[K12OSN] differentiated internet filtering by grade level question

Mike Ely mely at rogueriver.k12.or.us
Thu Jan 12 02:27:05 UTC 2006 

Jesse McDonnell wrote:
> I'm a high school librarian and have a question on whether anyone is using the same proxy server and filtering software to provide different filtering to students at different grade levels.  Everyone in the district currently goes through the same proxy server and has the same level of filtering.  All Web-based email is blocked as are file transfer sites like yousendit. We're having an ongoing discussion of the filtering policy and how much of a threat web-based email presents.
> 
> I have an override account on the BESS filter so students in the library can access their email to download large files they are transferring back-and-forth between home and school when students don't have jump drives. When they are in the computer lab or using wireless laptops in the classroom they are unable to do it since I'm the only one in the building with an override. I'm wondering how difficult it would be to have everyone in the high school go through a different (or aliased) proxy IP that would have unfiltered access to webmail. 
> 
> We are in a windows enviroinment and using BESS (N2H2) filtering software. IP addresses are assigned by a Windows DHCP server. We don't use roaming profiles. Students don't have email accounts through the school district and account names are of the form GraduationyearLastnameFirstinitial (06smithj is joe smith graduating in 2006). When they login the start menu and the apps available are mapped from a folder on one of the servers.  So it would simple to change the proxy IP address in IE for all high school students. 
> 
> How best to deal with this situation....? 
> 
> Jesse McDonnell 
> 
I'm not sure if Bess supports this or not, but a number of filtering 
proxy systems, ranging in price from free to very-not-free, handle 
transparent NTLM authentication and filtering, which would give you the 
ability to create a different set of ACLs based upon the organizational 
unit of the user requesting a website.  We've been using a 
remotely-hosted Bess solution, but are turning away from it in favor of 
the more granular control I mention here along with the advantage of 
having a large caching proxy at the edge of our network.

Upon further examination, it would appear that Bess supports this as well:
http://www.securecomputing.com/index.cfm?skey=1377#fbug

The more I look at the n2h2 site, the more Bess looks like a very 
well-configured Squid with SquidGuard.  Does anyone have any insights as 
to whether or not this is the case?

Cheers,
Mike Ely

More information about the K12OSN mailing list