Best practices to keep students off the Dark web

Best practices to keep students off the Dark web

How to keep students off the Dark Web

Are your students using school networks or computers to access the Dark Web? They very well might be—and you wouldn’t even know it. But ContentKeeper has a solution.

The Dark Web is the seedy underbelly of the Internet, not able to be indexed by Google and other search engines. Because users can surf the Dark Web anonymously, it has become a place for all kinds of illegal activity, including sex trafficking, child pornography, and the sale of private information.

In fact, students are using the Dark Web to access gaming, buy drugs, and hire hackers to change their grades or launch a Distributed Denial of Service (DDoS) attack on their school’s network, among other illicit behavior.

Accessing the Dark Web is done through a special web browser such as Tor, and students can cover their tracks—while also bypassing their school’s web filtering software and firewall—by using a VPN tunneling application.

For instance, free or low-cost applications such as Psiphon, UltraSurf, X-VPN, and HideMyAss! allow students to circumvent their school’s filtering software by establishing an encrypted Virtual Private Network connection from their device to the Internet, so they can access websites anonymously.

These rogue apps are easily available online. In fact, if you do a Google search for “how to bypass school Internet filters,” you’ll get nearly 10 million search results with links to these various apps and detailed instructions for using them.

When students use these apps to get around their school web filter, this creates serious liability issues for K-12 administrators. And if they’re using these apps to access the Dark Web, there’s no telling what serious trouble they could be getting into.

ContentKeeper has spent years studying the unique signatures of these apps. We have a dedicated team whose only job is to keep up with changes in the apps’ signatures and to learn about new tunneling apps and other rogue applications as soon as they emerge.

We have channeled this insight into the development of a new add-on to our industry-leading school web filter that identifies and squashes the use of these rogue apps as quickly as they appear on students’ devices.

As soon as a student downloads an app like Tor, Psiphon, or Ultrasurf, our new App Defender solution detects the presence of the app on the student’s machine and then isolates the student’s device from the network. The student receives an automated message stating that his or her network access has been suspended until the offending app is removed. Once the app in question is deleted, the student’s network privileges are restored.

Joe Barnett, Chief Technology Officer for the Frenship Independent School District in Texas, likens this capability to putting students in a “time out” until they comply with the district’s Acceptable Use Policy. “We can stop the web activity on that device until the app is uninstalled,” he observes.

Frenship ISD was one of the first ContentKeeper customers to try App Defender. When Barnett installed the solution, he was shocked at what he found: In this district of 10,000 students, it was not uncommon for him to see 400 or even 500 examples per day of suspicious apps identified by the software.

Today, there are fewer than 100 instances per day of students trying to use rogue applications to bypass the district’s web filter—and when they do, App Defender catches this activity. Using App Defender has allowed the district to preserve essential bandwidth for classroom learning, while keeping kids off the Dark Web and ensuring that the district meets CIPA guidelines.

To learn more about Frenship ISD’s use of App Defender, read the full case study here. For more information about App Defender, click here.

About the Author: David Wigley Co-Founded ContentKeeper Technologies in 1997 and serves as its Chief Executive Officer. David has many years of experience in software engineering, sales and management within the Computer Security Industry.

3 reasons to avoid a Chrome-centric Web Filter

3 reasons to avoid a Chrome-centric Web Filter

3 reasons to avoid a Chrome-centric school Web Filter

With Chromebooks accounting for nearly 60 percent of the devices sold to U.S. schools last year, many school web filters have tailored their approach specifically for the Chrome web browser.

That is to say, they’ve developed Chrome apps or extensions that take advantage of Google’s SafeSearch feature to deliver a safe and customizable online experience for Chromebook users, without investing as much time or effort into making their solution work effectively with other platforms.

We believe there are serious shortcomings in this strategy. In fact, here are three key reasons why we think taking a Chrome-centric approach to school Internet filtering is problematic.

Leveraging SafeSearch works well for Google websites, but it doesn’t give K-12 leaders granular control over non-Google domains (like Facebook or Twitter).

By integrating their filtering settings with SafeSearch, school web filters that focus on Chromebook can block inappropriate content within Google’s search engine and explicit videos on YouTube, without blocking the entire domain. However, SafeSearch only works on Google-owned domains.

This means K-12 leaders don’t have the same granular control over Facebook, Twitter, Instagram, and other social media sites. If you use a Chrome-centric school web filter, you’d have to block these sites altogether or give students access to the entire site.

Using SafeSearch doesn’t allow for comprehensive reporting tied to specific users and subdomains.

Effectively managing mobile or digital learning requires administrators to know what students are doing online and which sites they’re trying to access. To remain CIPA compliant, enforce Acceptable Use Policies, and investigate possible criminal activity, K-12 leaders need comprehensive insight into students’ Internet use, with real-time dashboards and advanced reporting capabilities that can identify which users have requested which particular web pages.

Google SafeSearch doesn’t provide this comprehensive visibility and reporting, even for Google-owned domains. The only way to get it is by decrypting and inspecting Secure Sockets Layer (SSL) web traffic at very high speeds.

Perhaps most importantly, a Chrome-centric approach to school Internet filtering severely limits the options available to students.

What if a student forgets his Chromebook at home and wants to access the network from an iPhone instead? What if your school or district decides to go in a different direction when it’s time to refresh devices? How will you handle filtering for guests on your network? “Bring your own device” (BYOD) programs and mixed-device learning environments become problematic when schools choose a filtering solution that’s built around Chrome.

A full-featured, cross-platform Internet gateway solution solves all three of these challenges by decrypting, inspecting, and controlling web traffic from any device and web browser. As a result, students have the same Internet experience—and administrators have the same visibility and control—at all times. That’s a huge benefit.

ContentKeeper fits this description. Our leading school web filter offers the same top-notch functionality regardless of what device students are using or where they’re connecting from. ContentKeeper also integrates seamlessly with JAMF, FileWave, and other mobile device management (MDM) solutions, so administrators can push out certificates and manage Mac and iOS devices as easily as Chromebooks.

To learn more please visit:

About the author: Mark Riley Co-Founded ContentKeeper Technologies Pty. Ltd. in 1997 and serves as its Chief Technology Officer. Mark has been named on a number of Internet Content Filtering Patents. He has accumulated more than 26 years experience in complex network design and software development with multinational organizations throughout Asia, Europe, North America and the UK. Mark’s achievements have been recognized internationally by NetOps, Secure Computing Magazine (UK) and a range of media profiles.