Slashdot Mirror
Ask Slashdot: Dealing With University Firewalls?
An anonymous reader writes "My university only provides access to the web, via a restrictive content filter and proxy service. There is no access to the wider internet. I was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do. I've also spoken to the head of the IT department who spouted lines about 'protecting the network.' This is very frustrating, I've seen a number of students making use of 3G/4G dongles to get access to the net and this just seems crazy. The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked." What would you do to get better access?
In that case buy a ssh shell minimal hosting account for 2-3$/month.
Create a tunnel.
And browse.
If paid public VPN services are allowed, you can also subscribe to such services. Of course, your browsing will be slower.
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
Become friends with a member of the IT department. Alcohol can go a long way in beginning an IT related friendship.
If the university's IT department isn't providing the services that students and faculty need, then the issue should probably be raised above the IT department. The purpose of an IT department is to provide a service to the organization, not to make the organization bend over to the IT dept.
Why not just setup a VPN real fast with someones DD-WRT router. I did this at a job that had a really obnoxious content filtering thing that actually prevented me from doing my job. I just vpn'd to home, but you probably have at least one friend in town that has something good enough for you to work with. Even a shitty VPN will do, since your not trying to protect anything so much as evade things.
"Computers will never truly be free until the last windows user is strangled with the entrails of the last mac user."
I have been in the position of having to block internet to a college in a previous job. There were constant battles between the marketing and academic departments about blocking and unblocking social media sites. In the end the marketing department won and they were unblocked. The tutors didn't like it because they relied so much on computers for their lessons rather than using good old fashioned methods like lecturing and demonstrating.
In all Universities there is an "Inner Circle" formed by network admins, who are impervious to proxy filtering.
The incantation to enter that select group is:
"Hey, I'd like to help with the university network maintenance. Can I do it as a practice? I'll do it for free."
This psalm recited to the right university demon will get you access to the University's network system. With luck, in 1 or 2 months you will have the relevant network keys/info. Probably you will have the rights to whitelist the pages you want.
Then move out of there.
Unless the author has a full ride scholarship including room and board... I'd say there is at least a partially legitimate claim to some rights here.
Anyway, yeah, campus networks can be like that. It's bull. It's also, in my experience, rarely something the IT people are terribly fond of; most of them are at least passingly familiar with how the internet works, and ultimately it requires far more work to maintain a ridiculously locked-down network than one with minimal restrictions. Usually, that comes from higher up in the organization, from some old administrator or trustee or something... IT takes order in academia just like they do in business.
The best bet for getting a change on this is actually o complain to higher administration, and perhaps as well to school and/or local publications. Putting things in writing usually works well. Bring up issues of censorship and academic freedom, and be sure to mention how this new-fangled internet thing is a really important part of the future. Keep in mind that the details of what is or is not filtered is, largely, irrelevant... it's easy to lose a non-techie audience by getting into the weeds. The point here is to engage them on the emotional level: these decisions are not made because there are clear-cut rational arguments for them, they are made because somebody doesn't like ______ which they believe to be on the internet. Again, getting too logical or specific will just make eyes glaze over, so keep it rhetorical and abstract.
Try not to take me more seriously than I take myself.
I'd say the university isn't fulfilling its role, and you should definitely rally to change things. The purpose of the university network (besides supporting research communications) is to allow you to learn.
During my undergrad the university I attended provided full firewall-free internet with a *public* IP from their block for everyone who plugged in (and no-questions asked CNAMEs). The wireless was of course NAT'd but I had no problems.
This all worked because of the genius way they solved problems was genius. If IT detected any funny business, a tech would physically show up at your lab/office and ask you what was going on and make you fix the problem right then and there.
As a /. reader, I can only assume you're rather technical. Isn't this something you discovered before going there?
Frankly, I wouldn't go to a school that did this. And I didn't. Thankfully, my first choice doesn't do anything like this. Traffic is unmonitored, but for legal reasons you have to register your MAC address to your university credentials to get out of the VLAN. This happens automatically with authentication to the wireless network, or manually through a captive portal for Ethernet.
