Enhanced Design for Schools
At the core of a CyberHound Appliance is a powerful Next Generation (level 7) Firewall that operates at the top level of the OSI network model and gives a complete view of a school’s internet activity.
The (level 7) Firewall allows for applications like Skype, Facebook, Messenger and Twitter to be accurately controlled – solutions working at lower levels using port blocking can sometimes lead to genuine applications being blocked or malicious or banned applications being allowed.
CyberHound has developed its technology to directly benefit school environments. This is demonstrated with features like Application Controls, Zero-Touch BYOD On-boarding and Anonymiser Detection.
With students and teachers having access to multiple wireless devices like laptops, iPads and mobile phones, the demands on school infrastructures and IT staff can be overwhelming (and can often dictate school policies regarding BYOD usage).
This is not the case with the CyberHound Appliance. Users can now authenticate their own devices against their credentials with no involvement of IT staff.
Security Control Features:
- Next Generation (level 7) Firewall.
- Full SSL filtering / HTTPS Inspection.
- Dynamic anonymiser detection and blocking.
- Bit Torrent control.
- Malware detection on web, email, downloads and social media.
- Secure Wi-Fi connections using BYOD zero-touch on-boarding for wireless devices.
- Advanced authentication ensuring flexible and reliable control of who access your network.
Extended Network Security with IPD/IDS
Most network Intrusion Detection and Intrusion Prevention System (IDS/IPS) services form part of a Unified Threat Management system (UTM) that also incorporates firewall functionality, and usually web scanning and reporting. The reporting on such systems tie the various roles of a UTM together, which helps deliver a holistic overview of the threat landscape to an organisation, better arming the IT team to manage and mitigate threats as they appear.
Read our Technical White Paper on what Intrusion Detection and Prevention Systems are, the functionality they provide and best practice deployment for network security.
Authentication can occur using one of four methodologies, or a combination of them all:
- 802.1 authentication. Useful for BYOD devices and wi-fi access. This occurs for any IP traffic such as for apps and is not limited to web traffic.
- Active Directory Authentication. For windows based computers at Windows 7 (or greater).
- SSH authentication for OSX on domain Macs.
- Captured portal authentication – A local catch all mechanism if none of the above apply.
HTTPS Inspection (also known as SSL filtering and HTTPS interception) allows an internet management firewall or system to inspect secure internet traffic.
HTTPS was originally developed to ensure that sensitive web data could be exchanged between two computers without a third party being able to intercept the traffic and use it illegally or inappropriately. Many Internet Service Providers (ISPs) are reporting that a majority of their web traffic is now HTTPS traffic.
Without HTTPS inspection, a web filter cannot see the destination URL which makes categorisation unreliable and the filter cannot review content from the website. This can result in students either accidentally or purposefully accessing harmful or inappropriate content. Additionally, it also means that malware (malicious software) like viruses and trojans cannot be detected and blocked from entering the network and enables schools to enhance learning opportunities for students by safely allowing full internet browsing access whilst also ensuring their duty of care obligations are met.
Next Generation Firewall
The CyberHound Next Generation Firewall is very simple and intuitive to use. It can be used to permit or deny access to web pages, applications, IP addresses, ports and protocols, based on the time of day, the IP address of the user, the user’s group (if groups are enabled) and other criteria. Fundamentally, it allows for very granular access policies as required.
CyberHound’s Next Generation Firewall allows network administrators to control access to actual applications rather than control the data communication ports that it may use and may be shared by other applications.
As the CyberHound Appliance can detect Skype at the application level meaning it is very useful for boarding schools where pupils can communicate with their parents at appropriate times, yet be denied access during teaching and study hours.
As standard, many security appliances will block access to inappropriate web sites – however students can use anonymisers to circumvent these restrictions.
An anonymiser acts as an invisible method for students to access inappropriate content and on some solutions get round the restrictions. While it is possible to also block these anonymisers it’s a bit of a cat and mouse game with new anonymisers being created regularly.
The CyberHound Appliance is immune to these limitations as it is able to dynamically detect the behaviour of anonymisers and readily block them.
Network Applications Made Easy
Managing access to education relevant applications has become increasingly complex with the introduction of sophisticated anonymising technologies, unmanaged end user devices and cloud-based services. Utilising CyberHound’s unique application control signatures means schools are able to identify and manage access to hundreds of applications and make decisions based on 6 key areas.
Manage Applications such as:
- Web Proxies
- Bit Torrents
- Dating Apps
Allow Access to Applications such as:
- Google Drive
- Video conferencing
- Plus many more…
- Google Hangouts
Important Facts around Application Controls
Web filtering cannot control everything
Skype is an excellent example of a modern complex network application that does not simply use Internet ports to communicate. While Skype has many educational advantages and fundamentally is a great tool for connecting schools, students, boarders and parents, it’s not always an approved or safe method of communicating.
CyberHound’s flexible application controls allow schools to enhance educational outcomes by providing Skype access in a safe and supervised fashion during set times, classes, inside boarding houses or on approved devices but denying access at other inappropriate times or locations.