Granular Content Filtering in an Educational Environment

Sonicwall’s Network Security Appliance allows for granular content filtering in an educational environment.  Having a “one size fits all” filtering policy is a thing of the past.  Many districts have the capability to set multiple policies with their existing Sonicwall infrastructure simply by upgrading firmware and reconfiguring.  This allows for varying policies to be applied to end users, depending on who is logged on to a computer.

This is a great feature in education as there can be great resources available to a teacher on a website that may also contain content not appropriate for students.  With multiple content filtering policies you are able to apply a less restrictive policy to the teacher and a more restrictive policy to the student depending on their membership of a group.  Now the teacher has the capability to show a youtube.com video on history to the class without giving students access to the same site.

These end user accounts are authenticated via LDAP using a Sonicwall SSO agent.  It is recommended that you run at least two agents, possibly more depending on the number of users in your environment.  These can be installed on physical or virtual server which does not have to be dedicated to run this agent.  These agents then probe for user information using NetAPI and DC security logs which is cross-referenced with the filtering groups that have been created for this configuration.  There are multiple options for authenticating these users but I have found this setup to work best in most environments.

You can also apply a policy to a tablet or non-domain laptop using the device’s IP address.  However this can become time consuming if more than a dozen devices are on your network.  In this scenario you can apply policy based on an IP range.  If the wireless infrastructure supports it, you could have a public network that gets a default, more restrictive policy applied.  Then also have an approved guest network that applies a less restrictive policy.  These two broadcasts could then be given specific IP ranges which are referenced by the Sonicwall to apply the appropriate policy.

Brandon Gary
Director of Technology