As required by law of all ISPs, they will use this to forward DMCA notices, which happens pretty frequently. I can't exactly fault them for that. They'll also notice if you're really hammering the network with worm traffic or something, in which case they'll kick you off until you get the system cleaned up, which I can't fault them for either.
But other than that, they're pretty much out-of-the-way. They definitely view themselves as more of an ISP than anything academically-relevant, which is good. The university structure also places them at the same level as the individual schools (liberal arts, engineering, business, etc), and each school has its own school-specific IT that runs their own email and webhosting and so on, all of which helps keep them pretty much service-oriented. They pretty much provide internet access and server space to any university department that wants it (and pays for it, in one of those interdepartmental money-shuffling schemes), and otherwise back off from content management. Individual schools are free to filter whatever they want, but only in the school-managed network. In practice, none do. Even if they did, the dorms are separated out from that.
Not to mention the university is almost as liberal as they come in terms of information freedom.
But in any case, the university is your home for the time you're there. I wouldn't live somewhere that did this, and I wouldn't go to a school that did this. Not even because of the inconvenience - think about what that suggests about how they view academic and intellectual freedom.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Unfortunately, 90% of the headache of running a network is the userbase. Even in a small secondary school it can be difficult to keep people from abusing the connection (hell, I know I abused my uni's connection when I was there, not to mention their storage, FTP, CPU time, etc.) without policies like this.
They are providing you the service for things related to your work. Those sites you mention are not related to your work. Even if they were, the abuse of people using for things NOT related to their work is a burden that the IT department will be able to statistically measure. Otherwise they wouldn't bother with the hassle from students, staff, and technical problems associated with limiting your access.
It's not a question of "experts vs students", it's a question of different priorities. Even if you escalated it to the Dean themselves with the aid of staff, you would all end up sitting in a room with the IT guys who would explain exactly how much traffic that system cuts out, how many lost hours, how fewer abuse complaints they receive, how many more PC's they'd need to cope with the extra demand because of people hogging the computers for personal use, etc. and all for something that - if a site is genuinely vital to your work - they would gladly adjust to make sure it didn't interfere with your studies.
And then either you or the Dean would end up basically agreeing that what's in place isn't actually that draconian after all, and standard practice for most places for SEVERAL, very good, measurable, verifiable reasons. And every year you'd have the students/staff make the same argument and every year since the 90's it's been less of an issue because - as you point out - if you want unfiltered Internet for personal use, you can get it for next to nothing. And hell, in any university town I've ever been in, every cafe has free Internet to draw students in.
You have paid the uni, indirectly, to support your studies. If they are not supporting your studies, you can complain. But you can't complain that they aren't other personal Internet services to all X thousand students on their campus without paying the difference it would cost.
In my experience, working in schools rather than universities, I wouldn't be surprised if traffic (and therefore costs) quadrupled the second they relax their policy, even if they DON'T announce that they've done so. And those sorts of places usually run HUGE dedicated lines that are the backbone of the Internet - X thousand students accessing junk sites is NOT more important than the chemistry lab pushing a few Gigabytes around the world to their research partner. I assure you.
You have a workaround in the form of your own Internet connection, use it. If you want the uni to provide it, they will charge you MORE for the same thing because they are NOT an end-user ISP.
Universities do not exist to restrict information. Anybody who thinks they do, is not doing their job.
I agree that it is likely and administrator, rather than the IT department, who is responsible, but don't count on it. That's just worthless guesswork. You can find out.
Whoever is responsible, don't listen to all these wimps who just tell you to cave and pay for ANOTHER internet source when you're already paying for this one. Get hold of EFF, EPIC, the ACLU, and anybody else you can, and tell them your academic freedom is being repressed. Because it is true. But get some help. There are organizations out there who can not only help you find who is responsible, but put pressure on them to change the status quo.
Don't cave and just buy an expensive cell phone data connection (especially with prices going up). Fight the BS. Because that's what it is: BS.
Because youtube and torrents are part of using the internet.
What part of education do you not understand?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
"draconian" restrictions are there because someone in IT/management is lazy or has twisted viewes about what moral powers they should have over students. In other words because they are bastards.
