I wrote a bit ago about unblocking websites when you are behind a firewall. I had said that for the most part that you should probably just quit trying as there is a reason the people who run your network are blocking you. Not a good one or one you may agree with but one none the less. Now are there GOOD reasons to get around blocks such as this? Yes. Are they always effective? No. But the concepts are pretty sound. While not a discussion of how to break the systems will show the strengths and weaknesses of each. This should help a few parents and sys admins on securing their Internet access a little better.
DNS Modification - This is an quick and easy way to block a lot of sites without having to install much of anyting. DNS is the way that computers and networks translate the domain name (such as thehelpcenters.com) into the IP address (127.0.0.1 no not the real one) . When you type in a domain your computer then searches locally and then the DNS servers it has setup in its networking configuration for the IP address. It then uses the result to connect to that site. Now this all works GREAT except when the DNS server is setup to return a false result for some domains. So if in reality example.com is 208.77.188.166 but the DNS server could return 127.0.0.1 or something else. Malware also can do this by modifying the hosts file on a computer which is kinda like an override for DNS lookups. To get around this may be difficult as the network may not let you use an alternative DNS server. It may be a bit hard to detect if you’ve changed this if this is the ONLY method of blocking used. If you know the IP address you can simply type it in directly and this method is rendered useless.
Filtering Software - This is software installed on your computer. It is rather sneaky and can hide. If this is the case then the reports may show the tampering which would then indicate red flags. Filtering software often has a list of sites and also words and phrases that are banned. This prevents typing in an IP address and getting around the block as not only is the domain name filtered, the IP address and even the content downloaded can be analyzed.
Proxy Servers - This is a server that your browser connects to and then connects to the internet. Often this is coupled with a full block of access by individual machines to the Internet. This means that ALL traffic to the internet MUST travel through this machine. This is often the most effective and secure method of securing a network. It can combine the effectiveness of a DNS modification with filtering. Add no additional software and centralized management makes this the preferred choice. It can have black lists of sites and ip addresses and in addition filter page content itself. For example a search on google for ‘cute puppies’ would work but a search for ‘texas holdem poker gambling’ would not as the proxy could detect and filter the words poker and gambling. In addition the proxy can prevent downloading software that may cause problems with the computers. This is the method I use to protect my kids from problems. One site that was blocked by default that they requested I unblock was neopets.com. It was blocked due to the games of chance they had.
Now for how people try to circumvent these measures. Often the quick response is use a proxy server. Granted this is a method that can work when the network has not been properly secured or maintained. Most of these ideas are for school networks and not for the family computer as the best protection is parental supervision and a security filtering software.
For example if there are the students computers and then the proxy server. The system provides great blocking and filtering but if the students computers can access and are permitted traffic through the school firewall then they can skip the proxy altogether. This isn’t such an issue if the ONLY traffic allowed to the Internet originates from the proxy server. Attempts by students are then discarded (and can be logged) but that door can be shut HARD.
Next is the proxy server itself. While a black listing of sites and IP addresses is great it needs maintenance. Which can often fall by the wayside. I use a program called DansGuardian at home and it works in two ways, blacklists and content analysis. This way even if my kids avoid the blacklisted sites they can be blocked by the content analysis. A two layer protection. Add to this virus scanning and they have a safe place to goto the Internet.
The way that people get around a proxy server that provides filtering is to usean anonymous proxy service. These are setup around the Internet and provide a ‘tunnel’ through a firewall to their site and then to the rest of the Internet. The ONLY way to block these are to keep blacklists of these sites AND to block traffic on extra ports (ones besides port 80 and 443) even though a frequent check on the logs should bring up the ability to see if a new proxy service has been discovered and is being used on the network. If you look for traffic on ports besides 80 and encrypted. A quick browse to that IP should confirm if it is and in turn it can be then blocked at the proxy server.
I know this was a bit technical for some and a bit to shallow for others. But the BEST guideline that I have is for parents to monitor their child’s activity on the Internet and for schools to use professional help when it comes to securing their networks.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.