innovation and discourage learning.
I went to a university that had no firewalls - you could telnet to the main servers from external servers, and we used that capability to build and maintain internet services. Many people at my uni went on to build companies in the dotcom boom, take on programming jobs, otherwise put their acquired skills and knowledge to use. I would heavily discourage anybody from attending a university that didn't want the same for its students.
If they have a laptop, there are games, etc.. The internet is likely no more or less a distraction in this case.