Today's Connected World
According the United Nations Human Rights Council, access to the Internet is now considered to be a worldwide basic human right. President Obama stated “today, high speed broadband is not a luxury, it’s a necessity.” Our children are growing up in a connected world, and preparing them for that world is an absolutely essential part of education.
The Internet is the largest distribution network for advertising and purchasing of products and services that are both physically and/or digitally delivered. The Internet contains roughly 50 Petabytes (50,000 Terabytes) of RAW UNFILTERED information.
Because of this Internet safety is a critical part of teaching students to use technology.
What does Washington County School District Do?
We teach students to use the Internet appropriately and responsibly. Internet safety and ethical use is an integrated part in introductory technology classes taught throughout Washington County School District’s schools. These principles are instilled in our children starting at an early age in our elementary labs, where lab aides teach internet safety, privacy and security to all elementary students each year. Students continue through their internet safety education all the way into the graduation required Computer Technology course taught in our secondary schools. We know that teaching kids to use the internet appropriately and responsibly is a critical skill that they will need for the rest of their life.
Many resources to help teach these concepts can be found at http://www.netsafeutah.org/
Washington County School District acknowledges that technology based filters are not always effective at eliminating harmful content and due to this, Washington County School District uses a combination of technological means and supervisory means to protect students from harmful online content. To that end, Washington County School District has adopted the 70/30 Rule of Internet Content Filtering.
70/30 Rule of Internet Content Filtering
Washington County School District has adopted the 70/30 Rule of Internet Content Filtering. A concept originally developed by Jeremy Cox (http://www.supertechguy.com/blog/the7030ruleofinternetfiltering) and presented at the 2015 SAINTcon Conference (https://youtu.be/32wsQ5VXwWo) by the UtahSAINT Organization (https://www.utahsaint.org/).
The 70/30 Rule of Internet Content Filtering states that students are simply not safe online when only technology measures are used to prevent access to harmful content. The rule of thumb is that 70% of internet content filtering is supervision based, and 30% is technology based. By adhering to the 70/30 rule of internet content filtering, students can safely use the internet and the likelihood that a student will be exposed to harmful content is severely reduced.
The concept is simplified and explained in this video:
WCSD's Internet Content Filtering Solution
Washington County School District currently uses iBoss Cybersecurity’s Secure Web Gateway product to prevent access to unauthorized and harmful content on the web. The iBoss solution was selected from a state wide RFP administered by UETN (Formally UEN). The solution’s subscription is paid state wide by funds administered by UETN. District’s are responsible only for the costs of the appliances.
WCSD currently uses three iBoss appliances, with the expectation to purchase an additional two more in the next fiscal year. Each appliance can filter up to 2Gbit of traffic on the network. Due to WCSD’s continued commitment of the use of technology in the classroom, the requirements on our network for increased bandwidth grows every year.
WCSD takes the security and protection of our students very seriously, and blocks thousands of websites that host pornographic and other harmful material. The iBoss filtering solution sits on the network, in-line with the District’s outbound internet connection. It actively scans all traffic as it passes across the network, and constantly looks for traffic that is undesirable. When that traffic is detected, it immediately blocks that traffic from passing across the network.
The filter has the capability to block traffic based on the following criteria:
UETN Network Engineering Study, Sanity Solutions,
Unfortunately the mass migration for total encryption on the internet is impairing our ability to filter all harmful content on the network.
“In today's internet environment, Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption, SSL's replacement, are preventing SWG solutions from identifying traffic content beyond the domain and IP address of its origination. SSL decryption technologies can mitigate some of these issues and allow the SWG solutions to continue performing keyword and individual page filtering. Enabling this feature breaks many applications and services that utilize SSL pinning, it often also requires additional hardware to handle the increased load. As more applications adopt SSL pinning, this option becomes less and less viable. Because of this, few customers are implementing this technology.”
UETN Network Engineering Study, Sanity Solutions,
WCSD also takes advantage of Google's Enforced Safe Search, Youtube for Schools, and Microsoft's Bing in the Classroom. These services, albeit fully encrypted give WCSD some ability to control the content that is delivered through them. Google's Enforced Safe Search and Microsoft's Bing in the Classroom give the WCSD the ability to toggle a Safe Search flag. In that particular case, WCSD is unable to determine what content is appropriate, and has to rely fully on Google and Microsoft to make those determinations. Youtube for Schools allows us some additional controls, in which we can add to the acceptable list, but the default list is not modifiable by WCSD. Because these services use TLS Encryption and the Google Chromebooks and other Chrome browsers are Pinned to Google's master certificate, we are unable to provide any more extensive filtering than what is provided through these methods.
WCSD is unable to provide any safe access whatsoever on other encrypted search engines. For this reason, WCSD blocks Yahoo.com, DuckDuckGo.com and other search engines that utilize encryption but do not offer controls to provide some level of safety for our students.
WCSD uses a great deal of services for teaching in the classroom that utilize TLS encryption and SSL pinning. Because of this, we have come to two major realizations:
- It has become unfeasible to decrypt traffic on the network. (and because of this)
- The filter alone is inadequate
To help compensate for this loss, WCSD has adopted the 70 / 30 Rule of Internet Filtering. You can read more about this concept in the section above.