Ray, MSAD/RSU #60 would be willing to be a test site for this. Eric Chellis Network Manager MSAD #60 388 Somersworth Rd. North Berwick, ME 03906 207.676.2234 x302 (Voice) 207.451.3296 (Cell) On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange < [log in to unmask]> wrote: > Hi Ray, > I am the Network Manager for MSAD-61, and I am definitely interested in > testing this filtering method. HTTPS (in particular > https://www.facebook.com) is a loophole that our students quickly found > out about, to circumvent the filter. We have a JoeBox and MecGuard > enabled at the HS/MS. Please feel free to contact me at the address below > so we can discuss the details. > Thank You, > Rick Lange > IS Network Manager > Maine School Administrative District 61 > 900 Portland Rd. > Bridgton, ME 04009 > [log in to unmask] > __________________________________ > > > > On Wed, Oct 24, 2012 at 12:43 PM, Ray Soucy <[log in to unmask]> wrote: > >> After months of development with MECnet, we're finally ready to start >> testing the new Joebox code base that introduces transparent HTTPS >> filtering for MECguard. >> >> I'm currently looking for a volunteer site (or two) to test this new >> filtering method. Ideally this would be a site that does not >> currently filter HTTPS so it could be enabled or disabled on a >> per-group basis without having to make sweeping changes to your >> existing environment. >> >> >> >> Here are the details on the new release of MECguard SSL: >> >> - Transparent process, when enabled for a group the Joebox intercepts >> HTTPS traffic for clients the same way it does for HTTP. >> >> - The Joebox establishes separate SSL sessions between the requested >> site and the client, decrypting and scanning page content, then >> re-encrypting and delivering to the client. This process is isolated >> within the MECguard process and there is no way to log or sniff data >> in the brief time it is unencrypted to preserve user privacy. >> >> - Because the Joebox now decrypts HTTPS requests to scan them, >> MECguard is able to filter HTTP and HTTPS using the same methods. >> This means a simpler configuration, and full support for HTTP >> filtering features, including full URL block/allow support, filter >> bypass/override support, and features such as "Force Google Safe >> Search". >> >> - The Joebox generates SSL certificates of its own on-demand. This >> means that users who navigate to an HTTPS website will see a prompt to >> accept the SSL certificate the same way they would if using a >> self-signed certificate. This certificate can be remembered by the >> browser to avoid future warnings. To avoid SSL warnings completely >> and provide a seamless user experience, you can download and import >> the private SSL certificate authority generated by the Joebox which >> will allow clients to trust the SSL certificates generated by the >> Joebox (this actually works very, very nicely) >> >> - Because both HTTP and HTTPS are filtered in the same way, blocking >> sites like Facebook will actually work without the previous >> work-arounds of using firewall rules or having to setup proxy servers >> for HTTPS. >> >> >> >> >> New features have been added to MECguard for both HTTP and HTTPS: >> >> - A new feature has been added to force Youtube Safety Mode similar to >> the Force Google Safe Search feature. >> >> - Support for Youtube School ID has been added. >> >> - The log viewer has been re-designed to be more responsive. Full >> URLs are now logged for HTTPS like they are for HTTP. >> >> - MECguard Anti-Virus scanning has been added (still experimental), >> this feature is powered by ClamAV. >> >> >> >> >> If you're interested in becoming a test site in the next few weeks, >> please drop me a note. >> >> >> >> >> -- >> Ray Patrick Soucy >> Network Engineer >> University of Maine System >> >> T: 207-561-3526 >> F: 207-561-3531 >> >> MaineREN, Maine's Research and Education Network >> www.maineren.net >> > > > > >