Re: Blocking Offensive Material(??) with Firewall

[Randy Grimshaw <rgrimsha () mailbox syr edu>]

Jacob:
  Let me make a suggestion in the form of a question.
  If you already have a list of addresses deemed objectionable, why not
modify the DNS to misdirect these requests. Saving the content filtering,
and notification system for the evaluation of new sites.

<><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779

On Wed, 16 Jun 1999, Jacob Leverich wrote:

> I run a network for a high school, so I've had to deal with this problem a
> little..
>
> On Sun, 13 Jun 1999, Di Phelan wrote:
>
> > Any opinions about how proxy servers, routers or especially firewalls
> > could be used for content blocking would be much appreciated.
>
> I've been playing with a solution at LBJ High School in Austin, TX (USA),
> that has had promising results.  However, it is probably only applicable
> to a very limited set of circumstances.  You probably couldn't use this as
> a main argument in your paper, but it might be an interesting case study.
>
> Basically, we made a commitment several years ago to provide our students
> complete access to the benefits of the Internet.  We decided not to
> attempt any content-based solution, like NetNanny, for a slew of reasons.  
> I actually wrote a paper on LBJ's network (which can be accessed at
> http://jl.photodex.com/lbjwww/), which I'll quote from:
>
> -- begin --
> Host-based content-limiting software
>
> This is the avenue taken by many public access entities, such as
> libraries.  This type of software is installed on each individual
> workstation and attempts to block access based on content found
> within web pages.  While attractive, it didn't fit in with our
> overall goals and gave users much less benefit of doubt than we felt
> comfortable with.  There were many other downsides to this solution.
> Probably foremost, it would be prohibitively expensive to deploy
> this solution across the entire school.  Also, these software
> packages are difficult to keep installed (and not disabled) on
> computers when the general user population is skillful and has lots
> of free time.  Also, this solution provides no protection against
> any user plugging a foreign computer into one of our Ethernet ports
> and browsing the web as they please.  Finally, this would not serve
> as a platform-independent solution.  At the time, we needed support
> for Windows 3.11, Windows 95, Linux, IRIX, Mac OS, and AIX.
> -- end --
>
> However, it was obvious to us that we were still responsible for the
> students' browsing habits.  What we decided to do was log all outgoing web
> requests.  This, for the most part, balanced our need for accountability,
> and the public's desire for unimpeded access.
>
> > From here, it was fairly easy to track offensive (mostly pornographic)
> material.  We have a script that sits on our firewall and looks at all the
> logs that get spewed out.  The script parses the log and does a little bit
> of analysis on the content of the URL.  If the URL is deemed
> objectionable, the script send an alpha-numeric message to the pager of a
> network administrator.  The message includes the time, URL, and computer
> the request came from.  The script decides whether or not a URL is
> questionable by a configurable list of rules.  The administrator can then
> confront the student, decide on the disciplinary action to be taken, and
> inform any relevant teachers of the situation.
>
> Again, I'll quote from that paper:
>
> -- begin --
> The biggest benefit of this kind of solution is the word of mouth of
> the users.  What we witnessed at LBJ was that as soon as we
> implemented this script and started to catch students looking at
> questionable material, other students started to get the idea that
> we closely monitor the web traffic.  They really had no idea how we
> accomplished this, but what they did know was that if they were
> caught looking at objectionable content, they would lose their
> Internet access.  This significantly and quickly reduced the number
> of pornographic- and violence-related web pages that people were
> viewing and forced the students to start using judgement about the
> relevance of their web-related activities to educational goals.
> -- end --
>
> Of course there are several technical problems with this solution that I
> won't even go in to.. but this is one approach to consider.
>
> > Di Phelan
>
> Jacob Leverich - leverich () photodex com