Confronting the Modern Complexities of Web Filtering

coffee-924948_1920

Web filtering is an Internet security feature used to screen incoming web pages before the pages are displayed in an Internet user’s browser.   In the past, Web filtering was seemingly more straightforward with the use of tools such as invisible bridge settings, and the purposes built appliances like the Lightspeed Rocket Platform provided by Lightspeed Systems (www.lightspeedsystems.com). Presently, web filtering technology has evolved further, and users of the Internet must prove secure content by utilizing secure page encryption. This practice is being fueled by projects such as Let’s Encrypt.

Due to most websites using encryption, the analysis of content on a particular page is challenging.

Let’s Encrypt provides free SSL certificates, which encrypt personal and sensitive information such as usernames and passwords, to websites. These certificates are becoming easier than ever to obtain, and the task of filtering out inappropriate content has become increasingly difficult. Due to most websites using encryption, the analysis of content on a particular page is challenging.  Encryption only allows the filtering system to view only the client’s IP address, and the destination’s IP address, but not the actual content being loaded. This is especially problematic for schools because some education websites are hosted on shared servers that also host inappropriate content. Since the filtering system only sees the IP address of the webserver, the site with inappropriate content will be blocked, as will all sites hosted on that same IP address, whether inappropriate or acceptable. Another issue that encryption presents is the inability to view search queries on popular search engines. For example, if a student searches for  “guns” on Google, the filtering system might only capture that the student visited Google, rather than the inappropriate search for “guns” that the student had requested via the search query. These encryption barriers on the Internet are leading to ineffective filtering and reporting.

lightspeed_logo_2010_color_300dpi

Lightspeed, like most other content filters, has developed ways to combat ineffective filtering. By employing Lightspeed, an intermediary server called a proxy, can be deployed to your enterprise network via GPO’s (Group Policy Objects). A PAC file controls the proxy settings, and the file has two modes. The first mode proxies only items that are on the specified list. The second one, however, proxies all sites except for the items that are on the specified list, and creates an exclusion list. Although proxying with a PAC file may seem like an easy solution, there are flaws within it. The main disadvantage is that only computers that are on your specified network are proxied. This exercise does not affect the BYOD devices. There have also been issues with specific browsers not trusting the man in the middle between certificates. Although proxying is a good first step, it is not the best solution in effective filtering. Lightspeed has deployed its WCCP (Web Cache Communication Protocol) support to the latest versions of their platform. This feature requires a firewall that also supports WCCP.  With this feature, the proxy will be done at the firewall level, rather than the device level. In return, this allows us to proxy all devices on the network, not just on locally owned equipment. Since we are proxying at the firewall level, there is no need to deploy PAC files, and man in the middle certificates. This feature is beneficial because it brings the content filtering back to the original bridge set up, which keeps it transparent to users.

As the Internet continues to evolve, IT support must adapt to new strategies. Employing PAC files and WCCP are just some of the latest ways that IT services and vendors are adapting to the evolution of the Internet. As technology progresses, there will be new and inventive ways that will break filtering platforms. IT services will be forced to overcome these platforms with new and innovative methods.


Paying More for Poor Quality Never Makes Sense

IMG_0643

Paying more for poor quality never makes sense. Yet it happens more often than we’d like to think. Poor quality when it comes to your coffee lid may mean a stained garment. Poor quality in health care can mean your life. Somewhere in-between those extremes is your IT infrastructure. It may not mean your life (although it could mean your career) but it is definitely more significant than a coffee stain. High quality IT starts with good organization and a high level of skill. It also requires attention to detail. Something as simple as being neat and orderly can save precious time when diagnosing an issue or performing a significant roll-out.

On our website we liken a poorly maintained network to a poorly maintained swimming pool. You wouldn’t dare dip your toe in a murky pool so why would you entrust your precious data to a questionable network? Take for example a school district we started supporting a couple of years ago. A quick look at their network closets spoke volumes about how the network was being maintained. The administrators of the school district really only saw that their PC logged in the way it always had, not realizing the mess in the background. There were network IDFs installed in random locations without any thought or rationale. Equipment was stuffed on shelves without being properly secured. Cables were literally being supported by old telephone wires. It’s hard to imagine this was the infrastructure of a top New York school district.