As a member of an IT systems admin team for a faculty we've often got specific mandates which services we must restrict, and to what end. What you may also be up against, other than 'unprivileged' access - is politics. Students do Naughty Stuff (tm) - that's just a fact that keeps on proving itself true time and time again. Even if you can speak for you, your friends, or your entire course - I can bet dollars to donuts that there's someone out there trying to do something shifty. Case in point: I was seriously asked to relax the restrictions on banning Steam so a student could "download 10 or 15 gig so i didn't have to do it over dial-up". On-campus living - sure, i can see where restrictions like that may diminish any sort of sanity saving software platform ( Valve fan \o/ ), but I'm not going to open up a faculty network just so you can play games. It's an education facility, not your personal high speed connection to the 'net. If you were a postgraduate student researching something that required access - then by all means get your supervisor to approve your request and I'll be more than happy to make it happen.
That being said - outline a clear case of why you need certain things re-classified and you may have a better case to work with. I am not suggesting that this tactic will work - as there's probably more to the story ( see - plug and play filter lists/software/appliances which remove the need to dedicate an entire FTE to putting classifications on traffic going out ) than you really know, but it will certainly stop you from seeming like a whinging student and more like an intellectual who is using sound reasoning. Hell - if you are able to find clear, repeated examples of wrongful clasification of websites, you may be able to enact a reconsideration of what's being used to deny you access or relax the level in which things are blocked.
Of course, they might not care. Who knows?
--- perl -e 'printf("%s\n", pack "H*", "7369670a676f6c677940676f6c67792e6e65740a2f736967")'
Rutgers University bans ssh public keys. Ergo, all the students employ expect scripts that contain their passwords. These expect scripts aren't from students writing em' themselves, but just copied from friends. In particular, there are students who barley know what ls and rm do, but certainly won't know to change their password if their laptop gets stolen. And students commonly hack one another's accounts by copying said script.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Because, funnily enough, important education content like Stanford's machine learning lectures are available exactly via Youtube and torrents: http://see.stanford.edu/see/lecturelist.aspx?coll=348ca38a-3a6d-4052-937d-cb017338d7b1
Dilbert RSS feed
If so ...
This is the basic test to see if you are worth letting back for the second semester. /. I suggest your consider a different career path.
As you have posted this question on
As you obviously want other technical people to get you out of trouble and solve all of your problems for you, I suggest you look at Sales and or Marketing.
Something tells me you have a natural aptitude for either of these.
Most (all?) universities have a union to represent the needs of the students. Get them to raise the issue and it's likely to be a lot more effective than one man's personal protest.
If it is a private university, then yes, they can do whatever they like, no matter how stupid it is. If they are a public university, then no it isn't "their bandwidth" it is "the public's bandwidth" and they have certain responsibilities.
So that's the first question to answer: Public or private? If it is private, well then suck it up. Private schools can, and often are, stupid with some of their rules. My recommendation is don't go to them, go to a public university.
If it is public then the thing to find out is where this is coming from. If it is from on high, the board of regents, there may be little you can do, though you can investigate state law, maybe talk to FIRE. However if it is coming from an overzealous IT department, then maybe it is time for them to get smacked around and learn that they are there to provide a service, not to act like despots.
In that case maybe talk to the faculty senate. The faculty and administration can ultimately tell the IT department to sit down and shut up, they perhaps just need to be made aware of that fact. Get information from other universities, see how they do it. You'll have no trouble finding places that provide essentially unrestricted Internet access (the university I work at does). Present the faculty with ammunition that it can and should be done a different way and they may choose to affect a change.
As something of an example of the second scenario in the private sector, my dad worked as a VP for a company;s American branch for many years. They decided to bring him over to the British branch for a bit to clean shit up. So he is over there, meets the guy who is the director in everything but title of that place (that was forthcoming). Guy says "Hi, welcome, I've got to go to this meeting, here's my office make yourself comfortable, I'll be back in an hour." My dad decides he'll check his e-mail and such things on the guys computer. No luck, can't get on the Internet.
