Ask Slashdot: Dealing With University Firewalls? 582
An anonymous reader writes "My university only provides access to the web, via a restrictive content filter and proxy service. There is no access to the wider internet. I was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do. I've also spoken to the head of the IT department who spouted lines about 'protecting the network.' This is very frustrating, I've seen a number of students making use of 3G/4G dongles to get access to the net and this just seems crazy. The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked." What would you do to get better access?
Tributes (Score:5, Informative)
Become friends with a member of the IT department. Alcohol can go a long way in beginning an IT related friendship.
VPN? (Score:5, Informative)
Why not just setup a VPN real fast with someones DD-WRT router. I did this at a job that had a really obnoxious content filtering thing that actually prevented me from doing my job. I just vpn'd to home, but you probably have at least one friend in town that has something good enough for you to work with. Even a shitty VPN will do, since your not trying to protect anything so much as evade things.
3G/4G? (Score:4, Informative)
Back when I was at university, I bought a cable for my phone and got myself some sweet, sweet 9k6 access over GSM. It was faster and more reliable than the connection in the uni's computer labs ever was, not to mention no BS filtering. Paying by the minute made me focus on getting the job done and hanging up, too...
As far as filtering goes, the conventional way around that was to log in as someone else. After all, their username was their matriculation number and the default password was their date of birth... If you couldn't read a classmate's ID and social-engineer his birthday out of him, no matter - the uni helpfully had an easily-accessible printout of the entire student body's personal information (in fact, you had to sign to get your grant, so they left it on the public side of the window), and those last few pages were awfully loose...
Re:get over it (Score:2, Informative)
Re:ssh is permitted? (Score:5, Informative)
The solution then is to use port 443 to run SSH. I have a free trial of Amazon EC2 I use for that kind of thing. The speeds are good, you can even watch YouTube with relatively little buffering. If anyone is interested I have it set up:
Browser
v
SSH Socks Proxy
v
corkscrew (software to send ssh through an http proxy, you can also use PUTTY on windows for this)
v
CNTLM (you may not need this but I do because the proxy I go through uses NTLM authentication)
v
SSH server running on port 443.
Honestly I think you might have this all wrong.... (Score:4, Informative)
If you can go to your course lecturers and justify why you need access to Hackaday to complete your course, I am sure your lecturers have a process to unblock the sites.
In the meantime there are 1000s of other students trying to use campus PCs without needing to find them screwed over by the previous user. What you *might* be able to persuade the University to do is to provide an unrestricted wi-fi point on campus for personal use.
Re:ssh is permitted? (Score:5, Informative)
sslh for the win!
Just 'apt-get install sslh', have it run on port 443. It will forward HTTPS traffic to your apache server running on whatever port you run it on, while forwarding ssh traffic to sshd.
It's just.... beautiful.
Re:ssh is permitted? (Score:5, Informative)
Yeah, I've used iodine [code.kryo.se] successfully in the past. You need to get your own domain, though.
You know the nice part? It uses their DNS servers to tunnel your data ;)
Students Union. (Score:5, Informative)
Depends on what university (Score:5, Informative)
If it is a private university, then yes, they can do whatever they like, no matter how stupid it is. If they are a public university, then no it isn't "their bandwidth" it is "the public's bandwidth" and they have certain responsibilities.
So that's the first question to answer: Public or private? If it is private, well then suck it up. Private schools can, and often are, stupid with some of their rules. My recommendation is don't go to them, go to a public university.
If it is public then the thing to find out is where this is coming from. If it is from on high, the board of regents, there may be little you can do, though you can investigate state law, maybe talk to FIRE. However if it is coming from an overzealous IT department, then maybe it is time for them to get smacked around and learn that they are there to provide a service, not to act like despots.
In that case maybe talk to the faculty senate. The faculty and administration can ultimately tell the IT department to sit down and shut up, they perhaps just need to be made aware of that fact. Get information from other universities, see how they do it. You'll have no trouble finding places that provide essentially unrestricted Internet access (the university I work at does). Present the faculty with ammunition that it can and should be done a different way and they may choose to affect a change.
As something of an example of the second scenario in the private sector, my dad worked as a VP for a company;s American branch for many years. They decided to bring him over to the British branch for a bit to clean shit up. So he is over there, meets the guy who is the director in everything but title of that place (that was forthcoming). Guy says "Hi, welcome, I've got to go to this meeting, here's my office make yourself comfortable, I'll be back in an hour." My dad decides he'll check his e-mail and such things on the guys computer. No luck, can't get on the Internet.
He has someone call IT for him. IT comes down and says "Oh ya he doesn't have Internet access, he doesn't need it." Umm what? The guy in charge doesn't have Internet access? And who the fuck decided he didn't need it? There was no company policy to this effect. Dad snarls at them, 5 minutes later computer has Internet access. The IT department there was very tyrannical. They made rules all of their own and it just never really occurred anyone to yank on their chain.
Remember, and I say this as someone who works in IT: IT is a service industry. You are there to help people get their jobs done. That means not putting up artificial blocks to shit. That doesn't mean no blocks at all, you have to do things for security, compliance, and so on. However it does mean not being asshats and doing things like offering nothing but extremely locked down web access.
Also any time you say no to something, you need to have an alternative. So you say "No, you can't have an FTP server. The passwords are clear text and that is insecure. However we will happily help you setup an SFTP (SSH) server instead which is fully secure."
At any rate step one is to find out from where this policy comes, then you can see if anything can be done about it.
Re:It's their bandwidth ... (Score:2, Informative)
What post did you read? The GP said that the issue needs to be brought up to the appropriate group to get the rules changed, not to break the rules. I'd advise you get some more ADHD medication, and a bit less caffeine...
Re:ssh is permitted? (Score:4, Informative)
How can they forbid ssh and still call themselves a university?
SSH'ing offsite is a basic prerequisite for all sorts of research in the physical sciences. It's an operation so basic that folks in physics don't even admit the possibility that someone would want to block it.
At my old university the public (no logon required) wifi was heavily port-filtered. They blocked port 110, for instance -- no POP mail. But they left open SSH, knowing that people relied on it to get work done.
Comment removed (Score:4, Informative)