As you may recall, last year Yahoo made some changes to the way it retrieves search results. It now diverts users to their HTTPS site, rather than the HTTP site that it previously used. The effect of this change compromised eSafety as this disabled some of the safety features available on HICS..
With this in mind, the decision was made by ICT in Schools Partnership Working Group (head teacher and governor representatives) to restrict access to this website and it was subsequently put on our WF1 filtering level. Yahoo were actually following Google’s lead whereby Google had done the same a year or so before. However what Google also done at the same time was to make available a cluster of HTTP servers. This allowed Updata (and other network providers) to set up a DNS record forcing all requests for Google to go through these HTTP servers.
However, we believe that on June 24th, Google will be discontinuing this clusters of servers. Updata will then send all requests back to the HTTPS site. Rather than restrict access to Google, and to combat this growing trend, the decision has been made by ICT in Schools Partnership Working Group to deploy Man in the Middle technology. This technology has already been successfully adopted by a number of other LAs. It has the capability to decrypt the HTTPS session to apply the necessary safety features.
Man in the Middle technology will decrypt all HTTPS traffic. With this in mind, HICS will have a ‘white list’ detailing which websites to decrypt so as data is only decrypted where necessary. For example, even though this technology has the capabilities to decrypt online banking websites, we will leave banking websites from the list of websites that we will decrypt.
To facilitate the change, instructions will soon be provided and a communication will be sent out to all schools. With June 24th approaching, I was hoping for all the communications to go out at once. But I am aware the clock is ticking so I thought it might be wise to prepare the techies out there. Updata are currently trialling the SSL inspection facilities for another LA but I am told all appears to be going well. Assuming Updata are ready to roll this out in Hertfordshire, schools will then need to import a CA Certificate into their server, or import the details individually for standalone machines. Once the certificate has been correctly installed, you will need to contact the SITSS connectivity Service Desk who will raise a service request with Updata for SSL to be enabled.
Without this action, schools will no longer be able to benefit from the filtering and protection that the HICS network offers. As explained previously though, a communication and step by step instructions will soon be sent out.
Please contact me if you have any queries.