Forgot your password?
typodupeerror
The Internet Censorship Education Networking Technology

Ask Slashdot: Dealing With University Firewalls? 582

Posted by timothy
from the little-fiefdoms dept.
An anonymous reader writes "My university only provides access to the web, via a restrictive content filter and proxy service. There is no access to the wider internet. I was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do. I've also spoken to the head of the IT department who spouted lines about 'protecting the network.' This is very frustrating, I've seen a number of students making use of 3G/4G dongles to get access to the net and this just seems crazy. The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked." What would you do to get better access?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Dealing With University Firewalls?

Comments Filter:
  • Tributes (Score:5, Informative)

    by Anonymous Coward on Monday February 27, 2012 @04:45AM (#39170115)

    Become friends with a member of the IT department. Alcohol can go a long way in beginning an IT related friendship.

  • VPN? (Score:5, Informative)

    by SalsaDoom (14830) on Monday February 27, 2012 @04:57AM (#39170185) Journal

    Why not just setup a VPN real fast with someones DD-WRT router. I did this at a job that had a really obnoxious content filtering thing that actually prevented me from doing my job. I just vpn'd to home, but you probably have at least one friend in town that has something good enough for you to work with. Even a shitty VPN will do, since your not trying to protect anything so much as evade things.

  • 3G/4G? (Score:4, Informative)

    by 6Yankee (597075) on Monday February 27, 2012 @05:03AM (#39170217)

    Back when I was at university, I bought a cable for my phone and got myself some sweet, sweet 9k6 access over GSM. It was faster and more reliable than the connection in the uni's computer labs ever was, not to mention no BS filtering. Paying by the minute made me focus on getting the job done and hanging up, too...

    As far as filtering goes, the conventional way around that was to log in as someone else. After all, their username was their matriculation number and the default password was their date of birth... If you couldn't read a classmate's ID and social-engineer his birthday out of him, no matter - the uni helpfully had an easily-accessible printout of the entire student body's personal information (in fact, you had to sign to get your grant, so they left it on the public side of the window), and those last few pages were awfully loose...

  • Re:get over it (Score:2, Informative)

    by smash (1351) on Monday February 27, 2012 @05:33AM (#39170385) Homepage Journal
    NO, school isn't free. However, the money pays for tuition and course materials, not free internet porn.
  • Re:ssh is permitted? (Score:5, Informative)

    by Anonymous Coward on Monday February 27, 2012 @05:39AM (#39170415)

    The solution then is to use port 443 to run SSH. I have a free trial of Amazon EC2 I use for that kind of thing. The speeds are good, you can even watch YouTube with relatively little buffering. If anyone is interested I have it set up:

    Browser
    v
    SSH Socks Proxy
    v
    corkscrew (software to send ssh through an http proxy, you can also use PUTTY on windows for this)
    v
    CNTLM (you may not need this but I do because the proxy I go through uses NTLM authentication)
    v
    SSH server running on port 443.

  • by awjr (1248008) on Monday February 27, 2012 @05:39AM (#39170417)

    If you can go to your course lecturers and justify why you need access to Hackaday to complete your course, I am sure your lecturers have a process to unblock the sites.

    In the meantime there are 1000s of other students trying to use campus PCs without needing to find them screwed over by the previous user. What you *might* be able to persuade the University to do is to provide an unrestricted wi-fi point on campus for personal use.

  • Re:ssh is permitted? (Score:5, Informative)

    by mverwijs (815917) on Monday February 27, 2012 @06:22AM (#39170607) Homepage

    sslh for the win!

    Just 'apt-get install sslh', have it run on port 443. It will forward HTTPS traffic to your apache server running on whatever port you run it on, while forwarding ssh traffic to sshd.

    It's just.... beautiful.

  • Re:ssh is permitted? (Score:5, Informative)

    by icebraining (1313345) on Monday February 27, 2012 @06:23AM (#39170613) Homepage

    Yeah, I've used iodine [code.kryo.se] successfully in the past. You need to get your own domain, though.

    You know the nice part? It uses their DNS servers to tunnel your data ;)

  • Students Union. (Score:5, Informative)

    by chrb (1083577) on Monday February 27, 2012 @06:53AM (#39170727)
    Most (all?) universities have a union to represent the needs of the students. Get them to raise the issue and it's likely to be a lot more effective than one man's personal protest.
  • by Sycraft-fu (314770) on Monday February 27, 2012 @07:02AM (#39170753)

    If it is a private university, then yes, they can do whatever they like, no matter how stupid it is. If they are a public university, then no it isn't "their bandwidth" it is "the public's bandwidth" and they have certain responsibilities.

