Friday, September 26, 2014

10 Things to Consider Before You Unblock a Website

Just recently, I was asked by a customer to provide some advice for their network administrators on unblocking sites. Sometimes you have to say no, but how do you decide which to give the green light to? Here are some points to bear in mind...

  1. Have you looked at the whole site? There may be different content on some of the links.
  2. Is the domain a generic one? Maybe many sites are served from this domain. Can we limit the unblock into just one specific URL?
  3. Will the content change in future? If it is dynamic, what kind of content might be found there next week?
  4. Is there a better website people could visit for this same purpose? For example, there is no reason to unblock an image search engine other than Google Image Search, as it may not have all the safety features enforced by Smoothwall.
  5. What’s the reason the site was blocked? If it is a misclassification it should be reported to Smoothwall, and  it will get fixed for everyone.
  6. Do you want to unblock just this website, or all websites of this type?  Often it is better to adjust the categorisation (such as allowing all “sports” websites) rather than dealing with one at a time.
  7. Does it allow access to other pages surreptitiously, or draw content from other sites? Translation sites can cause this problem.
  8. You might be able to understand the risks of this site; but do your users? Children, for example, may not be easily able to understand risks of bullying or grooming on a social network, and less technical users might inadvertently leak sensitive information on file sharing sites.
  9. Are there any regulations or risk assessments you need to consider before unblocking this site?
  10. Does the site rely on 3rd party resources?  You can use the advanced Policy Test Tool to examine these. Are these locations also safe with regard to points 1-9?


Thursday, September 11, 2014

Web Filtering Is Not Glamorous, but You May Still Make the Paper

What may be done at any time will be done at no time. 
  ~ Scottish Proverb

Procrastination seems to be built into human nature somehow; some problems become crises before being dealt with. In the beginning, most web content filtering problems are virtually unnoticeable. Maybe it’s because they always seem to start so small they’re nearly innocuous: A slip here, slide there. And who really wants to deal with web filtering and make it a priority?

Web content filtering isn’t glamorous. Other issues feel more pressing, like network failures on testing days. Some issues are just more pleasant to deal with, like procuring new hardware. And let’s face it, students won’t sing your praises for bulletproofing your web filter. It is, however, necessary. Unlike rescheduled test days or network performance issues, a web filter failure will get your name in the paper.

Take Glen Ellyn Elementary District 41 near Chicago, Illinois. After a web filter failure there, in which fourth and fifth grade students were caught viewing pornography on the playground, parents combined forces to bring to light “other instances of inappropriate computer usage at district schools.” All together, the story originally broke in early May, but once on radar with the press, progressive coverage of events becomes standard. The most recent update on Glen Ellyn was published in August.

Another example of this phenomenon happened in Forest Grove, Oregon. A student there was using her IPad to look at erotica through the literature curation website Wattpad. The story was a follow-up in response to an investigational piece by the local news which focused on student agility in filtering circumvention.

And it isn’t just emergencies that get a school noticed for its web filtering policies. Apparently even over blocking of sites is press worthy, as indicated by the Waseca County News, on grounds that it is unfair. Sometimes the discussion even gets political, as it did in Woodbury, Connecticut, where a student doing research noticed that there seemed to be uneven blocking of conservative branded sites.

There are also probably more instances of web filtering gone bad that go unreported, but there’s really no way to tell how a filtering fumble will shake out before it hits the press. Of course, that begs the question; with so much at stake, why take the risk? Like laundry, dishes, or getting your oil changed, making sure your web filter is up to the challenge is the first small step in making sure that your students are protected, but it’s an important one. Perhaps it’s time to schedule some time

Monday, September 1, 2014

Red Letter Day for Onanists and Internet Fraudsters

Yesterday a number of explicit photographs of celebrities, including Jennifer Lawrence, were leaked on the Internet. I'll get to that in a moment. First, if you read no further, read this:

Don't go looking for these photographs, and don't click any links sent to you purporting to be them.

If you must look, we've hosted them all here. Seriously, we have been out a-searching since the news broke, in order to protect our users from the inevitable tide of malware links that have already begun to spring up. The major search engines work hard to keep malicious sites seeded with "current event" keywords from popping up, but this time will be harder, as the sites offering these images will often be similar to those offering the malware.

Now I am going to break from the norm. Most security blogs include the advice "don't take nude photos". I'm not going to ask you to quit. If that's your bag, keep at it — but bear in mind that your photo collection is now worth more. It's now worth more to an attacker who wants to populate their porn site, or to  blackmail you. It is also worth more to you, for the peace of mind of those images being kept private.

If we said the answer was "don't do it" every time doing something on the Internet resulted in a problem, we wouldn't have Internet banking. Or the Internet, come to think of it. So no, you absolutely should store your personal photos on the Internet. You just need to take further steps to ensure they are secure.

These steps include:

1. Make sure you know where your photos are. Many phones now automatically send your images to the NSA/GCHQ etc. under the guise of backup. This can be turned off. Weigh up your dismay at not having your photos any more, vs. the chance of them being stolen. Personally, I vote for backup, as anyone who pinches my pictures will find a heady combination of safari shots, and pictures of serial numbers for things I need to fix. Remember any other backup services (DropBox, Mozy, Backblaze, Crashplan et al) that you use here as well.

2. Secure the photos on-device. If your PC has no password, and your phone regularly sits around unlocked, there's no point hacking your backups. Seems obvious, but the proportion of people who take nude selfies is greater than those who use a lock screen. Apparently.

3. Use a password you use nowhere else. No, really. I mean it this time. I know you ignored me when I said "use a different password everywhere". Look, I forgive you, because I like you. But this one is pretty serious. Don't share the password with the one you use on a messageboard, or for grocery shopping.

4. Turn on "two step verification", "two factor authentication" or whatever anyone's calling it these days.

5. Secure the reset channel. Password resets are a good way to break an account. This could be email (password and 2 factor advice applies here), phone (PIN protect your voicemail!), or silly security questions that anyone with access to your Facebook can answer (make like Graham Cluley and tell them your first pet was called "9£!ttty7-").

A final word on this: watch for those malware links. They're already out there.