Cables were literally being supported by old telephone wires.

Pay less for more

After closely evaluating what they were paying and even in spite of the state aid they were receiving, the school district found they could get support through our firm for much less money. Would paying less mean even worse quality? Absolutely not. Competition in business means vendors have to provide a better service at a better price in order to remain viable. But how can they do that? The trick is that in the service industry doing the job right the first time and then properly maintaining it actually requires less effort in the long run. It’s like a well-built engine that only needs service every 7500 miles. A poorly built engine spits oil after a few thousand miles. At the same time a well-built engine that’s worked on by a poor mechanic will never perform as well as it should and likely won’t last as long. Most of the time it will be sitting in the shop. However, a well built engine maintained by a master mechanic will run well for a long time without many unscheduled services. In the same way, an IT service provider that does quality work will operate more efficiently so they can charge lower prices while still being profitable. The customer ends up with a better product for less money.

Engineer working on servers in a newly wired server room.

Engineer working on servers in a newly wired server room.

Clean up takes time

The transformation doesn’t happen overnight. Often when we take on a customer we operate with a loss for a short period of time as we get their network cleaned up and operating at its peak performance. In some cases budget restraints mean having to run on older equipment that inherently requires more attention. Additionally, some projects like cabling remediation requires downtime and have to be scheduled with enough time. However, within the first year we are typically able to make some headway and getting things on the right track.

Moral of the story: Don’t pay more for poor quality.


Bigger and Better with Video Walls

2015-12-28-ETL-Rye Neck UFSD-Community Room-063

Video walls offer a number of advantages over traditional projector based large displays. They are brighter, last longer, and require less maintenance. There’s also the intangible “wow” factor that results from walking into a space to see a crisp image spread across multiple HD displays.

They are brighter, last longer, and require less maintenance.

In years past a video wall was a serious endeavor requiring complex engineering and difficult to manage display processors. However things have changed and many commercial display manufacturers include basic video wall processing right in the display. The most difficult task is properly mounting and aligning the displays which can be done with minimal effort if you use the right mount. Mounting systems from Peerless and Premier Mounts offer easy alignment as well as models that extend nearly a foot off of the wall to allow easy access to the connections on the rear of the display. This makes maintenance a breeze.

2015-12-28-ETL-Rye Neck UFSD-Community Room-091

There are some pitfalls which while minor may impact the way you deploy your display. For one, a video wall will always have small black lines at the seams between the displays. Some manufacturers have a bezel to bezel width of just 4mm which is very small but still noticeable when compared to a projected image which has no seams. Second you will definitely want to consider a control system like those offered by Crestron to aid in sending the proper commands to each display at the same time. Something as simple as powering on and off the displays can grow in complexity as you add displays to the wall. With a properly engineered system it can be fully automated and setup to respond to a simple touch which powers on the displays, routes the appropriate video and even dims the lights.

Big image means big impact.

Time Square would be an everyday intersection if it were not for the inherent draw of a big display. Fortunately advances in technology have made them a viable solution even for your average meeting space.

 


Done Being Quiet

microphone-1102739_1280

 For over two decades we’ve quietly done our job building a reputation. We’ve been the little engine that could competing against organizations much larger. We did well building a business that has opened doors to exciting opportunities and projects. Over twenty years ago my father, who had built a successful construction consulting firm filed for a new business named Edu Net. At the same time my older brother was building PCs out of his bedroom and selling them to small businesses. We changed the name to Edu Tek, leveraged Dad’s contacts and quietly built a business that now manages thousands of network devices, tens of thousands of machines and has worked for some of the highest rated schools, universities and healthcare facilities in the nation.

2015-0107-ETL-Logo200

As we enter our 21st year we’re ready to speak up.

Ever since we started we’ve been afraid to speak up about what we’ve accomplished because we thought it can’t possibly stack up against the big guys. However, we keep bringing on customers who choose Edu Tek because we do compete and as it turns out, we do a better job.

This year we launched a revamped website which better presents our brand and what it means. This blog is our platform for speaking up about what we’ve accomplished and how we’ve done it. We’ve learned a lot and we’re not afraid to share. 

etl-website-screen

We welcome your thoughts and look forward to great things over the next twenty years.