    So that's the first question to answer: Public or private? If it is private, well then suck it up. Private schools can, and often are, stupid with some of their rules. My recommendation is don't go to them, go to a public university.

    If it is public then the thing to find out is where this is coming from. If it is from on high, the board of regents, there may be little you can do, though you can investigate state law, maybe talk to FIRE. However if it is coming from an overzealous IT department, then maybe it is time for them to get smacked around and learn that they are there to provide a service, not to act like despots.

    In that case maybe talk to the faculty senate. The faculty and administration can ultimately tell the IT department to sit down and shut up, they perhaps just need to be made aware of that fact. Get information from other universities, see how they do it. You'll have no trouble finding places that provide essentially unrestricted Internet access (the university I work at does). Present the faculty with ammunition that it can and should be done a different way and they may choose to affect a change.

    As something of an example of the second scenario in the private sector, my dad worked as a VP for a company;s American branch for many years. They decided to bring him over to the British branch for a bit to clean shit up. So he is over there, meets the guy who is the director in everything but title of that place (that was forthcoming). Guy says "Hi, welcome, I've got to go to this meeting, here's my office make yourself comfortable, I'll be back in an hour." My dad decides he'll check his e-mail and such things on the guys computer. No luck, can't get on the Internet.

    He has someone call IT for him. IT comes down and says "Oh ya he doesn't have Internet access, he doesn't need it." Umm what? The guy in charge doesn't have Internet access? And who the fuck decided he didn't need it? There was no company policy to this effect. Dad snarls at them, 5 minutes later computer has Internet access. The IT department there was very tyrannical. They made rules all of their own and it just never really occurred anyone to yank on their chain.

    Remember, and I say this as someone who works in IT: IT is a service industry. You are there to help people get their jobs done. That means not putting up artificial blocks to shit. That doesn't mean no blocks at all, you have to do things for security, compliance, and so on. However it does mean not being asshats and doing things like offering nothing but extremely locked down web access.

    Also any time you say no to something, you need to have an alternative. So you say "No, you can't have an FTP server. The passwords are clear text and that is insecure. However we will happily help you setup an SFTP (SSH) server instead which is fully secure."

    At any rate step one is to find out from where this policy comes, then you can see if anything can be done about it.

  • by ByOhTek (1181381) on Monday February 27, 2012 @08:01AM (#39171013) Journal

    What post did you read? The GP said that the issue needs to be brought up to the appropriate group to get the rules changed, not to break the rules. I'd advise you get some more ADHD medication, and a bit less caffeine...

  • Re:ssh is permitted? (Score:4, Informative)

    by Entropius (188861) on Monday February 27, 2012 @11:17AM (#39172679)

    How can they forbid ssh and still call themselves a university?

    SSH'ing offsite is a basic prerequisite for all sorts of research in the physical sciences. It's an operation so basic that folks in physics don't even admit the possibility that someone would want to block it.

    At my old university the public (no logon required) wifi was heavily port-filtered. They blocked port 110, for instance -- no POP mail. But they left open SSH, knowing that people relied on it to get work done.

  • Re:Students Union. (Score:4, Informative)

    by hairyfeet (841228) <bassbeast1968&gmail,com> on Monday February 27, 2012 @11:57AM (#39173145) Journal

    And never forget you are ultimately paying for a service and if they are hindering your ability to learn by crippling the network they are providing a poor service and need to be called on it. It took me awhile to get that to sink in with my oldest but now when a teacher isn't doing their job (one gave them a test on material he never covered because he went on vacation during the period he was suppose to cover it and didn't bother to tell the TA) or something is hampering their ability to get the most out of the class he will get as many of his classmates as he can together and they go to the dean. not only has several things been changed but he was put on the Dean's list for his leadership ability.

    Its like that old saying "There are sheep and there are wolves" and too many simply are afraid to 'rock the boat' or complain even when something is causing them grief. i bet if he organizes his fellow students he CAN get these rules changed, they are paying for the network after all.

"Your mother was a hamster, and your father smelt of elderberrys!" -- Monty Python and the Holy Grail

Working...