-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
N2H2 Bess vs. SurfControl
- Thread starter reicherb
- Start date
Not the answer you're looking for and I hope not to start a flame war, but both programs are bad. You're asking a computer to solve a problem which is trivially provable to be unsolvable by a computer. Both have an unacceptable false positive and false negative rate, both are easily bypassed, and both have super secret filter lists that have been demonstrated to sometimes represent companies and organizers the manufacturers don't like and wish to censor.
If you're doing this for your home use, consider instead software that logs everything that is done and read those logs yourself. It's more work, but there are less errors and nobody else's agenda to worry about. If you see something that warrants a chat, have the chat. Another approach is to put the family computer in the family room or somewhere else visible.
If you're doing this because it's been mandated of you (by law, by corporate policy, etc.), there are Squid based solutions that are freely available, work okay, and you know what you're getting. You can legitimately claim to be doing your required censoring while not spending money, and you can fix it when it breaks legitimate things.
If you're doing this for your home use, consider instead software that logs everything that is done and read those logs yourself. It's more work, but there are less errors and nobody else's agenda to worry about. If you see something that warrants a chat, have the chat. Another approach is to put the family computer in the family room or somewhere else visible.
If you're doing this because it's been mandated of you (by law, by corporate policy, etc.), there are Squid based solutions that are freely available, work okay, and you know what you're getting. You can legitimately claim to be doing your required censoring while not spending money, and you can fix it when it breaks legitimate things.
I have to use one of these solutions because by law I'm mandated to filter internet access (school). This district has taking it a step farther and requires that the product integrate with our NDS tree and log which users try to access these sites. The freely available filters don't meet state and federal requirements and other products don't meet the NDS integration requirements.
Too bad... but a common problem. Politicians.
Were I in your situation, I'd choose whichever one has the least administrative overhead. I've never seen a school system with an excess of competent IT staff. If you could set it up and never have to deal with it again, you'd probably be a much happier person.
Check sites like peacefire.org for the anti-censorship folks - they aggressively gather dirt about all the filters. They'll probably have plenty to tell you about the negatives in these products, and you could just go with whichever they have less bad to say about.
Were I in your situation, I'd choose whichever one has the least administrative overhead. I've never seen a school system with an excess of competent IT staff. If you could set it up and never have to deal with it again, you'd probably be a much happier person.
Check sites like peacefire.org for the anti-censorship folks - they aggressively gather dirt about all the filters. They'll probably have plenty to tell you about the negatives in these products, and you could just go with whichever they have less bad to say about.
how easily are these to bypass, and how easily would one do it? i know using a proxy server would be one, but normally not many kids know THAT much about computers, and those who do could care less if others get the same benefit. what would be other ways of bypassing n2h2, etc.?
MIKE
MIKE
Yossarian451
Senior member
let me put it to you this way. It took us about 15 minutes to bypass N2H2 bess. Which I might add everyone under it will hate soon becasue it filters more legitimate thatn illegitamate, and all you see is the picture of that stupid dog. Our school got rid of it becasue evryone, teachers, students, and adminstrators complained and we got a more laxed one, which I can't remember the name of. Anyway, my $.02, cominig from the other side of the spectrum.
I agree that n2h2 is not hard to bypass if you know what you are doing. Some kids in high school know more than you think, if they are younger then it is less on a concern. What squid based solutions would you recomend? I currently use smoothwall for a gateway/router I wouldn't mind switching applications if I got a filter as well. Please post any sugestions.
Masul
Masul
Garion
Platinum Member
A proxy is not a subsitute for a firewall - You should actually run both if you think you need a proxy.
If you run Squid, there's always Squidguard but I can't make any comments as to it's effectiveness vs. commercial products like Surfcontrol or N2H2.
Speaking of which.. Did you know that N2H2 just got bought by Secure Computing, the guys that make SmartFilter? I know it's a more expensive product, so now might be the time to get into N2H2 - Might end up getting you a better deal on a better product in the long term.
- G
Actually, I do have a firewall (PIX) and a proxy. All traffic on port 80 not from the proxy is denied (as well as other traffic). I also have the proxy settings in IE locked so that users can't change it. I'm not really sure how users could bypass the proxy and get out.
I had no idea N2H2 got bought, but that might just work out well for us.
Thanks.
I had no idea N2H2 got bought, but that might just work out well for us.
Thanks.
