Content filtering in schools - testing the system
In most schools, computers with Internet access should have a content filtering system from the center for analyzing Internet resources . I got myself a copy to test the system.
The system is arranged quite simply: when the page loads, it is checked whether the page is in the list of “bad” sites, if not - access is allowed. If the site is in the database - the user sees This:
I installed the filter on a virtual machine based on Windows XP SP3. There were no problems with the installation, the installer himself picked up the file lying next to the license and suggested using it.
')
After installation, a funnel icon appeared in the tray. Opening the "Management Console":
More screenshots, clickable:
To be honest, I expected much more, there are practically no settings.
At the same time, there are functions without settings — for example, a filter by “terms” —the words that are not compatible with the learning process are replaced with hyphens in the query. The list can not be changed, as well as disable this filter.
I was even more upset when even Google and Yandex were blocked in the blocking mode of sites that are not in the database. It turns out that I have no choice how to filter sites - usually I could choose between the constant addition of a white list, but guaranteed security and with the addition of a black list, but with guaranteed openability of good sites.
I started checking, not expecting a good result.
The system shows quite average results. Porn and sex dating are blocked almost completely. Only TPB and zaycev.net are blocked from trackers and music sites. Satanists and proxies are blocked once.
Here I found a serious enough vulnerability - https is absolutely not filtered at all, and there is no port blocking. It seems that you can not do without additional software.
It is unlikely that at school anyone who did not get access to classmates and VKontakte would not have started trying to break the filter. I think the best defense is attack :). I was offered several options for hacking the filter - from the usual proxy to hacking the administrator password.
Idea : Start traffic through a proxy.
Performance : Not working, the filter continues to filter.
Idea : Opera turbo uses its own algorithm for compressing pages. Maybe the filter will miss?
Performance : Filter anyway. Moreover, to put Opera, you need administrator rights.
Idea : to close access to the filter in the Internet.
Performance : There is a daw in the filter that will block the site if the filtering servers are unavailable.
Idea : Change the administrator password, log in and disable the filter.
Performance : Should work.
Protection : Since it is necessary to boot from other media, it is not difficult to defend oneself. It is necessary to put the hard disk first boot device, disable booting from floppy disks, flash drives and disks, set a password on the BIOS.
Idea : Find the settings file, change the settings so that the filter is turned off.
Performance : I could not find the settings. In the folder where the filter is installed, there is a DB folder, the files in it are saved with something tricky, you cannot rename it while the filter is running - it swears for lack of access.
Idea : Find a web proxy and watch the Internet through it.
Performance : Works, but forms continue to be filtered. The issue of Google is no longer filtered.
Protection : Hope that all proxies will be cut by the filter. If a student installs a proxy to his hosting, nothing can be done, just block the site after it is used. With a regular study of the logs allows the student to ravage on hosting and domains.
I did not test VPN, but such a system should not work either.
So, I found several security issues. Everything, except one (it, by the way, is caused by another), is rather simple to correct.
Problems with https are corrected by installing a firewall, and prohibiting programs from breaking into all ports except 80 (HTTP) and 53 (DNS). You can allow access only to the system, filter and browser. Be sure to prohibit the user to change the settings.
Problems with resetting the password are solved by the BIOS settings - boot only from the hard disk drives, the user is not allowed to enter the settings.
The problem with the web proxy, unfortunately, is not fixed by simple means.
A medium level system is enough that you can make it pretty good to filter sites using firewall tools. Without a firewall is better not to use. There would be another site rating policy (Put all sites in the system) and https filtering would be even better.
PS I want to transfer to Education 2.0, but I don’t have enough karma. Thank!
How it works?
The system is arranged quite simply: when the page loads, it is checked whether the page is in the list of “bad” sites, if not - access is allowed. If the site is in the database - the user sees This:
Install
I installed the filter on a virtual machine based on Windows XP SP3. There were no problems with the installation, the installer himself picked up the file lying next to the license and suggested using it.
')
Customize
After installation, a funnel icon appeared in the tray. Opening the "Management Console":
More screenshots, clickable:
 |  | |
To be honest, I expected much more, there are practically no settings.
At the same time, there are functions without settings — for example, a filter by “terms” —the words that are not compatible with the learning process are replaced with hyphens in the query. The list can not be changed, as well as disable this filter.
I was even more upset when even Google and Yandex were blocked in the blocking mode of sites that are not in the database. It turns out that I have no choice how to filter sites - usually I could choose between the constant addition of a white list, but guaranteed security and with the addition of a black list, but with guaranteed openability of good sites.
I started checking, not expecting a good result.
Check
The system shows quite average results. Porn and sex dating are blocked almost completely. Only TPB and zaycev.net are blocked from trackers and music sites. Satanists and proxies are blocked once.
Here I found a serious enough vulnerability - https is absolutely not filtered at all, and there is no port blocking. It seems that you can not do without additional software.
Hacking
It is unlikely that at school anyone who did not get access to classmates and VKontakte would not have started trying to break the filter. I think the best defense is attack :). I was offered several options for hacking the filter - from the usual proxy to hacking the administrator password.
Proxy
Idea : Start traffic through a proxy.
Performance : Not working, the filter continues to filter.
Opera Turbo
Idea : Opera turbo uses its own algorithm for compressing pages. Maybe the filter will miss?
Performance : Filter anyway. Moreover, to put Opera, you need administrator rights.
Denying access to the service
Idea : to close access to the filter in the Internet.
Performance : There is a daw in the filter that will block the site if the filtering servers are unavailable.
Password cracking
Idea : Change the administrator password, log in and disable the filter.
Performance : Should work.
Protection : Since it is necessary to boot from other media, it is not difficult to defend oneself. It is necessary to put the hard disk first boot device, disable booting from floppy disks, flash drives and disks, set a password on the BIOS.
Change settings in the file
Idea : Find the settings file, change the settings so that the filter is turned off.
Performance : I could not find the settings. In the folder where the filter is installed, there is a DB folder, the files in it are saved with something tricky, you cannot rename it while the filter is running - it swears for lack of access.
Web proxy
Idea : Find a web proxy and watch the Internet through it.
Performance : Works, but forms continue to be filtered. The issue of Google is no longer filtered.
Protection : Hope that all proxies will be cut by the filter. If a student installs a proxy to his hosting, nothing can be done, just block the site after it is used. With a regular study of the logs allows the student to ravage on hosting and domains.
I did not test VPN, but such a system should not work either.
Protecting
So, I found several security issues. Everything, except one (it, by the way, is caused by another), is rather simple to correct.
Problems with https are corrected by installing a firewall, and prohibiting programs from breaking into all ports except 80 (HTTP) and 53 (DNS). You can allow access only to the system, filter and browser. Be sure to prohibit the user to change the settings.
Problems with resetting the password are solved by the BIOS settings - boot only from the hard disk drives, the user is not allowed to enter the settings.
The problem with the web proxy, unfortunately, is not fixed by simple means.
We summarize
A medium level system is enough that you can make it pretty good to filter sites using firewall tools. Without a firewall is better not to use. There would be another site rating policy (Put all sites in the system) and https filtering would be even better.
Source: https://habr.com/ru/post/60616/
All Articles