Sunday, April 5, 2009

Elementary School Web Content Filtering on a Shoestring

Here is an annotated bibliography that I completed a few weeks ago for one of my George Washington University courses. This is the first annotated bibliography that I've ever written, and at this point I would have to say that I'm not a big fan of the genre. The requirement to come up first with a list of resources, and then try to build a nicely flowing narrative around that list seems very backward and unnatural to me. But, after I finished this annotated bibliography, I realized that there might be some information here that is useful to others, so I am going ahead and posting it...

Why this topic was chosen
This annotated bibliography serves to provide a research foundation for a real-world need that was recently expressed to me by some of the elementary teachers at a medium-sized international school located in northeastern China. They have only recently come to realize that their school has absolutely no content filtering in place for students that are accessing the Internet via the school’s computers. After a number of incidents in which her students came upon objectionable material (particularly images) during web searches, one of the teachers sought confirmation from one of the school’s administrators that the school has no content filters in place. She was informed that a filtering solution has not been acquired because such solutions cost several thousand dollars and thus are out of budgetary bounds. When the teachers subsequently approached me for advice, I promised them that I would educate myself in the overall topic of content filtering and see if I could find low- or no-cost content filtering solutions that might be appropriate for the school to consider.

This annotated bibliography begins by presenting resources that give an overview of the need for and the nature of content filtering, and then gradually narrows its focus to present resources pertinent to the needs of this particular elementary school, which has Windows-based desktop computers for students at an approximate 3 to 1 (student to computer) ratio.

An introduction to content filtering: Why it is needed and how it works
SonicWall, Inc. (2004). Whitepaper: Demystifying Internet Content Filtering for Businesses, Schools, and Libraries. Retrieved March 16, 2009, from

While there is no shortage of information on the Internet regarding content filtering, quite a bit of that information comes from corporations that are trying to sell proprietary filtering solutions. Although the white paper cited above does indeed come from such a vendor, it is the best overview of the topic that I have found. While the paper, published in 2004, is slightly dated, the overview it gives appears to still be fully pertinent and accurate in 2009.
The fourth page of the paper presents a concise overview of four issues confronting schools and libraries: (1) protecting children from inappropriate content and predators, (2) “keeping students focused” from the distractions of non-educational websites, (3) dealing with issues of legal liability for potential illegal usage of Internet resources, and (4) maintaining compliance with the Children’s Internet Projection Act (CIPA) of 2001, which requires federally-funded schools to have Internet content filters in place.

The paper then briefly and clearly states how content-filtering works, starting by identifying the two main ways that such filtering is accomplished: (1) blocking of sites and (2) examination of content. The first option, blocking of sites, involves maintaining a list of sites known to have objectionable content and preventing computer users from accessing those sites. A stricter variation on website blockage is to maintain a list of approved sites and allow access only to those sites, with the entire remainder of the Internet being blocked. The second option calls for examination of all content coming from each Internet source, comparing it to a list of keywords indicative of objectionable content and blocking access to any resource that does not pass muster.

Finally, the whitepaper outlines several architectural options for content-filtering systems. It identifies the options as: (1) “client solutions” which are installed directly on a user’s computer, and (2) “standalone solutions” or “integrated solutions” which involve setup and maintenance of a centralized server through which all content requests are processed.

Wikipedia (2009). List of content-control software. Retrieved March 16, 2009, from

The SonicWall whitepaper (perhaps for competitive reasons) left out one major alternative architectural approach for a content-filtering solution: that of a “web-based service”. Wikipedia includes this category on its “List of content-control software” web-page. Such an architecture (an example of off-site “cloud computing”) takes advantage of remote servers to process all content-requests, minimizing or eliminating the installation and maintenance of hardware and software at the school itself.

The drawbacks of content filtering
Villano, M. (2008, May 1). What Are We Protecting Them From? T.H.E. Journal, 35(5), 48-54. (ERIC Document Reproduction Service No. EJ797266) Retrieved March 17, 2009, from ERIC database. Also available at:

The overall attitude expressed in this recently published article stands in counterpoint to that of my teacher clients. The author takes the stand that Internet access restrictions can inadvertently “keep vital educational technology out of the classroom”, while the teachers at my school merely want to keep things like pictures of obese people in their underwear out of the classroom. Actually, however, both parties are in agreement that some filtering is appropriate, if only to keep students out of things like pornography and gambling sites.

But the author does bring up what seems a vital point to consider when implementing content filtering: that an overly strict filter might prevent students and teachers from accessing perfectly non-objectionable information that is quite pertinent to their studies. Also mentioned is the fact that sufficiently savvy students can bypass a school’s content filters by utilizing proxy servers, which fool site-blocking filters into thinking that a non-objectionable site is being visited. That kind of knowledge tends to be potently viral: once one student learns how to bypass a filter, in a short time all the students in a school will know.

The article takes a more pragmatic stance when it takes up the subject of blocking access to social networking sites. While it cites the need to avoid the comprehensive blockage of blogs (an increasingly useful educational tool), it acknowledges that events like suicides of children as a result of cyber-bullying provoke understandably strong reactions on the part of authorities, such as shutting down access to social networking sites like MySpace. The timeliness of this article (which is less than a year old) is apparent in its treatment of this very current topic.
The author concludes by proposing that a much better protection is afforded to students when they are educated in safe usage of the Internet, as opposed to when their access to certain Internet resources is simply blocked. He cites schools in Finland as an example of places where no filters are in place, but where students are effectively educated from a very young age in Internet safety.

