Why It’s Time to Ditch Your Old-School Firewall

(And ten things you need in your new one.)

GUEST COLUMN | by Amy Abatangle

CREDIT UntangleK-12 schools must maintain a careful balance between internet access and protection. Keeping schools in CIPA compliance and kids focused on learning demands robust web filtering and blocking technologies. Internet access is no longer a luxury; the resources students and staff need on a daily basis as part of the core curriculum are located online.

As with so many things, budget constraints force many schools to live with out-of-date IT infrastructure and ineffective web filters much longer than they should. Schools are hanging on to older systems that block website content based on URL and port 80/443. But today’s websites and applications proactively hop ports, and more and more traffic comes through HTTPS. These old systems are not only too easy to bypass, they can also hamper learning due to inflexible, cumbersome block/allow rules.

To meet classroom needs while excluding the growing array of distracting and inappropriate content out there, a next-gen firewall is a must.

Compounding the problem is that more students bring their own devices from home for use on campus WiFi, and kids are often adept at finding new ways to get around web filters using search engine tricks, proxy websites, and anti-firewall software such as UltraSurf.

Clearly, K-12 network administrators need a new approach to web filtering that can effectively stop unwanted traffic yet optimize access for a growing array of educational activities. It’s a tightrope act with tight budgets making it all the more precarious. But there are cost-effective options out there that can provide a much more flexible internet experience for school staff and students alike – while keeping everyone on task, compliant and safe.

One school’s story

Huntingtower School is an independent, coed day and boarding school in Mount Waverley, Victoria, Australia. In addition to on-premise devices, about 175 of the school’s 700 students bring their own devices to school. Additionally, staff bring about 250 laptops, iPads or smartphones on campus, totaling about 1350 devices on the network daily.

As a K-12 institution, Huntingtower School must prevent students from accessing inappropriate content while on school premises. With a legacy solution deployed, their network administrators found that students were bypassing content restrictions by using HTTPS or web translator pages, and the school’s VPN services did not restrict students from viewing inappropriate content on their mobile devices and tablets.

By choosing a next-generation firewall with web filtering, HTTPS inspection, application control and robust policy management, Huntingtower School can efficiently block students from viewing restricted websites and inappropriate content on all devices brought to campus, including websites in different languages. Modern web filtering including application control features made it easy to block or flag hundreds of applications, including Facebook, games, instant messaging, or file sharing – keeping bandwidth available for legitimate use by staff and students.

Flexibility and granular control were keys to success for Huntingtower School. Their experience with everything from cost control to bandwidth management provides a good checklist for schools looking to update their firewalls.

10 things K-12 schools should look for in a web filter:

  1. A robust, dynamic, real-time URL categorization engine with granular categories and full language support.
  2. Enforced safe search for popular search engines.
  3. Ability to handle and decrypt HTTPS sites so policies are enforced and administrators can see all websites and applications being accessed.
  4. Flexible web filtering with the ability to block inappropriate content to students yet easily allow temporary access to staff.
  5. The ability to make rules on an application basis, not just by URL. This allows for control and blocking of games, videos, torrents, streaming and other application types (Facebook, instant messaging, file sharing, etc.)
  6. Customization to set up different policies for students and staff by user, group, time of day, day of week and more.
  7. Ability to shape traffic via bandwidth control. This helps ensure that the fourth grade’s Common Core testing doesn’t conflict with the fifth grade’s Skype call or streaming video. Bandwidth control lets schools proactively manage bandwidth on the network, prioritize and de-prioritize sites, and give certain staff/groups bandwidth usage rights.
  8. Real-time reporting that lets you drill down to view and control individual user activity.
  9. Free trials and discounts. Some vendors offer free trials that let a school test out the system risk-free, and many offer discounts for educational organizations.
  10. Low hardware costs. Be sure you know if multiple hardware appliances are required to run the firewall or if you can use your current hardware.

Filter like a business

To meet classroom needs while excluding the growing array of distracting and inappropriate content out there, a next-generation firewall is a must. The solution needs to be inline, in the flow of traffic, so the web filter is not just seeing proxy or port 80/443 traffic. The filter must fully inspect HTTPS and can’t be 100% dependent on a list for URL detection. It should accommodate reverse IP lookups, understand multiple languages and enforce safe search features in browsers. It must also be able to recognize nefarious student activity such as proxy web site behavior in real time.

As more mobile device types are brought onto campus and as web-based educational resources continue to gain importance, K-12 institutions need the same enterprise-grade firewall protection that large companies demand. Good options are out there for real-world budgets, but be sure to insist on the right feature set. This will keep network administrators, staff and students alike focused on the common goal: education.

Amy Abatangle is Executive Vice President and General Manager for Gateway Products at Untangle, Inc.

* * *

2016 AWARDS PROGRAM. EdTech Digest recognizes people in and around education for outstanding contributions in transforming education through technology to enrich the lives of learners everywhere. We are now accepting entries for the 2016 awards program. Submit an entry<<

Leave a Reply