Solving Technical Safeguarding Problems
These articles describe some of the detail, solutions, risks and problems associated with providing safe Internet access for children / pupils and students in a School or College environment, or Internet access to other vulnerable or high risk individuals.
Many of these issues are also applicable to organisations who have a duty of care to employees, or are required to deploy robust technology to prevent intellectual property theft or exfiltration or as part of the suite of technical controls used to comply with data protection legislation.
There are many technical solutions and controls that can be applied each of these issues, in order to have an effective solution, multiple technologies including firewalls and external intelligence feeds & processing are required.
We detail these in an accessible manner, providing an overview of the problem(s), enabling an understanding of the issues and possible solutions for non-technical and technical users alongside how the products and services we offer may form part of a comprehensive solution.
We also describe some real world issues, organisational complexities and common user circumventions of some of the controls and what can be done to mitigate those gathered from our consulting engagements.
There are many hundreds of applications and protocols available for use to circumvent firewall and other organisational Internet controls, either paid for or free in “App Stores” or elsewhere, often with in app purchases available. These contain a variety of features and technologies utilised to bypass firewall and next generation firewall controls and allow users unrestricted Internet access.
These applications are often promoted and sold as privacy or security applications, but the reality is they are designed to circumvent firewall and content controls, bypass “geo based” content restrictions and prevent age related parental or organisational controls.
Often users will route traffic via third party countries that do not have an equivalent privacy framework or protection in place, allowing their traffic to be monitored, intercepted and possibly have its integrity or the users privacy compromised.
Some of these applications take advantage of the user providing administrative access to applications to enable VPN configuration, install proxy services etc. to also install indexing and monitoring software, effectively installing malware.
Managing Domain Name System (DNS)
Managing Commercial VPN use
Managing Torrents
Managing Tor
Managing Proxy use.
Effective User identification on the Firewall
Effective Policies
Effective Firewall configuration
Logging and Privacy
Managing organisational devices
Managing Personal devices (BYOD)