[K12OSN] differentiated internet filtering by grade level question
Mike Ely
mely at rogueriver.k12.or.us
Thu Jan 12 02:27:05 UTC 2006
Jesse McDonnell wrote:
> I'm a high school librarian and have a question on whether anyone is using the same proxy server and filtering software to provide different filtering to students at different grade levels. Everyone in the district currently goes through the same proxy server and has the same level of filtering. All Web-based email is blocked as are file transfer sites like yousendit. We're having an ongoing discussion of the filtering policy and how much of a threat web-based email presents.
>
> I have an override account on the BESS filter so students in the library can access their email to download large files they are transferring back-and-forth between home and school when students don't have jump drives. When they are in the computer lab or using wireless laptops in the classroom they are unable to do it since I'm the only one in the building with an override. I'm wondering how difficult it would be to have everyone in the high school go through a different (or aliased) proxy IP that would have unfiltered access to webmail.
>
> We are in a windows enviroinment and using BESS (N2H2) filtering software. IP addresses are assigned by a Windows DHCP server. We don't use roaming profiles. Students don't have email accounts through the school district and account names are of the form GraduationyearLastnameFirstinitial (06smithj is joe smith graduating in 2006). When they login the start menu and the apps available are mapped from a folder on one of the servers. So it would simple to change the proxy IP address in IE for all high school students.
>
> How best to deal with this situation....?
>
> Jesse McDonnell
>
I'm not sure if Bess supports this or not, but a number of filtering
proxy systems, ranging in price from free to very-not-free, handle
transparent NTLM authentication and filtering, which would give you the
ability to create a different set of ACLs based upon the organizational
unit of the user requesting a website. We've been using a
remotely-hosted Bess solution, but are turning away from it in favor of
the more granular control I mention here along with the advantage of
having a large caching proxy at the edge of our network.
Upon further examination, it would appear that Bess supports this as well:
http://www.securecomputing.com/index.cfm?skey=1377#fbug
The more I look at the n2h2 site, the more Bess looks like a very
well-configured Squid with SquidGuard. Does anyone have any insights as
to whether or not this is the case?
Cheers,
Mike Ely
More information about the K12OSN
mailing list