What is SSL Inspection?
The Children's Internet Protection Act, or CIPA, requires that schools that receive eRate subsidies on internet service filter internet traffic to prevent exposure to material deemed "harmful to minors". To comply with this law and to enforce the district's Acceptable Use Policy, District 126 uses a service from Securly. Securly uses DNS-based filtering.
What is DNS?
DNS, or Domain Name System, is a network service that translates Internet addresses, such as zbths.org to computer addresses. It is similar to a phonebook, where a person's name is translated into a phone number and street address. There are many companies that maintain this online address book - at home, you usually use your Internet Service Provider's DNS by default. This can be changed to a different company's DNS, such as Google, CloudFlare, or OpenDNS. All of these companies keep a record of the URLs and what IP addresses that are used on the Internet. Additionally, most businesses keep their own internal records, maintaining an internal DNS server so that all of its computers and servers can be found on the internal network.
Securly is a DNS company that provides filtering. When a user looks up a website, such as Google.com, it knows to connect the user to 188.8.131.52. When a user attempts to go to a bad website, such as badwebsite.net, Securly refuses to look up that address and instead connects the user to the block page.
Why a certificate?
Certificates are a form of encryption that prevents anyone from stealing data on encrypted pages. Without encryption, anyone else on the network would be abe to see anything sent between a user and a website. With the certificates, if someone attempts to look at that information, the user receives a warning that someone is trying to steal their information and attempts to keep the page from loading. This poses a problem for Securly, because it is inserting itself between the user and the website, which "breaks" the encryption. By installing Securly's certificate, you are telling your computer that Securly is trusted, and it keeps the encryption working. Securly will never inspect banking or healthcare sites.
If I install the certificate, what happens at home?
Securly only works while on our network because we control the DNS. At home, you use your own DNS (or your Internet Service Provider's DNS) so none of your internet traffic goes back to the school. The certificate is not needed because nothing goes through Securly. It is important to note that your Internet Service Provider can still know the websites you go to, because it controls that network.