Whether they’re downloading the latest app, streaming the big game, or using the latest hardware, kids often seem miles ahead of adults in understanding—and mastering—technology.
Unfortunately, that same technological prowess can cause them to have risky online behavior. Sites like this even spell out for students how to easily bypass school web filters—and not all mention the potential repercussions of doing so.
To protect your students from harmful online content and stop them from getting around your school’s filter, you must know what you’re up against. In this post, we examine how kids get past school filters every day and the steps you can take to prevent it.
Your device and access settings aren’t locked down
By far the most common way students can get past a school’s web filter is by exploiting the device’s weak spots. This can result from your device and access settings not being properly locked down.
For instance, students may attempt to use Virtual Private Networks (VPNs) or Network Proxies to scramble data and obscure IP addresses, so your filter doesn’t recognize a restricted site is being accessed from within the school’s network. To prevent this, schools need to lock down devices to prevent the installation of external software or any modification of network settings.
Students may also try downloading browser extensions that can let them use the internet without being identified, enable data encryption, and allow the user to create anonymous IP addresses. To combat this, schools can lock out unauthorized and unmanaged extensions by controlling what browsers are on the device and leveraging Google Admin, Group Policy, or other administrative methods to manage access. For BYOD devices, it’s necessary to have DNS-based filtering that protects the network and kicks users off if they don’t use the right service.
Lightspeed Quick Tip: You can leverage administrative settings provided by Microsoft Group Policy, Google Admin Console, and more to lock down browser access and manage extensions loaded on the device.
Another weak spot students can exploit if your device and access settings aren’t properly locked down is using a Smart DNS, which sends a website request through another, separate server and therefore hides the user’s identity and location. With location masked, students can access restricted content. Devices should never be allowed to use their own DNS servers. Restrict devices to your approved networks and create settings that automatically kick off any users that don’t use your network settings for BYOD.
Then, if students can access proxy websites freely, they can bypass restrictions in a similar way to how a VPN or Network Proxy would let them bypass. Lightspeed Filter™ (formerly Relay) offers features that can disable the student’s internet if a student continues to look for a proxy website and notify your school’s IT admin via email.
By launching a browser, such as Firefox, that they’ve brought to school on a USB, students can end up unfiltered. Make sure USB drives can’t launch a browser on your devices. Web filters, like Lightspeed Filter, can help stop this bypass by filtering external browsers.
Next, if your school is in an area that overlaps with free public Wi-Fi networks, it can give students easy access to unfiltered internet. Even if public (and unfiltered) Wi-Fi networks aren’t available to students, omnipresent cellphones can be turned into shareable hotspots that enable students to access any content. Locking down device settings and using a filter that doesn’t rely on internet source to work can shut down this option. Schools can use wireless jammers inside the building to prevent BYOD access to public networks and disable non-school network sources.
Finally, by utilizing Chrome features such as Developer Tools, Incognito Mode, Guest Mode, or exploits related to sign-in pages, students can gain access to a browser that does not load any filtering extensions.
Lightspeed Quick Tip: Besides simply locking down browsers and extensions on the device, you can take it a step further to ensure that no browser loads without the properly approved extensions by locking out Developer Tools, Incognito Mode, and Guest Browsing Mode. Additionally, you can force users to only log in with your district’s accounts and stop access on Chromebooks to the Chrome Login page which has methods to open an extensionless browser by blocking “Chrome://chrome-signin/” in your admin settings.
Your web filtering software isn’t strong enough
If your school’s K-12 filter isn’t strong enough, it leaves your school open to students bypassing it.
For instance, students can access the web anonymously by using a proxy website. Proxy websites also keep teachers from monitoring what students are looking at. Schools need an effective filtering solution that quickly identifies and blocks proxy sites. Solutions like Lightspeed Filter have advanced categorization technology that specifically identifies and categorizes proxies so they can be easily blocked for all students.
Then, if a filter is designed around blocking certain domain names or relies on DNS to perform filtering, searching for the IP address directly allows students to circumvent detection. Schools need a filtering service that sees more than just the DNS request, and one that categorizes IP addresses as well as the hostname, so they can build policies that are enforced even for IP addresses directly. Lightspeed Filter is a great solution for this that will protect you no matter what type of URL or IP is queried by a student’s device.
How Lightspeed Filter helps keep your devices protected
Lightspeed Filter helps schools prevent filter bypassing. It provides your IT team with cloud-managed, device-level protections and solutions for every device, operating system, and learning environment—along with access to the most highly trained support engineers available.
Our software automatically categorizes unknown websites the moment they are first accessed, typically updating within a few minutes. You also can set your filtering to automatically block unknown websites, meaning, any new or up-and-coming security threats cannot be visited until they are categorized and known to be safe. Any new proxies that are created will be queued up the moment someone attempts to visit it, causing the proxy to be quickly categorized and blocked by Lightspeed Filter.
Our customers have access to the best support and engineering staff. And Lightspeed support engineers know all the tips and tricks to lock down browsers correctly, stop bypassing, and fix issues to help our customers keep their students safe online.