Pupils 'bypassing school internet security'
- Published
Many young people are using 'proxy servers' to get round their schools' internet security systems. The free services offer instant access to banned websites, including online games and social networking. Figures suggest the use of proxies has risen sharply in recent years. Security experts are warning that pupils who log on put themselves at risk of cyber crime.
It sounds like an obscure, techy area of computing that only geeks would know about.
But when we asked pupils in one secondary school classroom who had heard of proxy servers, every hand went up.
These 'secret tunnels' to the internet are a way of life for teenagers across the UK.
As schools employ increasingly sophisticated software to stop them accessing 'non-educational' websites, the proxies offer a quick, easy way to bypass those restrictions.
“It's just a box that says 'type in the website that is blocked'. You type it in and it brings it up,” said a senior pupil, who wanted to remain anonymous.
Web-based proxy servers disguise a user's activity from school monitoring software.
'Cat-and mouse' game
A student will appear to be visiting only one site, that of the proxy itself. Any internet surfing they do after that is effectively invisible.
Ironically, what pupils are usually trying to work-around are other types of proxy servers, commonly used in schools to protect their machines from online threats.
Schools can take action against web-based proxies, by blocking them. However because of the sheer number that exist, it becomes a game of cat-and-mouse.
“When the blocked proxy server you were using got banned, you had another one ready and everyone had at least four that they knew and everyone shared them about,” said one pupil.
Statistics on the use of proxy servers are hard to come-by. One useful measure is the number of them being flagged-up by proxy-blocking systems.
'Security risk'
M86 Security monitors such sites. In 2006 it was tracking 7,111 proxies. By 2009 that had risen to 91,490.
There are fears that the use of proxy servers amongst school pupils may be putting more than their education at risk.
Some can carry viruses, malicious software, and may even be under the control of cyber criminals, according to security experts.
Con Mallon from Symantec carried out a scan on a random selection of free proxies.
“There is a site which is hosting what we call a trojan. It may invite you to install some software onto your machine.
“Once that is installed, it allows the bad guys to come back to your machine at any time... what they would probably then do is install something called a keylogger.
“It will sit there and monitor what you are typing-in. What they are really looking for is passwords and logins.”
Proxy 'problem'
Such information, once harvested, can be sold online.
Amongst our school pupils, the news comes as a surprise: “I didn't have a clue that people could get my information if I was putting it in,” said one girl.
“I kind of had an idea that it stays there. But I didn't know it was that big – that it could log everything,” added her classmate.
The problem of proxies is recognised by most of the bodies responsible for providing schools with internet access.
A spokesman for JANET, which carries data traffic between many local school networks, said: “I would agree that proxy servers to get around security systems is indeed a problem.
“Technical solutions need to be used as one aspect of a wider approach to protecting users, including educating children, teachers, and parents in how to use the web safely.”
BECTA, the government agency that looks after school ICT, said: “...currently there is no single technology or method that can address this issue fully”.
However, it seems newer security systems are helping schools catch up with the proxy users.
Most of the young people interviewed for this article agreed that monitoring systems had made it harder for them to find usable proxies, but said their efforts to get round school security would continue.
- Published19 November 2009
- Published17 November 2009
- Published16 November 2009
- Published16 November 2009