Keeping children safe online can feel like an uphill battle for schools. The digital landscape is constantly changing, cybercriminals are armed with increasingly sophisticated technology, and new digital threats are emerging all the time. On top of this, IT staff and DSLs have to contend with the fact that some of the very students they are trying to protect will attempt to bypass the provisions put in place for their safety. This is the case with school filter avoidance.
School filter avoidance puts both student wellbeing and a setting’s cyber security status at risk. This article covers some of the main techniques to watch out for, and provides three strategies to prevent students from getting around school filters.
Common school filter avoidance techniques
Exploiting HTTPS
HTTPS is the secure form of HTTP that uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption to obscure the data that is transmitted between a device and a web server. It’s often used for security reasons, for example, to prevent third parties from accessing sensitive information such as login details. Students may exploit HTTPS to conceal the content of web pages they are visiting. It can be applied to the extent that filters are only able to identify domain names, which in many cases give little indication of the nature of material being accessed.
Browser extensions and unauthorised plugins
Extensions and unauthorised plugins may provide a route through which users can extend browser functionality to facilitate web filter avoidance. Students can use them to mask IP addresses, change how web traffic is routed, disable or modify web content, or encrypt traffic. It is for this reason that the Department for Education (DfE) directs schools and colleges to ensure that “users cannot download additional browsers or unauthorised plugins.”
Encrypted Client Hello (ECH)
ECH is a privacy feature that encrypts the Server Name Indication (SNI) during the process that establishes a secure connection between a client (such as a web browser) and a server (such as a website). The SNI is a critical part of this initial communication, as it reveals the details of the exact page a user is attempting to visit. As ECH is increasingly applied to the web, schools using filters that rely on viewing web traffic across the network may struggle to accurately assess harmful pages.
Anonymous proxies
Anonymous proxies allow users to hide their internet activity behind a decoy domain name. For example, the address bar may read “www.imasafesite.com”, but if the page is a proxy, it acts as an intermediary server between the device and the websites a user is actually trying to access, allowing for anonymous browsing. New anonymous proxies are constantly being generated, and lists of them can be found on platforms popular with students.
Virtual Private Networks (VPNs)
VPNs provide another way for students to mask their internet activity. They create an encrypted tunnel between a device and an external server. When a student connects to a VPN, their internet traffic is routed through the external server, making it appear as though they are browsing from a different location. This allows them to deceive web filters that act in response to IP addresses or location, and the encrypted tunnel can hide their true actions.
How to prevent students bypassing school filters
Educate students on web filtering
An understanding of how web filters work and why they’re necessary in school settings can encourage students to respect filtering protocols - or at least discourage attempts to circumvent them.
Filtering isn’t designed to block students from any part of the internet that is vaguely interesting or fun. A good filter actually ensures that students can access as much of the web as possible, without putting them in harm’s way. Filters also protect school networks from security threats, which in turn keeps private data safe and ensures education is not disrupted.
School policies around internet use (and the consequences of breaching them) should be clearly communicated to students. As the digital landscape is constantly evolving, conversations around safe and responsible use of technology need to be open and ongoing. Students should feel confident that they can ask questions on filtering and report any related concerns they may have.
Of course, no matter how well-educated students are on digital safety, there will always be those who attempt to evade safeguarding systems. As a result, you still need to ensure that there are appropriate mechanisms in place to identify and thwart attempts to bypass web filters.
Invest in a robust web filtering system
The first line of defence against school filter breaches is the filter itself. If it’s not up to the job, IT staff may find themselves spending a significant amount of time responding to incidents of filter avoidance. Web filters need to be kept up-to-date and, at least once every academic year, undergo a full review to ensure they are working effectively.
There are a number of different web filters used in schools, and the DfE directs organisations to select a solution that is “appropriate” for their needs. This should take into account specific risk profiles, such as the age of students and the number of devices in use.
Keep in mind that students today are digital natives, which means they are often able to master new technologies very quickly. Combined with the determination and time they may have to persistently test the limits of filtering, tech-savvy students can pose a real challenge to these solutions. Furthermore, when techniques for filter avoidance are successful, they might be shared with others before administrators have time to address system vulnerabilities.
Real-time, content-aware filtering
The more advanced the filter, the harder it is to circumvent. The filter safety pyramid above shows the types of filtering used in education in order of their ability to mitigate online risks, which include filter avoidance. Only real-time, content-aware filtering sits in the “safety zone”, and it offers the most robust defence to filter avoidance.
Content-aware filters permit or restrict access to web pages based on assessments of their content, construction and context. This enables them to view the data that reveals a page is hosting an anonymous proxy, for example - even if it is hidden behind HTTPS.
A potential challenge for content-aware filters is the fact that tools like anonymous proxies tend to move quickly between different domains to avoid detection. As a result, there can be a delay between a new proxy site appearing and it being accurately assessed by the filter, during which time students may use it to access harmful content. When content filters use web scraping by the filter vendor to assess content, it can often be detected by the proxy sites, which hide themselves and return benign content instead.
Real-time, content-aware filters overcome these issues by assessing entire pages for risk at the point of request. If a student attempts to visit a proxy site, the filter will recognise it as such and block it, even if it was only published seconds earlier.
This dynamic approach also protects students in cases where pages previously deemed safe are hijacked for nefarious means, such as to promote links to proxies or VPN software. The filter conducts an instant assessment of a page’s current form, so there is no delay between harmful content going live and access to it being restricted.
In-browser filtering techniques
In-browser filtering techniques also protect against VPNs and other types of encryption, as data is inspected just before it is presented to the user, in its decrypted state. Such filters are protocol agnostic and therefore unaffected by ECH, DoH, VPNs, and the host of TLAs that make up the encryption space.
Note that “in browser” is not the same as “on device” - some on device filters use the same network based techniques locally, and these are just as susceptible to encryption.
Utilise digital monitoring to identify attempts at filter avoidance
While filters manage access to online content, monitoring helps schools identify harmful digital behaviours, including attempts to bypass filters. Having digital monitoring in place can act as a deterrent in itself. In addition, by registering keystrokes and taking screenshots when potential risks are identified, digital monitoring systems can provide schools with valuable evidence of any activity that enables filter avoidance.
This extra level of security offers multiple benefits. It helps safeguarders stay abreast of the latest tactics used to bypass filters and prevent avoidance techniques being shared amongst students. The data produced by digital monitors can also be used to inform digital safety curriculum to promote responsible use of devices.
Smoothwall Filter: Your best defence against school filter avoidance
Smoothwall Filter is the leading filter in UK education and the only solution that offers schools 100% real-time, content-aware filtering.
It delivers unparalleled protection against school filter avoidance by:
- Detecting malicious content that is hidden, including behind Secure Socket Layer (SSL)
- Enabling identification of unknown or new sites and technologies the moment they go live
- Utilising specific categories to block VPN technologies and proxy services
- Quickly alerting safeguarding staff to any filtering breaches
- Offering deployment directly to devices, to prevent filtering being impacted by security features such as Encrypted Client Hello (ECH)
- Providing enhanced security and adaptable filtering technology that avoids overburdening IT staff
To learn more about school filter avoidance, or book a no-obligation demo of Smoothwall Filter, contact our experts at enquiries@smoothwall.com. We’re ready to help.
Essential reads hand-picked for you...
- 4 Ways Real-Time Filtering Helps Schools Meet & Exceed DfE Guidelines
- Web Filtering Solutions: What Schools, Colleges and MATs Need to Know
- What is Real-Time, Content-Aware Web Filtering?
