The firewall is a little restrictive, don't you think?

We recently installed a new firewall that will ultimately allow the high school to act as a hub for all district network traffic. Since we're the only building with the space, HVAC, and bandwidth to act as a de facto data center, this makes good sense and will allow for common authentication, distributed backups, and centralized anti-malware and content filtering.

While we will be adding a separate content filter and proxy server as we implement this vision over the next 6 months, for now, the new firewall is handling subscription and keyword-based content filtering. Suffice to say, it's quite a bit more aggressive (read, "effective") than the last model that was easily bypassed with proxy servers and failed to block the latest generation of IM clients.

Even my principal called me in Monday morning to ask about the upgraded filtering, not so much because he was being blocked from particular content, but because he at least wanted to have some good answers ready for faculty and staff who would start moaning before day's end.

It should be noted that most teachers were thrilled with the new level of filtering: it made their jobs easier in the computer labs with students as they were able to focus more on lessons and less on policing kids. A few were less than pleased to lose AIM and Yahoo Messenger, but, again, were universally glad that students were communicating with each other a lot less in class and working a lot more.

As I explained to both teachers and the principal, part of this long-term effort is to segment our networks to allow more restrictive rules for students and less restrictive rules for faculty. In the short term, however, we simply need to lock things down. When parents are questioning why their students are being disciplined for accessing sites that they shouldn't be able to see in the first place, it's far easier to simply prevent as much as possible, rather than pointing to acceptable use policies and student handbooks that are largely ignored.

We'll see how this goes as we centralize services, including content filtering. For now, though, I'm just happy to hear students in the halls: "Hey, Dawson, why'd you block all the proxies? Now I have to do my work in class!"