Firewall Wizards mailing list archives
Re: Blocking Offensive Material(??) with Firewall
From: Randy Grimshaw <rgrimsha () mailbox syr edu>
Date: Thu, 24 Jun 1999 11:04:35 -0400 (EDT)
Jacob: Let me make a suggestion in the form of a question. If you already have a list of addresses deemed objectionable, why not modify the DNS to misdirect these requests. Saving the content filtering, and notification system for the evaluation of new sites. <><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779 On Wed, 16 Jun 1999, Jacob Leverich wrote:
I run a network for a high school, so I've had to deal with this problem a little.. On Sun, 13 Jun 1999, Di Phelan wrote:Any opinions about how proxy servers, routers or especially firewalls could be used for content blocking would be much appreciated.I've been playing with a solution at LBJ High School in Austin, TX (USA), that has had promising results. However, it is probably only applicable to a very limited set of circumstances. You probably couldn't use this as a main argument in your paper, but it might be an interesting case study. Basically, we made a commitment several years ago to provide our students complete access to the benefits of the Internet. We decided not to attempt any content-based solution, like NetNanny, for a slew of reasons. I actually wrote a paper on LBJ's network (which can be accessed at http://jl.photodex.com/lbjwww/), which I'll quote from: -- begin -- Host-based content-limiting software This is the avenue taken by many public access entities, such as libraries. This type of software is installed on each individual workstation and attempts to block access based on content found within web pages. While attractive, it didn't fit in with our overall goals and gave users much less benefit of doubt than we felt comfortable with. There were many other downsides to this solution. Probably foremost, it would be prohibitively expensive to deploy this solution across the entire school. Also, these software packages are difficult to keep installed (and not disabled) on computers when the general user population is skillful and has lots of free time. Also, this solution provides no protection against any user plugging a foreign computer into one of our Ethernet ports and browsing the web as they please. Finally, this would not serve as a platform-independent solution. At the time, we needed support for Windows 3.11, Windows 95, Linux, IRIX, Mac OS, and AIX. -- end -- However, it was obvious to us that we were still responsible for the students' browsing habits. What we decided to do was log all outgoing web requests. This, for the most part, balanced our need for accountability, and the public's desire for unimpeded access.From here, it was fairly easy to track offensive (mostly pornographic)material. We have a script that sits on our firewall and looks at all the logs that get spewed out. The script parses the log and does a little bit of analysis on the content of the URL. If the URL is deemed objectionable, the script send an alpha-numeric message to the pager of a network administrator. The message includes the time, URL, and computer the request came from. The script decides whether or not a URL is questionable by a configurable list of rules. The administrator can then confront the student, decide on the disciplinary action to be taken, and inform any relevant teachers of the situation. Again, I'll quote from that paper: -- begin -- The biggest benefit of this kind of solution is the word of mouth of the users. What we witnessed at LBJ was that as soon as we implemented this script and started to catch students looking at questionable material, other students started to get the idea that we closely monitor the web traffic. They really had no idea how we accomplished this, but what they did know was that if they were caught looking at objectionable content, they would lose their Internet access. This significantly and quickly reduced the number of pornographic- and violence-related web pages that people were viewing and forced the students to start using judgement about the relevance of their web-related activities to educational goals. -- end -- Of course there are several technical problems with this solution that I won't even go in to.. but this is one approach to consider.Di PhelanJacob Leverich - leverich () photodex com
Current thread:
- Blocking Offensive Material(??) with Firewall Di Phelan (Jun 15)
- Re: Blocking Offensive Material(??) with Firewall Jason Olsen (Jun 16)
- Re: Blocking Offensive Material(??) with Firewall Christoph Schneeberger (Jun 16)
- Message not available
- Re: Blocking Offensive Material(??) with Firewall Marcus J. Ranum (Jun 16)
- Re: Blocking Offensive Material(??) with Firewall Tim Kramer (Jun 20)
- Re: Blocking Offensive Material(??) with Firewall Darren Reed (Jun 20)
- Re: Blocking Offensive Material(??) with Firewall Marcus J. Ranum (Jun 16)
- Re: Blocking Offensive Material(??) with Firewall Jacob Leverich (Jun 20)
- Re: Blocking Offensive Material(??) with Firewall Randy Grimshaw (Jun 28)