Transparent Filtering & SSL Intercept
An ordinary proxy server can’t transparently filter HTTPS traffic—but our innovative add-on can!
If your school—like most—participates in the federal E-rate program, then you know you’re required to filter incoming Internet traffic.
That’s a pretty straightforward mandate. But then along comes bring your own device and a big snag: Popular BYOD gear—like iPads, iPhones, and Android phones and tablets—rarely (or poorly) support proxies.
What’s a school to do?
Get our simple add-on: SecureSchool Transparent Filtering. It’s perfect for proxy-unfriendly portable devices and works with any computer on your network you can’t (or don’t want to) configure with proxy settings.
How does it work?
This cleverly designed tool acts like an explicit HTTPS proxy, but it’s transparent. And here’s the crafty part: It works by dynamically opening and closing firewall ports to allow or deny access to sites on the Internet.
What about HTTPS traffic?
Now that HTTPS sites are propagating like crazy (thanks to the NSA’s spying-stunt “reveal” in 2013), actual content filtering is impossible for garden-variety filters.
Problem: HTTPS content is encrypted, so filters can’t view it. Non-viewable content cannot be content filtered.
One solution is to create a blacklist and block URLs completely. But some sites contain good and bad content—like Google, Wikipedia, and YouTube—so banning them outright would deprive students and staff of important resources.
Blacklists are also difficult to update and maintain, since new sites pop up every day and can’t all be scrutinized.
The best solution is dynamic, real-time filtering—which offers tons more flexibility. It examines the content on each page and decides if it’s acceptable or not. For example, certain pages on Wikipedia—such as “Porn Stars”—would not be allowed. But something like “Star Wars” would be permitted.
Enable the SSL Intercept feature in your SecureSchool box, and you’ll be dynamically filtering HTTPS traffic in real time.
Like a trusted man in the middle (TMITM) it:
- Decrypts incoming and outgoing traffic
- Unencrypts the content
- Dynamically filters the content by examining what’s on the page
- Determines if the on-page content is permissible or not
- Re-encrypts the page and accepts or rejects it, depending on its permissibility score
To get started:
- For dynamic real-time filtering with Advanced SSL Intercept, install certificates (manually or via a network-management tool) on participating workstations
- To skip certificate installation (which can be a huge pain, especially with BYO devices), opt for our Simple SSL Intercept
- For optimum convenience and flexibility, mix and match Advanced and Simple versions in one network
- Flexible administrator management — Assign distinct levels of filtering for different users; for example, teacher iPads can be filtered differently than student iPads
- Up-and-running quickly — Can be enabled on any network in moments
- No need to configure proxy server settings in users’ web browsers
- 32- and 64-bit OS support
Transparent Filtering and SSL Intercept are reasonably priced—go to our rate calculator now for fee info.