This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

Problematic students and malicious intents

dhalvorsen
New Contributor II

‎02-21-2025 12:18 PM

I am looking for suggestions as I'm sure basically every K12 administrator has their share of students who have malicious intents.  I found a user recently who has been trying to use Parrotsec, Kali, and Tails (that I'm aware of).  This student utilized proxmox from a Chromebook to a local IP that isn't ours (192.168.1.7:8006).  I'm assuming that this is a Pi or similar device that may be wired directly to the Chromebook as he apparently used it during school hours in a class discretely.  I'm not sure if his intent is to find a way around the internet filter, try to snoop for passwords, or some other means to compromise the network.

Are there certain settings in Google that I should be checking or changing to try and help prevent these situations?  There are students who do need access to the USB port for flash drives with images, so I can't just block all USB devices.

0 Kudos
Reply
11 REPLIES 11

ddelboccio
Contributor III

‎02-21-2025 12:24 PM

What the heck is promox?  And for that matter, Parrotsec, Kali, and Tails?

0 Kudos
Reply

MarkLoundy
Contributor II

‎02-21-2025 12:26 PM

Not every problem has a technical solution. Send out a communication to all parents telling them that hacking into a network or defeating security measures is a federal crime and that both the families and, if of age, the students risk going to prison.


Mark Loundy (He, Him, His)

Instructional Technology Specialist
De Vargas Elementary School
Ignited Fellow
Google Certified Educator
Reply

icrew
Contributor II
In response to MarkLoundy

‎02-21-2025 12:58 PM

Story time: >25 years ago, one of our students found it rather, um, educational to return to their dorm room after class to find a couple of FBI agents waiting for them there....as far as I know, there wasn't an arrest made, but the message was pretty clearly sent!

0 Kudos
Reply

9330cashmore
New Contributor II

‎02-21-2025 12:51 PM

That student, I would get to know them and help them figure out what they wanted. Sometimes the best tool is the student that wants to learn.

Reply

npl
New Contributor III

‎02-24-2025 01:42 AM

if they are using a device like a PI to bypass the network filters they must be connecting to the internet via your network. If they have access to the wifi they probably are using a VPN. 

You can setup a ethernet connection for the Chromebooks ( see https://support.google.com/a/answer/2634553?hl=en&sjid=2568261543070865853-EU ). Set the proxy to some non network ip eg ( 10.10.10.1 ) and a non standard port ( eg 9900  ). Set the DNS to a network ip's that are NOT DNS server eg (  192.168.1.1, 192.168.200,1 ). Have the proxy and DNS set to different networks.

This will make it a bit more difficult but not impossible to do what they are doing.

0 Kudos
Reply

kaned
Contributor II

‎02-24-2025 06:02 AM

The question is how is the pi connecting to your network, and is your network appropriately segmented to reduce risk in the event someone can do this exact thing?  We are doing penetration testing on our networks to help us keep all of these networks as secure as possible.

Is the student connecting through a USB or Bluetooth connection to your Chromebook, or is it directly connecting to your network?

1.  This is likely a clear violation of the AUP/Handbook and should be addressed.
2.  Once the means of connectivity is discovered, you can take action to prevent further access.  

Without ANY research into this, I'd start looking into Android debugging protocol or sharing internet over USB.  Not sure off hand if the Chromebook can share internet through Bluetooth.   I wonder if there are new methods now with USB-C that I am unaware of!

If the pi is connecting directly to the network, then you have some other work to do.  Were they Able to get the WPA key and how?  This used to be done through the network tools in Chrome://, not sure if you are blocking any of those setting pages.

IF this was my building, I would make sure the student understands the weight of the situation, but also recruit them.  If the kid is working with/for you, there is an opportunity for growth for the student and a way to further protect your district.  This also depends on the personality and intent of the student and would need to be weighed by administration, etc.

0 Kudos
Reply

dhalvorsen
New Contributor II
In response to kaned

‎02-24-2025 07:02 AM

I am still fairly new to my role and have been ambitious to try and lock things down from how my predecessor ran things.  Sadly, I do not have the option of a NAC due to budget constraints.  The network that students connect to does not have internal access.  A lot, if not all, of the Chrome:// pages are blocked.  Administration is looking into this situation, but I'm not sure how many answers that will provide.  I don't foresee this student being one of those situations.  I look to this group for insight from other people who may be in similar situations, have far more knowledge in different areas, and I'm sure plenty of people in this group like to tinker who would have further insight yet.  Thank you for giving me some things to look in to.

0 Kudos
Reply

kaned
Contributor II
In response to dhalvorsen

‎02-24-2025 09:25 AM

Feel free to respond back with any info.  It would be nice for the rest of us to be proactive about a similar situation!

0 Kudos
Reply

MattDPenn
Contributor II
In response to kaned

‎02-24-2025 10:50 AM

Can you elaborate on those network tools under Chrome:// for chromebooks? Trying to look up/poke around to see if I can manage pulling the key on my districts devices and either I'm looking at the wrong topics or we've already toggled on whatever would prevent that. I know you used to be able to basically toggle show password in Windows that I think was finally (or at least the easy way) taken away. I know Android (and I think iPhone now?) has the share wifi QR code that basically has the password in plain text.

0 Kudos
Reply

kaned
Contributor II
In response to MattDPenn

‎02-25-2025 05:56 AM

This was a conversation on the previous platform (now unavailable), so I cannot reference conversations/issues.  The WPA key was shown in plain text in the Chrome://policy and Chrome://network.  

"WiFi": { "AutoConnect": true, "HiddenSSID": false, "Passphrase": "********", "SSID": "MySSID", "Security": "WPA-PSK" }

Google fixed those and then it was available in the downloadable network logs for a short period.

This was all at least 12+ months ago, posibly 24+ months ago.

It seems like for a good year, we kept seeing the WPA key popping up in several Chrome:// pages for students.  We have resorted to blocking Chrome://* and specifically allowing certain pages as needed.

To be clear, I do not know of any current ways to do this, but we've blocked almost all of Chrome:// so I'm not in there tinkering much anymore.

Reply

Kim_Nilsson
Admin Moderator
In response to kaned

‎05-07-2025 03:00 AM - edited ‎05-07-2025 03:01 AM

Yeah, back then I added a few addresses to make it harder to get the wifi info out of the device.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines