JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Ray Soucy <[log in to unmask]>
Reply To:
Joebox User <[log in to unmask]>
Date:
Thu, 25 Oct 2012 11:24:15 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (145 lines)
The Joebox does not have configurable local DNS.  We do provide a
state-wide OpenDNS license for DNS-based filtering as an alternative
to the Joebox, though.




On Thu, Oct 25, 2012 at 10:17 AM, Swift, Randy <[log in to unmask]> wrote:
> I do not use the joebox for filtering/firewall. I am curious as to if  the
> joebox has dns forwarding cababilities? In my firewall I just dns forward
> facebook.com to 10.1.0.0 and they cannot get to facebook using http or
> https. Thanks
>
> On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange
> <[log in to unmask]> wrote:
>>
>> Hi Ray,
>> I am the Network Manager for MSAD-61, and I am definitely interested in
>> testing this filtering method.  HTTPS (in particular
>> https://www.facebook.com) is a loophole that our students quickly found out
>> about, to circumvent the filter.   We have a JoeBox and MecGuard enabled at
>> the HS/MS.   Please feel free to contact me at the address below so we can
>> discuss the details.
>> Thank You,
>> Rick Lange
>> IS Network Manager
>> Maine School Administrative District 61
>> 900 Portland Rd.
>> Bridgton, ME 04009
>> [log in to unmask]
>> __________________________________
>>
>>
>> On Wed, Oct 24, 2012 at 12:43 PM, Ray Soucy <[log in to unmask]> wrote:
>>>
>>> After months of development with MECnet, we're finally ready to start
>>> testing the new Joebox code base that introduces transparent HTTPS
>>> filtering for MECguard.
>>>
>>> I'm currently looking for a volunteer site (or two) to test this new
>>> filtering method.  Ideally this would be a site that does not
>>> currently filter HTTPS so it could be enabled or disabled on a
>>> per-group basis without having to make sweeping changes to your
>>> existing environment.
>>>
>>>
>>>
>>> Here are the details on the new release of MECguard SSL:
>>>
>>> - Transparent process, when enabled for a group the Joebox intercepts
>>> HTTPS traffic for clients the same way it does for HTTP.
>>>
>>> - The Joebox establishes separate SSL sessions between the requested
>>> site and the client, decrypting and scanning page content, then
>>> re-encrypting and delivering to the client.  This process is isolated
>>> within the MECguard process and there is no way to log or sniff data
>>> in the brief time it is unencrypted to preserve user privacy.
>>>
>>> - Because the Joebox now decrypts HTTPS requests to scan them,
>>> MECguard is able to filter HTTP and HTTPS using the same methods.
>>> This means a simpler configuration, and full support for HTTP
>>> filtering features, including full URL block/allow support, filter
>>> bypass/override support, and features such as "Force Google Safe
>>> Search".
>>>
>>> - The Joebox generates SSL certificates of its own on-demand.  This
>>> means that users who navigate to an HTTPS website will see a prompt to
>>> accept the SSL certificate the same way they would if using a
>>> self-signed certificate.  This certificate can be remembered by the
>>> browser to avoid future warnings.  To avoid SSL warnings completely
>>> and provide a seamless user experience, you can download and import
>>> the private SSL certificate authority generated by the Joebox which
>>> will allow clients to trust the SSL certificates generated by the
>>> Joebox (this actually works very, very nicely)
>>>
>>> - Because both HTTP and HTTPS are filtered in the same way, blocking
>>> sites like Facebook will actually work without the previous
>>> work-arounds of using firewall rules or having to setup proxy servers
>>> for HTTPS.
>>>
>>>
>>>
>>>
>>> New features have been added to MECguard for both HTTP and HTTPS:
>>>
>>> - A new feature has been added to force Youtube Safety Mode similar to
>>> the Force Google Safe Search feature.
>>>
>>> - Support for Youtube School ID has been added.
>>>
>>> - The log viewer has been re-designed to be more responsive.  Full
>>> URLs are now logged for HTTPS like they are for HTTP.
>>>
>>> - MECguard Anti-Virus scanning has been added (still experimental),
>>> this feature is powered by ClamAV.
>>>
>>>
>>>
>>>
>>> If you're interested in becoming a test site in the next few weeks,
>>> please drop me a note.
>>>
>>>
>>>
>>>
>>> --
>>> Ray Patrick Soucy
>>> Network Engineer
>>> University of Maine System
>>>
>>> T: 207-561-3526
>>> F: 207-561-3531
>>>
>>> MaineREN, Maine's Research and Education Network
>>> www.maineren.net
>>
>>
>>
>>
>>
>
>
>
> --
> Randy Swift
> Network Administrator
> RSU#52 IT Dept.
> 21 Matthews Way
> Turner, ME 04282
> [log in to unmask]
>



-- 
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net

ATOM RSS1 RSS2