He has someone call IT for him. IT comes down and says "Oh ya he doesn't have Internet access, he doesn't need it." Umm what? The guy in charge doesn't have Internet access? And who the fuck decided he didn't need it? There was no company policy to this effect. Dad snarls at them, 5 minutes later computer has Internet access. The IT department there was very tyrannical. They made rules all of their own and it just never really occurred anyone to yank on their chain.
Remember, and I say this as someone who works in IT: IT is a service industry. You are there to help people get their jobs done. That means not putting up artificial blocks to shit. That doesn't mean no blocks at all, you have to do things for security, compliance, and so on. However it does mean not being asshats and doing things like offering nothing but extremely locked down web access.
Also any time you say no to something, you need to have an alternative. So you say "No, you can't have an FTP server. The passwords are clear text and that is insecure. However we will happily help you setup an SFTP (SSH) server instead which is fully secure."
At any rate step one is to find out from where this policy comes, then you can see if anything can be done about it.
Seriously? So if I walk into your house and you dont provide services I "need" I can freely break rules to get them? Oh wait this is Slashdot: No rules for me and lots of them for others.
If I pay to live in your house...
and you have me locked in to that arrangement for four (or more) years...
and you agree to provide internet access, and you forbid me from having Verizon drop a DSL line right to my bedroom...
in favor of charging some insane "Internet access" line item to my bill for 4x as much...
Then yes, I damned well expect you to provide me with real internet access, and you can fully expect me to actively work around whatever attempts you may make to enforce your morality on my net feed.
This doesn't involve either the FP's parents or his employer - He pays a boatload of money every year for housing AND internet access, and his uni has decided they can selectively skip out on the second half of that deal simply because they have a captive audience. If they tried to pull this crap on any userbase that actually had the money to fight it, you can bet this would end up in the courts.
Why does it seem bizarre? I actually find you attitude strange. I left uni a long time ago but if I had access to alternate lectures of the same material from other universities I would have been all over that shit.
There were constant battles between the marketing and academic departments about blocking and unblocking social media sites. In the end the marketing department won and they were unblocked. The tutors didn't like it because they relied so much on computers for their lessons rather than using good old fashioned methods like lecturing and demonstrating.
Why was that a problem? - That people might use (gasp!) their computers for more that just the lessons?
Sounds like narrow-minded tutors with a feeble grasp on reality.
Besides, why should the tutors care? - If people waste the lessons updating Facebook instead of getting smart, they'll simply fail and thus have wasted their tuition. I hope Facebook was worth it, but the tutors shouldn't care less if the students are that stupid.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Besides, why should the tutors care? - If people waste the lessons updating Facebook instead of getting smart, they'll simply fail and thus have wasted their tuition. I hope Facebook was worth it, but the tutors shouldn't care less if the students are that stupid.
Because most teachers go into teaching to get students to learn? Because a lot of institutions tie student performance into their evaluations? Because students that aren't paying attention are more likely to distract their neighbors? etc etc...
-Bucky
I am security@ a large public .edu .. and I can say that their approach is quite *uncommon* among my peers in the industry.
.. and we block common things like tcp/6666 and tcp/445 outbound .. but other than that, we reguarly field calls from folks that just got $shiny_new_game for their $toy and want to know if we can figure out why voice chat (or whatever) doesn't work.
.. we had the network engineers, security team, etc. all assembled and basically told the students "go for it" and made several ongoing tweaks to things to ensure they got the best experience (gaming is a latency-sensitive application, we just needed to figure out how to prioritize it with QoS and the packeteer).
.. tl/dr .. sounds like your Uni has a sucky policy. Take it up with the provost .. you are paying to be there, and Internet access is part of your campus experience. If it's not up to par, they need to make changes.
Education is typically a very open environment, and IT will happily provide (within reason) anything that doesn't interfere with something else.
For example, we have several "hacking labs" on campus, where students are free to do basically whatever they want, regardless of how malicious. Granted, those networks are firewalled off from the rest of campus (and the Internet). We also have PlanetLab, TOR (which I run myself), and a few other projects.
As for Internet access, we don't have "wide open" like your home DSL (email, for example, must go through our servers for obvious reasons)
Last year we actually had students bring their PS3/Xbox units into a conference room in the IT department, hooked up to our projectors, and had then all plug into a switch where we were running a sniffer
In short