LISTSERV - JOEBOX-L Archives

JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

	LISTSERV Archives
	JOEBOX-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Transparent HTTPS Filtering Trials
From:	Lori Faulkner <[log in to unmask]>
Reply To:	Joebox User <[log in to unmask]>
Date:	Thu, 25 Oct 2012 10:24:30 -0400
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (4 kB) , text/html (9 kB)

I am also thinking like Ray. I would like to find a way to implement some
filtering on the mlti laptops that give them the same restrictions at home
that they have here at school. I think it is coming to the point that we
are providing the technology and we need to start doing a CYA campaign for
that program.

Lori

Keep the faith; its all about the climb!

©º°¨¨°º©©º°¨¨°º©©º°¨¨°º©©º°¨¨°º©©º°¨¨°º©©º°¨¨°º©
Lori Faulkner
Technology Director

(207) 453-4200 ext. 2219
School Administrative District #49
mailto: [log in to unmask]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

*From:* Joebox User [mailto:[log in to unmask]] *On Behalf Of *Swift,
Randy
*Sent:* Thursday, October 25, 2012 10:17 AM
*To:* [log in to unmask]
*Subject:* Re: Transparent HTTPS Filtering Trials

I do not use the joebox for filtering/firewall. I am curious as to if the
joebox has dns forwarding cababilities? In my firewall I just dns forward
facebook.com to 10.1.0.0 and they cannot get to facebook using http or
https. Thanks

On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange <
[log in to unmask]> wrote:

Hi Ray,
I am the Network Manager for MSAD-61, and I am definitely interested in
testing this filtering method. HTTPS (in particular
https://www.facebook.com) is a loophole that our students quickly found out
about, to circumvent the filter. We have a JoeBox and MecGuard enabled at
the HS/MS. Please feel free to contact me at the address below so we can
discuss the details.
Thank You,
Rick Lange
IS Network Manager
Maine School Administrative District 61
900 Portland Rd.
Bridgton, ME 04009
[log in to unmask]
__________________________________

On Wed, Oct 24, 2012 at 12:43 PM, Ray Soucy <[log in to unmask]> wrote:

After months of development with MECnet, we're finally ready to start
testing the new Joebox code base that introduces transparent HTTPS
filtering for MECguard.

I'm currently looking for a volunteer site (or two) to test this new
filtering method. Ideally this would be a site that does not
currently filter HTTPS so it could be enabled or disabled on a
per-group basis without having to make sweeping changes to your
existing environment.

Here are the details on the new release of MECguard SSL:

- Transparent process, when enabled for a group the Joebox intercepts
HTTPS traffic for clients the same way it does for HTTP.

- The Joebox establishes separate SSL sessions between the requested
site and the client, decrypting and scanning page content, then
re-encrypting and delivering to the client. This process is isolated
within the MECguard process and there is no way to log or sniff data
in the brief time it is unencrypted to preserve user privacy.

- Because the Joebox now decrypts HTTPS requests to scan them,
MECguard is able to filter HTTP and HTTPS using the same methods.
This means a simpler configuration, and full support for HTTP
filtering features, including full URL block/allow support, filter
bypass/override support, and features such as "Force Google Safe
Search".

- The Joebox generates SSL certificates of its own on-demand. This
means that users who navigate to an HTTPS website will see a prompt to
accept the SSL certificate the same way they would if using a
self-signed certificate. This certificate can be remembered by the
browser to avoid future warnings. To avoid SSL warnings completely
and provide a seamless user experience, you can download and import
the private SSL certificate authority generated by the Joebox which
will allow clients to trust the SSL certificates generated by the
Joebox (this actually works very, very nicely)

- Because both HTTP and HTTPS are filtered in the same way, blocking
sites like Facebook will actually work without the previous
work-arounds of using firewall rules or having to setup proxy servers
for HTTPS.

New features have been added to MECguard for both HTTP and HTTPS:

- A new feature has been added to force Youtube Safety Mode similar to
the Force Google Safe Search feature.

- Support for Youtube School ID has been added.

- The log viewer has been re-designed to be more responsive. Full
URLs are now logged for HTTPS like they are for HTTP.

- MECguard Anti-Virus scanning has been added (still experimental),
this feature is powered by ClamAV.

If you're interested in becoming a test site in the next few weeks,
please drop me a note.

--
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net

--
Randy Swift
Network Administrator
RSU#52 IT Dept.
21 Matthews Way
Turner, ME 04282
[log in to unmask]

ATOM RSS1 RSS2

LISTS.MAINE.EDU