Identifying and Managing VPN Usage

Using School Manager to Identify VPN use

All users with access to the Statistics and Cyber Safety menus can use School Manager’s User Journey, Red Flags, and Search Reports to investigate possible VPN use.

User Journey Report and selecting the Proxies and VPNs Category

To view student VPN activity using the User Journey Report:

1. Go to Statistics > Active Users.
2. Search or select the student’s username to open their dashboard.
3. On the student’s dashboard, select User Journey.
4. Search or select the Proxies and VPNs category from the Filter by Category dropdown.

The User Journey Report shows a Timestamp when a student requested the VPN activity, a Result if access to a VPN website, application or search was allowed, blocked or flagged. Activity indicates the VPN website, application or search used by the student and Type denotes if the activity by the student was of Web (opening a website or application) or Search (searching for information on search engines) type.

Red Flags Report and filtering for the VPN tag

To view student VPN risk indicators using the Red Flag Report:

1. Go to Cyber Safety > Red Flags.
2. Select the VPN tag from the Select filter tag dropdown.

The Red Flag Report shows the student Username, Full Name and Risk Indicator. The Risk Indicator displays an App (globe) or Search (magnifying glass) icon with the VPN tag to help you quickly identify the source of the VPN-related activities. The Risk Indicator color lets you know how frequently the student attempted VPN activity.

Search Report and selecting the VPN tag

To view student VPN activity using the Search Report:

1. Go to Cyber Safety > Searches.
2. Select the VPN Search tag from the Select filter tag dropdown.

The Search Report shows the student Username, Name and count of VPN search Queries. You can use the number of searches for each student during the selected time period to compare students most interested in looking to hide their internet activity or circumvent school content filtering and monitoring.

Blocked Report and search VPN in Apps or Policies views

To use the Blocked Report to view blocked VPN activity, your school must have an active content filtering policy to block VPNs.

To view blocked student VPN activity using the Blocked Report:

1. Go to Cyber Safety > Blocked.
2. Enter VPN into the Search box.
   1. Select the Apps view to find applications blocked for a student.
   2. Select the Policies view to find content filtering policies blocked for a student.

Your IT support can also use their Advanced Search tool to discover hidden or anonymized online traffic. Results can be sent to you by email and the results can be used to create new filtering policies to block new types of activity associated with VPNs.

Using School Manager to prevent VPN use

Creating a Block Policy on the Proxies and VPNs signature will block most known VPNs and other filtering circumvention services and tools. However, it’s a constant arms race between people trying to block those tools and those making and selling them, and sometimes things slip through. If you identify unblocked VPN usage, contact Linewize Support with the details of the tool or service and request a review. You can create a Block Policy to temporarily block the tool or service while we update the Proxies and VPNs signature.

For schools using a Linewize network appliance, we recommend enabling the Quarantine feature in School Manager. The Quarantine feature temporarily blocks all internet traffic (for a default of three minutes) when a VPN is used to attempt to bypass your school’s safe network. The Quarantine feature is designed as a consequence to deter wrong online behavior. Being cut off from all internet sends the message that VPN use is unacceptable at school. You also inhibit a user’s access to potentially unsuitable content that your filters are otherwise blocking.