JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Eugene Blake <[log in to unmask]>
Reply To:
Joebox User <[log in to unmask]>
Date:
Wed, 12 Dec 2012 12:39:29 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (135 lines)
Ray,

Jonesport-Beals High School would like to be updated. Our x-mas break is
December 24 - 31.

Thank You,

Eugene Blake
Technology Coordinator
MCSD 917/SU 103
Jonesport, ME 04649
207.497.5454

-----Original Message-----
From: Joebox User [mailto:[log in to unmask]] On Behalf Of Ray Soucy
Sent: Wednesday, December 12, 2012 12:26 PM
To: [log in to unmask]
Subject: Re: Transparent HTTPS Filtering Trials

It took us the majority of November working with MECnet to resolve some
issues keeping us from testing in production.

Sorry for the delay on that.

The good news is that we appear to have a stable release now, so if there
are sites looking to upgrade over holiday breaks please let us know.

A short PDF explaining the changes to MECguard and an idea of what to expect
is available on the web at:

http://www.networkmaine.net/msln/joebox/MECguard_SSL-15.0.pdf

Keep in mind nobody is running this in production yet, we just finished
internal testing of the new image for hardware compatibility yesterday.

Note: This update involves a re-image of your Joebox by Networkmaine, rather
than using the Software Update page.  The 15.0 packages will not appear as
an available update for you.




On Wed, Oct 24, 2012 at 12:43 PM, Ray Soucy <[log in to unmask]> wrote:
> After months of development with MECnet, we're finally ready to start 
> testing the new Joebox code base that introduces transparent HTTPS 
> filtering for MECguard.
>
> I'm currently looking for a volunteer site (or two) to test this new 
> filtering method.  Ideally this would be a site that does not 
> currently filter HTTPS so it could be enabled or disabled on a 
> per-group basis without having to make sweeping changes to your 
> existing environment.
>
>
>
> Here are the details on the new release of MECguard SSL:
>
> - Transparent process, when enabled for a group the Joebox intercepts 
> HTTPS traffic for clients the same way it does for HTTP.
>
> - The Joebox establishes separate SSL sessions between the requested 
> site and the client, decrypting and scanning page content, then 
> re-encrypting and delivering to the client.  This process is isolated 
> within the MECguard process and there is no way to log or sniff data 
> in the brief time it is unencrypted to preserve user privacy.
>
> - Because the Joebox now decrypts HTTPS requests to scan them, 
> MECguard is able to filter HTTP and HTTPS using the same methods.
> This means a simpler configuration, and full support for HTTP 
> filtering features, including full URL block/allow support, filter 
> bypass/override support, and features such as "Force Google Safe 
> Search".
>
> - The Joebox generates SSL certificates of its own on-demand.  This 
> means that users who navigate to an HTTPS website will see a prompt to 
> accept the SSL certificate the same way they would if using a 
> self-signed certificate.  This certificate can be remembered by the 
> browser to avoid future warnings.  To avoid SSL warnings completely 
> and provide a seamless user experience, you can download and import 
> the private SSL certificate authority generated by the Joebox which 
> will allow clients to trust the SSL certificates generated by the 
> Joebox (this actually works very, very nicely)
>
> - Because both HTTP and HTTPS are filtered in the same way, blocking 
> sites like Facebook will actually work without the previous 
> work-arounds of using firewall rules or having to setup proxy servers 
> for HTTPS.
>
>
>
>
> New features have been added to MECguard for both HTTP and HTTPS:
>
> - A new feature has been added to force Youtube Safety Mode similar to 
> the Force Google Safe Search feature.
>
> - Support for Youtube School ID has been added.
>
> - The log viewer has been re-designed to be more responsive.  Full 
> URLs are now logged for HTTPS like they are for HTTP.
>
> - MECguard Anti-Virus scanning has been added (still experimental), 
> this feature is powered by ClamAV.
>
>
>
>
> If you're interested in becoming a test site in the next few weeks, 
> please drop me a note.
>
>
>
>
> --
> Ray Patrick Soucy
> Network Engineer
> University of Maine System
>
> T: 207-561-3526
> F: 207-561-3531
>
> MaineREN, Maine's Research and Education Network www.maineren.net



--
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network www.maineren.net

ATOM RSS1 RSS2