The Move Toward HTTPS
As people continue to depend more on the internet for business and personal transactions, there is a greater focus than ever before on privacy concerns and using encrypted traffic (HTTPS).
As a Web Filtering provider we spend a significant amount of development time focused on ensuring that we provide the best solutions for schools to block/allow and report on all activity, including encrypted activity. For a very long time we have had the capability in our Web Filter to determine the encrypted server a user is connecting to even though with standard view of network traffic you cannot see the specifics of what they are doing. This means that we can identify that a user is shopping on Amazon but not what they purchased. We can also determine if another user is attempting to utilize an encrypted proxy and properly block that traffic.
The encryption that hides what a user is shopping for is critical to our daily use of the internet since that encryption is also what you rely on for secure data transfer of credit card or other personal information. Without the assurance that this traffic is not viewable to others, no one would be able to use the internet for online banking, shopping or any number of other legitimate private transactions that we all do online every day.
Google and HTTPS and Filtering
Recently Google has decided that they are going to encrypt 100% of the traffic to any of the Google services. (Read more on the Google blog.)
Google hosts a number of services including:
- Google Apps for Education (word processing, spreadsheets)
- Play Store (Apps, Movies, Music)
Encryption on two of these services in particular has resulted in questions from schools about their web filtering. These services are Search and YouTube. Schools have long enjoyed the use of our Search Engine query report to limit access to safe search results while students are at school. And over the years YouTube has increasingly become an important tool in today’s classroom — and one we have long supported safe access to, first with the Educational Video Library and then with My Big Campus.
With these services now always encrypted, the same technology keeping your credit card safe on Amazon prevents the ability to see what you are searching for on Google or YouTube.
That assurance of privacy is critical, but so is the assurance of student safety. And schools still want to report on searches, selectively allow or block Google services, and block YouTube as a policy while allowing safe access to specific educational videos in the My Big Campus Resource Library. And you can.
Even though Google has moved these services to be encrypted, schools still have an option to allow them to work the way that they always have. HTTPS technology has a built-in solution for this problem: a Trusted Man in the Middle Proxy. The Trusted Man in the Middle Proxy allows the Lightspeed Systems Web Filter to be trusted by devices on a school network to continue to see into the encrypted data and give schools the same visibility and policy control that they desire.
There is no solution other than a Trusted Man in the Middle Proxy and HTTPS is specifically designed so that no other solutions can be developed. If this were not the case, we would not be able to trust any of the multitude of secure transactions that we all use the internet for every day.
We have a number of resources on our Community Site to help you understand and configure this:
Selectively Accessing Google Services
Creating a PAC File to Use the Man in the Middle Proxy ONLY for Google Services
Unable to View YouTube in the MBC Resource Library
We understand that schools rely on Google services and that schools need visibility into user activity to keep students safe. We are committed to helping you have the best of both worlds.
The Lightspeed Systems Rocket Web Filter is acting as a Trusted Man in the Middle Proxy in hundreds of districts. If you’d like help setting it up, just contact Support and they’ll walk you through it.
If you have any questions or concerns about this, let me know.