Educause Security Discussion mailing list archives
Re: Foreign Student Dealing with China's Web Filtering of US Websites
From: Tomo <tomo () LONDON EDU>
Date: Tue, 25 Aug 2020 14:04:37 +0000
Agree with other posters, you should not be enticing students to break the law and use unlicensed VPNs. Also, the great firewall will seek out sustained and prolonged data connections going outside of China (it’s not just US websites) that are encrypted and either rate shape the return traffic to death or eventually drop the connection. Note that apart from specific blocks based upon content that is a concern and social networks that are well known and documented, generally Microsoft Cloud/Services and Amazon Cloud are not filtered, but Google cloud/services are blocked – and importantly this will trip up google hosted recapthcas. However, there is a completely legitimate and trouble free way of getting access to services when in China that would otherwise be blocked that end users can adopt, at a little cost. Any Roaming SIM card with a data connection (which can be shared as a hotspot if needed). All traffic is tunnelled back to your home mobile network, and it breaks out to the internet from there. The user would need to be economical with the data they use over the SIM card data connection…. but it’s a bullet proof way of doing things. If a user cannot sort out a contract with a sensibly-costed bundle of roaming data for China, then you can pick up pre-paid SIM cards from various mobile networks in SE Asia designed for shorter term visitors that include a bundle of roaming data to be used within a specific period of time. You can pick them up from the usual ecommerce sites like eBay, but also Aliexpress and Taobao. Look at options from Hong Kong (even ChinaMobile HK and ChinaUnicom HK are ok), Thailand, Malaysia, Singapore. You need to get as sensible amount of data with the greatest validity time possible (the time is often more of the issue than data allowance) In the UK we also have a China Mobile MVNO that has free roaming in HK and China – not sure if they have equivalents in North America. YMMV but hope this is useful. __________________________________________________________________ Tomo | Infrastructure Architect | Information Technology – Operations and Assurance London Business School | Regent's Park | London NW1 4SA | UK D: +44 (0)20 7000 7777 | T: +44 (0)20 7000 7000 E: tomo () london edu<mailto:tomo () london edu> | W: www.london.edu<http://www.london.edu/> Connect with us: LinkedIn<https://www.linkedin.com/school/5954> | Twitter<https://twitter.com/LBS> | Facebook<http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105> | Instagram<https://www.instagram.com/londonbschool/?hl=en> PLEASE NOTE: Working days: Tuesday to Friday until end August 2020. Advance notice of annual leave: two weeks in September [cid:image001.jpg@01D67AF1.02485490] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ayala, Daniel Sent: 25 August 2020 14:58 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Foreign Student Dealing with China's Web Filtering of US Websites Hi Bruce, The most consistent thing when dealing with connectivity to western services in China is the inconsistency in connectivity to western services. The fact that VPN to your campus works one day from a country may not mean that it works the next, and maybe not from all regions in the country. Layer on this some new technology limits on TLS 1.3 which makes it harder for national firewalls/filtering to limit specific destinations, so it has been summarily blocked in China which eliminates a number of technologies. There is also the fact that care needs to be taken when giving recommendations on how to connect that may be illegal in a particular jurisdiction. While the goal is to connect students and keep them connected, we should not rely on or recommend solutions that we know to be illegal in their area (and there are more countries than just China where connectivity is a changing landscape). As such, our approach as been to establish a joint academic/technology approach to give instructors a suite of options that they can leverage and consider for international students, along with the up-front understanding that students in these areas will likely require some flexibility by the instructor to use these multiple paths, through the use of a suite of technologies perhaps used in creative, new ways. https://tech.msu.edu/about/guidelines-policies/exploring-alternative-edtech-approaches-for-international-student-participation/ This document is to a stage where were are actively sharing and using it throughout Michigan State University as we lead up to the start of the fall semester. But if you have any feedback or ideas based upon it, please share them as we consider this topic a permenent work-in-progress.. Thank you! Dan Daniel Ayala Interim CISO Michigan State University ayaladan () msu edu<mailto:ayaladan () msu edu> On 25 Aug 2020, at 09:13, Bruce Heldman <heldmanb () QUEENS EDU<mailto:heldmanb () QUEENS EDU>> wrote: We have a foreign student who’ll be returning to mainland China since our Fall semester is online only. Prior experiences he’s had with the Chinese government’s Web filtering suggest he will be blocked from browsing various US sites required for his course work. Are there any options that would help us with this situation? We’ve considered: 1. Granting him VPN access, but I believe non-university wouldn’t be tunneled. It would go through his default gateway. 2. Assigning him a VDI workstation. He would then connect to this university VDI workstation (with or without VPN) and browse from that station. Any suggestions or recommendations are appreciated Bruce Heldman Sr. Director of Technology Infrastructure & Support Queens University of Charlotte 1900 Selwyn Avenue Charlotte, NC 28274 Tel: 704-971-5409 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!HXCxUKc!hUikcT8jC9Bhg_ZM6kiGSAbudKiOd0bB-whyb19bXEpsdaYBeWYS4E2xD-ONQtI$> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Foreign Student Dealing with China's Web Filtering of US Websites Bruce Heldman (Aug 25)
- Re: Foreign Student Dealing with China's Web Filtering of US Websites Frank Barton (Aug 25)
- Re: Foreign Student Dealing with China's Web Filtering of US Websites Ken Munro (Aug 25)
- Re: [EXT] [SECURITY] Foreign Student Dealing with China's Web Filtering of US Websites Michael Cole (Aug 25)
- Re: Foreign Student Dealing with China's Web Filtering of US Websites Julian Y Koh (Aug 25)
- Re: Foreign Student Dealing with China's Web Filtering of US Websites Ayala, Daniel (Aug 25)
- Re: Foreign Student Dealing with China's Web Filtering of US Websites Sidharth Nandury (Aug 25)
- Re: Foreign Student Dealing with China's Web Filtering of US Websites Tomo (Aug 25)
- Re: Foreign Student Dealing with China's Web Filtering of US Websites Frank Barton (Aug 25)