Detecting VPN Activity Using School Manager

A Virtual Private Network (VPN) allows users to hide their identity and access content in different locations. While VPNs have several legitimate purposes, they are commonly used by students to attempt to circumvent school internet filtering.

If you find students consistently using or trying to use VPNs in a school environment, they are likely trying to bypass your school's content filtering policies and preventing your school from meeting your duty of care.

There are a couple of ways to determine if a student is trying to use a VPN. You can review the Red Flags report to find users attempting to run VPNs and the Blocked report to view the number of times a user attempted to access a VPN.

Finding VPN Red Flags

School users tend to inform each other of tricks they have learned to work around your filtering. One way to find groups of users trying to bypass VPN and Proxy blocking is to use the Red Flags report. If you see a trend in a group of users, you may want to use the report to work with your school leadership and wellness staff to reach out to the groups of users attempting to use the VPNs.

The Risk Indicators column contains a visual representation of the frequency and source of the VPN attempts.

Risk Indicators for VPN Attempts

Single and low-frequency risk indicators of attempts to access VPNs are displayed on a white background. High-frequency risk indicators of attempts to access VPNs are displayed on a red background.

		The globe icon is displayed when a user attempts to open a VPN website.
		The gear icon is displayed when a user attempts to run a VPN or proxy app.
		The magnifying glass icon is displayed when a user searches for VPN websites, software or apps, as well as searches attempting to bypass filtering.

To find VPN Red Flags:

1. Go to Cyber Safety > Red Flags.
2. Select VPN in the select filter tag box.
3. Review the filtered list of users.

4. Use the list to discuss guidance for these students with your school leadership and wellness staff. If you want to keep a record of your results, select the Export Report button to save the list.

Reviewing Policy Violations

You may want to know how persistent these users are at using a VPN to bypass your network filtering. You are likely to find most users will stop trying after your filtering blocks a VPN. However, a user may have a VPN trying to connect automatically or may be working hard to find a VPN to bypass your network filtering.

If you have set up a Block VPNs filter policy, School Manager will track the number of times students try to violate the policy.

1. Navigate to Cyber Safety > Blocked.
2. Select Policies.
3. Select your VPN policy.
4. View the list of users and the number of attempts they have made to access a VPN.

Your users’ devices may need IT support to assist with removing the VPN. Additionally, you may want to share this information with your school leadership or wellness staff if you feel the user’s attempts to use a VPN are intentional or concerned the user may try to restore the VPN.