Case-study of an open-source approach to content filtering
Reddick, T. (2004, April 1). Building and Running a Collaborative Internet Filter Is Akin to a Kansas Barn Raising. Computers in Libraries, 24(4), 10-14. (ERIC Document Reproduction Service No. EJ750477) Retrieved March 17, 2009, from ERIC database. Also available at:

Leaving behind the pro and con arguments regarding content filtering, this article recounts the rather large-scale effort undertaken to bring all of the libraries in Kansas into compliance with the Children’s Internet Protection Act (CIPA), federal legislation enacted in 2001 which requires content filtering in schools and other public institutions that receive a certain kind of widely-distributed federal funding. While the size and scope of the Kansas challenge in no way resembles that of my medium-sized school, there is one aspect that the two situations have in common: the Kansas librarians also had minimal financial resources to throw at the problem. This led the Kansas team to adopt an open-source product called squidGuard, which would be housed on a new server to be purchased.

The squidGuard solution involves blocking and unblocking of specific sites. The Kansas team decided to start with the default blockage list offered by the squidGuard providers, but formed a committee of librarians familiar with CIPA to deal with incoming requests for additional blocking or unblocking of sites.

The chief usefulness of this article for my purposes is that it highlighted how labor-intensive the process of installing and configuring a solution like squidGuard can be. An article like this one, which uses the analogy of a “barn raising” in describing the collaborative implementation of squidGuard, makes it clear that this solution is far from “plug and play”. It also makes it clear that, although an option like squidGuard involves no license fees for the open-source software, the overall solution could come to be relatively expensive in terms of devoted hardware and technically-skilled labor costs.

A no-cost “cloud based” option for content filtering
Colburn, K. (2009, March 5). What is Retrieved March 17, 2009, from
OpenDNS (2009). Web Content Filtering. Retrieved March 17, 2009, from

Steering away from complex solutions like squidGuard, my search for an easy to maintain and low-cost content-filtering solution led me through several hours of hit-and-miss web-searching. Finally, one of the places that Wikipedia’s “List of content-control software” (referenced above) led me to was the OpenDNS website. Intrigued by the “cloud computing” approach of OpenDNS, and even more intrigued by the fact that the service is offered at no cost, I sought out a nice overview of the OpenDNS service, and I found it in the first web-page cited above.

The article begins with a brief explanation of how the Domain Name System (DNS) of the Internet works to provide your browser with the “real” (numeric) IP address of a web resource after you type in a character-based URL (like “”). The author then goes on to explain that using the OpenDNS service requires (1) making sure that your machine (or central router) is configured to utilize the DNS server of the OpenDNS service and (2) configuring your (or your institution’s) OpenDNS account by logging onto the OpenDNS website to submit and maintain a list of websites to be blocked when the DNS server is accessed from your machine or site.

As the OpenDNS site explains in more detail (at the second web-page cited above), the user can also select from a preset list of over 50 categories of content to be blocked. Of particular importance to an elementary school might be categories like “pornography” and “adult themes”. While I would need to personally experiment with the OpenDNS service before formally recommending it to anyone, at this point it seems to meet the cost requirement (being free of charge) and the low-complexity requirement. It presumably calls only for the school’s network administrator to point the school’s routing system(s) at the DNS server of OpenDNS, and then allows an appropriate non-technical administrator to maintain the school’s OpenDNS filtration settings.

A no-added-cost option for Windows Vista users from Microsoft (2009, January 13). Use Windows Vista’s Parental Controls to keep your kids safe. Retrieved on March 16, 2009, from

With the introduction of Windows Vista Parental Controls, Microsoft continues its long tradition of bundling more and more functionality into its operating systems and putting third-party providers out of business. In this particular case, I am not complaining, because if a more comprehensive solution like OpenDNS does not prove feasible for my cash-strapped school, then the new Vista feature might fulfill the needs of the school for content filtering. It just so happens that the teachers received an announcement recently that the elementary school’s classroom computers will soon be upgraded from Windows XP to Vista.

As the name implies, and as the web-page cited above confirms, the Parental Controls functionality bundled into Windows Vista is intended to allow parents to configure a single computer with their content-filtering preferences. Thus, this option is not optimal for the school, in that it would require IT support personnel with administrative authority to configure each machine separately. This option does, however, have the benefit of entailing no extra software or hardware costs.

The webpage cited above provides a very good pictorial overview of the straightforward setup and maintenance of Parental Controls. This visual overview was particularly useful to me, since my machine is running the “Business” edition of Vista, which does not include Parental Controls. The bundled software offers the administrator the authority to set “allow/block” website filtration options, and it also allows blockage of access to programs locally installed on the computer. In the school’s case, it would likely utilize the “block website” functionality, requiring the manual maintenance of a “blocked websites” list on each machine. While the miracle of “copy and paste” simplifies this potentially onerous task, it could still take several hours of technical staff time to accomplish the configuration of all of the school’s computers.

Instant blocking of specific websites on any Windows XP or Vista machine
Laurie, V. (2008, January 17). Using the Windows Hosts File. Retrieved on March 19, 2009, from

Is there any option available to the teacher that wants to shut down access to a few objectionable sites, but does not want to wait for school-wide policies and potential investments or upgrades to be decided upon and implemented? Fortunately, any Windows machine can be configured by an administrator within a minute or two to block access to specific sites. The web-based reference listed above, “Using the Windows Host File”, provides very clear and simple instructions. To block access to the website “”, a user with administrative privileges must simple edit the “hosts” file on the Windows machine and add the following two lines:

In tests I did on one of my Windows machines to block access to YouTube, a reboot was not even required for the blockage to instantly go into effect for all browsers on the machine.

The references cited above offer proof that low-cost or no-cost options are indeed available to a school that has a need to implement web content-filtering within the constraints of a very limited budget.

No comments:

Post a Comment