DarkSpace-Harbinger 11 Posted ... So, i finally got my friend to join AirVPN. So i helped him setup a SSL 443 VPN, told him it would work pretty much on any network he could ever put it on. Well, he proved me wrong in less than 24 hours. The public school he attends in the United States apparently has managed to block even SSL Tunneled VPN's. The Terminal Emulator window running Stunnel throws off some error about certificates and and Fortinet. Normally, i would suspect it to be a blocked IP if the VPN was merely having connection resets or constantly attempting reconnects etc. but the fact that it literally throws the name Fortinet is suspect. I have a theory, but I'd like confirmation that i am correct in this. I believe that Fortinet is being used by his school and that since they have a feature known as SSL Inspection that the school is actually INTERCEPTING AND SEARCHING STUDENTS ENCRYPTED DATA WITHOUT THEIR CONSENT. The last part can be argued through Acceptable Use policies, but if this is indeed the case credit card numbers, passwords and other sensitive information students input while on the network can be seen and intercepted by anyone with access to the Fortinet system. Personally, i am happy that the VPN helped us catch this. I am aware that the threat of a school official abusing this system is incredibly small, yet i cannot help but feel disturbed that they would go to such lengths all in the name of complete surveillance and complete blocking of circumvention attempts. I told him, that in my humble opinion that if this 'Fortinet' system is preventing him from connecting to the VPN because they cannot decrypt it than perhaps it would be best to completely abstain from use of the network. Without a VPN, this sensitive information is vulnerable to abuse and exploitation by the school and more likely unintentional malicious actors. Quote Share this post Link to post
Guest Posted ... Like any business, the network of a public school system is owned by the school system and they are free to run it how they see fit. When I'm at work I have no guarantee of privacy and the network and computing resources exist for the use of business-related things. There is no consent needed nor in a public school system should it be expected that you can use the network for whatever you want. You either live with the rules or you just dont use the network. In the school system where I live all student Chromebooks go thru the school's network no matter where they are so the school can make sure students aren't doing things they shouldn't be doing. If your friend is worried about this at all he shouldn't be using their computing resources for anything outside of school matters. Quote Share this post Link to post