Garion
Platinum Member
There's a variety of ways.. You can use apps like httptunnel to tunnel your traffic to a host on the Internet which can do anything and your proxy/firewall won't touch it. In fact, you can do this through almost any proxy without getting caught - Your admin REALLY has to be on the ball to notice it.
- G
zanejohnson
Diamond Member
hehe, i just thought i'd chime in, as my high school used N2H2's bess to filter the internet access of the workstations on campus.
For a while, at the beginning of the year our sys admin had it set up so that it was easy on him, and all he had to do was set up a proxy server running the software, and then point all the workstation's browsers at it, and viola! filterned net access, this way him and all the important admin people could still have an unfiltered connection as long as they just didnt have the proxy setup in there browser.... Well, that didnt last long, we caught on real quick 🙂 Well, he realized that we had figured it out, so he decided he was gonna get a little bit more sneaky about it... this is what he did, he set it up so that nothing would get past the equipment, and out onto the net that didnt go through the proxy server first...so, if you didnt have the proxy set up in your browser, you'd just get the infamous DNS error page when you tried to open a webpage... well, we knew something had to be up, so after a little tinkering, we figured it out... turns out the equipment denied all connections that didnt come from the proxy server's IP, AND a small subnet that we discovered.... so we tested it out, pinged all the IP's in the subnet and found that there were a few that were unused, snatched one up, rebooted, cleared the browsers proxy settings, and what do ya know? worked perfectly, unfiltered net access once again.... only problem, i have 3 or 4 hardcore computer guru friends, and there was only a couple of free IP's in the "special" subnet he set up...solution: i set up a computer running win2k server, and Internet connection sharing in our computer lab (teacher's a cool guy, and let us do this because technically, we were learning, right?) and just left it hanging off of the same passive router all of the computers in the lab were connected too... i named the win2k server + ICS machine something creative, i dont remember what it was now, so that whenever one of the admins happened to be looking around in network neighborhood they'd hopefully dismiss the name as one of there machines and think nothing of it..
anyway, what's the point of all that.... well, when we went into computer class everyday we could just disable DHCP on our workstations and give ourselves an IP in the ICS computers sharing IP range, and there ya go, it would share it's unfiltered connection with whatever workstations had an IP in it's range, and pointed to it for there default gateway 🙂 then, when we left the class, set it back up to retrieve IP info from the DHCP server, reboot, leave class, no one knows anything....
I graduated last year, and they never caught on 🙂
For a while, at the beginning of the year our sys admin had it set up so that it was easy on him, and all he had to do was set up a proxy server running the software, and then point all the workstation's browsers at it, and viola! filterned net access, this way him and all the important admin people could still have an unfiltered connection as long as they just didnt have the proxy setup in there browser.... Well, that didnt last long, we caught on real quick 🙂 Well, he realized that we had figured it out, so he decided he was gonna get a little bit more sneaky about it... this is what he did, he set it up so that nothing would get past the equipment, and out onto the net that didnt go through the proxy server first...so, if you didnt have the proxy set up in your browser, you'd just get the infamous DNS error page when you tried to open a webpage... well, we knew something had to be up, so after a little tinkering, we figured it out... turns out the equipment denied all connections that didnt come from the proxy server's IP, AND a small subnet that we discovered.... so we tested it out, pinged all the IP's in the subnet and found that there were a few that were unused, snatched one up, rebooted, cleared the browsers proxy settings, and what do ya know? worked perfectly, unfiltered net access once again.... only problem, i have 3 or 4 hardcore computer guru friends, and there was only a couple of free IP's in the "special" subnet he set up...solution: i set up a computer running win2k server, and Internet connection sharing in our computer lab (teacher's a cool guy, and let us do this because technically, we were learning, right?) and just left it hanging off of the same passive router all of the computers in the lab were connected too... i named the win2k server + ICS machine something creative, i dont remember what it was now, so that whenever one of the admins happened to be looking around in network neighborhood they'd hopefully dismiss the name as one of there machines and think nothing of it..
anyway, what's the point of all that.... well, when we went into computer class everyday we could just disable DHCP on our workstations and give ourselves an IP in the ICS computers sharing IP range, and there ya go, it would share it's unfiltered connection with whatever workstations had an IP in it's range, and pointed to it for there default gateway 🙂 then, when we left the class, set it back up to retrieve IP info from the DHCP server, reboot, leave class, no one knows anything....
I graduated last year, and they never caught on 🙂
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
