Web Filtering Best Practices for K-12 Education
Granular Social Media Controls – Simple URL filtering does not provide the granularity of control required to adequately enforce child protection requirements on complex, multipurpose social sites like Facebook, Twitter, Google and YouTube. Look for technology-based filters that can provide granular control over specific application functions such as searching, posting, sharing, apps permissions, comments and live chat so that teachers can safely enable social learning opportunities in the classroom.
BYOD Access Controls for All Devices – Mobile devices can be valuable learning tools. Just like internal devices, they need to be authenticated, filtered and monitored for visibility and CIPA compliance. Ensure that you select a system that creates sufficient accountability when students bring their own devices to school. Try to avoid solutions that require a client or app install for BYOD since that creates additional support and privacy concerns.
1:1 Support – More and more often, students are being issued school-owned devices such as tablets and laptops as learning tools. For proper web protection, they require technology that filters web content off network, just as it would internally.
YouTube for Schools Support (even over HTTPS) – YouTube for Schools provides safe access to thousands of high quality educational videos. Utilize a solution that has the flexibility to enforce safe viewing of educational videos for selected user groups. Test your existing solution via https://youtube.com and see if you’re actually CIPA compliant.
Selective SSL / HTTPS Session Decoding & Inspection – SSL is the fastest growing traffic type in schools. Real-time, inline SSL decryption is a key requirement as it enables full protection and filtering of HTTPS encrypted traffic. This also assists in preventing proxy avoidance and virus based threats. CIPA does not provide an exception for SSL based traffic, meaning if you allow SSL traffic, it must be adequately filtered. Some solutions require an agent to be deployed on each computer for SSL filtering. Consider the cost of deploying and maintaining those agents when establishing TCO or select a solution that doesn’t require agents.
Performance & Scalability – Web filters need to offer versatility, scalability and reliability. Essential functions include High Availability, scalability beyond 10Gbit/s and providing enough capacity to cope with increasing throughput demands in the next-gen learning environment. Also, look out for pricing that is tied to bandwidth as future network upgrades could require costly hardware or licensing expenditures.
Advanced Threat Protection – Nearly all malware infections within schools come through the Web. Ask about how your web filtering product can help isolate infected endpoints. Also consider solutions that offer multiple levels of advanced, proactive threat protection. Look for solutions that compliment your desktop Anti-Virus strategy. For example, if your desktop AV uses signature-based approach, look for a Web filter that offers a behavior based (sandbox) approach.
Real-Time, Dynamic Dashboards and Activity Viewing – Real-time dashboards of network activity and audits of what users are doing are essential. Being able to identify the traffic flow from a specific user, device or IP is critical to understanding your network and crafting effective policies. Flexible dashboard views also create visibility as to the performance and health of the network and filtering system.
Roles-Based policies, Administration & Reporting – Technology-based filters can provide varying levels of administrator access and enable flexible delegation of reporting and configuration privileges. Granular role-based administration allows districts that centralize filtering to consider delegating selective permissions.
User directory integration (group membership and authentication) – Utilize a solution that seamlessly and granularly leverages your existing directory infrastructure to establish filtering policies based on group permissions, in addition to selective IP ranges, VLAN and BYOD authentication. Pay attention to the complexity of the integration and TCO if authentication agents are required.
Outstanding Support – Partner with a solutions provider that is committed to understanding your needs and will allocate sufficient technical resources to the sales process. Ask them to demonstrate how their proposed solution will work in your environment. Ensure that your implementation plan involves adequate integration and training resources.