Prevent alerts

We are pleased to inform you that HICS now has an added layer of protection for its users. Schools can now opt in to receive emailed alerts notifying them when local sessions have accessed websites with extremist related content, in line with the Government’s Prevent Strategy. The alert will be sent out within a few minutes to an email address of your choice. The event gets captured in real-time, then queued for screen-shot generation, and finally it might take a minute or two for the email itself to be delivered.

The list of words that generate these alarms are a closely guarded secret because if they are readily available, it will defeat the object. The words are ever changing and research is on-going meaning that when new information and words come to light they are added. The words are based on detailed research into terrorist groups and their propaganda. It includes the names of people, concepts, ideas, places (such as routes used to travel to Syria) and also the media arms and publications that terrorist groups use.

The content on the webpage is scanned in real-time by the HICS filtering platform. It should be noted that only specific content types are scanned – basically anything text-based, which includes HTML, Javascript and Stylesheets – so images (jpegs and png files etc) are not scanned – nor are executables. When a match is found, the proxy then queues up a screen-shot request to the screen-capture service (which runs on the same server as the proxy). The screen-capture service will then log the event and send an email out.

In order for the scanning engine to be able to detect the words, it must have access to the data-stream – this means that SSL inspection must be set up. For now, activity will only be logged against internal IP address and not users from Active Directory. Hopefully as the alerts are generated in real time this will not be a huge issue but rest assured that we are investigating ways to sync this with Active Directory.

To get this set up, all you need to do is to contact the HICS Service Desk and request this gets deployed.