SmoothWall Stops Secure Proxy Abuse in Schools (censorship business)

New version of School Guardian Blocks UltraSurf and other HTTPS proxies

National Educational Computing Conference 2008
Booths 967-969

SAN ANTONIO--(BUSINESS WIRE)--Internet security specialists SmoothWall announce that their new School Guardian web filter now incorporates pioneering support for blocking secure proxies such as UltraSurf.

Often described as ‘unblockable’, UltraSurf is a 100kb download that once installed allows students to visit blocked sites with impunity via HTTPS. It is just one example of numerous free ‘secure anonymizers’ that are easily available on the web to help students outsmart school filters. Applications like UltraSurf are particularly difficult for filters to detect because they allow students to view web sites and media files within a secure tunnel where content is encrypted and cannot be scrutinized. They also present a much more serious security problem since the tunnels students use for unauthorized surfing also allow malware and other web-related threats to sneak into school networks undetected.

Although a simple solution is to block all secure traffic, it is unreasonable to expect districts to do this since secure transactions often need to be made in the daily business of running a school. While many security vendors claim to prevent secure proxies, in most cases, the suggested ‘fix’ is simply to implement such a blanket block, which is far from practical in most school environments.

School Guardian adopts a much more sophisticated approach by screening secure traffic for the characteristic usage patterns that are inherent in HTTPS proxies such as UltraSurf. Richard Moore, Vice President of Sales says the key to SmoothWall’s success in schools is their ability to offer a very advanced level of filtering at a much more affordable price:

“Choosing the most expensive security solution doesn’t always guarantee the best protection. Schools should look carefully at functionality and make sure they’re not spending thousands of dollars on something that can be easily defeated by a free anonymizer download. School Guardian proves that it’s possible to provide consistent control over web usage – without breaking the budget.”

SmoothWall will be showcasing the new version of School Guardian at NECC 2008 in Texas (June 29 – July 2). Since the company now issues regular feature packs for all their latest versions, users of School Guardian 2008 will automatically receive the new HTTPS proxy controls in July. Other interesting forthcoming features include a much-requested YouTube top videos report (so schools that want to allow the site can check who is viewing which videos, when) and a handy User Portal, which should help over-stretched administrators to do more delegating.

To see School Guardian in action either visit SmoothWall at the NECC expo (Booths 967-969) or visit www.smoothwall.com

About SmoothWall

The SmoothWall family of Internet security solutions helps schools, enterprises and small/medium businesses to prevent misuse, block objectionable content and protect against web related threats. Delivered and supported via a global network of partners in over 60 countries, SmoothWall’s commercial and open source solutions now safeguard more than a million networks worldwide.

How it Works

With today's web consisting of tens of billions of pages, content-based filtering is the only reliable way to protect against the unexpected. Guardian employs a wide range of intelligent content-based filtering techniques to control web access and protect users. The diagram below illustrates how these different techniques interact with each other - and your policy settings to accurately block all undesired material.

Dynamic Content Analysis™ technology is used to screen the content, context and construction of web pages in detail. In this way, all inappropriate, objectionable and dangerous content can be detected and blocked, as well as the Anonymous Web Proxies that are often used to circumvent web filters. Sites are classified into categories and then blocked or allowed based on your policy settings. All this happens instantaneously, thanks to an intelligent algorithm that is capable of scanning an entire encyclopedia in just a fraction of a second.

URL Filtering
Guardian's intelligent filtering technology is backed up by URL blocklists, which incorporate content from the Internet Watch Foundation database and are updated on a daily basis. Blocklists can be configured to operate in Whitelist mode where a Group of Users can be restricted to only being able to view a pre-configured list of web sites.

MIME File Type and Extension Checking
Every file can be identified from its MIME type property, allowing Guardian to block the download of music, video and executable files from web sites. This is a far more reliable technique than checking the file extension which is often forged to disguise dangerous files containing Spyware or Trojan Horse programs.

Anti-Virus Scanning
Files downloaded from web sites are not scanned by most anti-virus software, which provide email rather than web security. Guardian will anti-virus scan all such downloads, using either its inbuilt ClamAV engine or any ICAP compliant anti-virus engine running on an external system.

Malicious Code
Guardian detects and removes in-page executable code from web pages, such as Active-X controls, Java Applets and Scripts. Such executable code is not recognized by traditional anti-virus software, yet is often used to install spyware, viruses and Trojan horse software on user PCs. Sites that legitimately use executable code, (such as Microsoft's use of ActiveX in their Windows Update facility), are catered for by the provision of a Trusted Sites list which can be maintained by the system administrator.

Exploit Detection
When security vulnerabilities are discovered in web components like Microsoft's Internet Explorer browser, there is a window in time between discovery and fix when everybody is extremely vulnerable to attack. Guardian closes this vulnerability window by detecting and blocking such browser exploits, protecting systems until the security updates are available.

Mailicious URL Detection (Anti-Phishing)
Malicious URL detection helps to prevent users falling victim to phishing scams, where they are directed to bogus websites by emails containing spoof URLs that appear to come from banks and other legitimate senders.

PICS Code Checking
The Guardian software checks all received web pages for the presence of PICS codes (Platform for Internet Content Selection). Many websites include PICS codes in their web pages to indicate the nature and severity of the content. Guardian checks for sixteen different PICS categories, including "Sexual language", "Illegal drugs", "Violence", "Chat" and "Gambling".

Filter Groups
Multiple filtering categories and rule sets can be used to allocate different access rights and restrictions to different groups of users with different priveliges. Filter rules can be time-controlled (e.g. different rules for lunchtime) and particular users can be configured to not be subject to any filtering.

User Authentication
Guardian's User Authentication integrates with existing authentication systems such as Microsoft Active Directory®, Novell eDirectory™, LDAP and RADIUS to determine user identity and thus set appropriate filtering policies. User authentication also makes reports much more useful by the inclusion of user names rather that just workstation IP addresses, for both user and group activity reporting.

Reporting and Logging
All web browsing activity is recorded to an SQL database that can be either be viewed on screen or exported for external analysis. Instantaneous activity (including Instant Messaging applications) is monitored in real time using AJAX logs and traffic graphs. An extensive range of detailed report templates can be utilized to show anything from 'most visited domains' and 'top blocked categories' to time spent browsing and bandwidth utilization. Where authentication is enabled, reports can also be customized by user or group so that the worst offending users (in terms of requesting pages that were blocked by Guardian) can be quickly identified. Reports can be automatically scheduled and stored in familiar formats (PDF, HTML and Excel) or exported to Crystal Reports®.

Proxy Cache
The Web Proxy Cache reduces Internet bandwidth utilization by storing and retrieving frequently accessed web pages from local disk storage. Configuration options allow the cache performance to be optimized for the environment in which it is being used, along with the facility to prevent particular domains from being cached, either because they are subject to frequent change or for security reasons. The logic remembers "clean" pages (i.e. pages that have already been checked by Guardian) for 15 minutes so that if somebody else asks for the same page again then Guardian does not need to re-scan the page.

The "Site Blocked" Page
The "Site Blocked" page can be customized with your own message and if necessary can include buttons to unblock the page, either permanently or on a temporary basis. Other information displayed can include the IP address of the user, their Login name, the reason for blocking, the page score, configurable text messages and logo.