Back to overview

Cloud Security, Network Security, Education

Protecting K-12 Chromebook Users with SonicWall Internet Threat Protection

by Sheldon Rezendes

Simplified deployment, real-time protection and seamless management for K-12 and businesses.

We’re excited to announce the availability of our Internet Threat Protection (ITP) capability for managed Chromebooks, expanding support for K-12 education and businesses that rely on Chromebooks for daily operations.

Part of SonicWall Cloud Secure Edge (CSE), ITP protects users from malicious websites, ransomware, and phishing attacks by inspecting internet traffic using DNS filtering. This capability is crucial as cyberattacks increasingly target web and cloud-based vectors. CSE also allows organizations to enforce customized policies that block specific categories of websites, such as gaming, gambling, adult content, and more.

Benefits of Adding ITP to Chromebook Endpoints

  • Simple Deployment: Easily deploy ITP across your Chromebook fleet using Google Workspace’s Zero Touch Enrollment.
  • Automatic Blocking: Instantly block known malicious domains with customizable category filters tailored to your organization’s needs.
  • Easy to Manage: Manage all user access and settings for ITP directly within Google Workspace.
  • Immediate Changes: Policy updates take effect immediately, ensuring real-time protection.
  • Always On: Chromebook users are protected both on and off the organization’s network, with ITP activating as soon as they sign into their device.

Diagram.jpg

CSE Licenses: Secure Internet Access

Both the Basic and Advanced CSE licenses include Internet Threat Protection (ITP) for Windows, macOS, and now Chromebook endpoints. These licenses are available as a monthly subscription. For a detailed comparison of what's covered under each license, visit the Internet Threat Protection page.

Use Case: Ongoing Deployment

One of our customers is currently deploying CSE for Chromebooks across more than 2,000 devices. Using CSE’s self-service platform, their IT team can centrally deploy and manage all these thin clients with ease. With CSE, administrators can enforce policies across all devices within minutes and benefit from greater stability, thanks to built-in fallback mechanisms that outperform previous solutions. Policies can be tested on a small group of devices before rolling them out to the entire fleet. Administrators configure these policies within the CSE interface, which are then applied via the Google Chrome extension.

Cloud Secure Edge for Education

In today’s digital-first educational landscape, K-12 institutions face unique challenges in providing safe and open access to online resources while ensuring student protection and regulatory compliance. SonicWall delivers internet threat protection through content and threat filtering, enabling a secure and compliant learning environment. Our ITP on Chromebooks helps primary and secondary schools, as well as libraries, safeguard children from inappropriate and harmful content while also supporting compliance with CIPA (Children’s Internet Protection Act).

cipa_sample.png

DNS Filtering: A Key Component of Internet Threat Protection

DNS filtering plays a vital role in Internet Threat Protection (ITP) with CSE, acting as the first line of defense by blocking access to malicious websites and harmful online content at the DNS resolution level. With DNS-layer security, administrators can determine which domains or categories of domains should be restricted. These configurations, including domain categories and app filters, are added to an ITP policy.

Within Google Workspace, DNS settings are adjusted to utilize DNS over HTTPS (DoH). This setup includes the device’s unique identifier in communications with the SWG agent, which evaluates whether the request aligns with the ITP policy. All Chromebooks are pointed directly to the appropriate ITP policy, eliminating delays between policy updates and user protection.

The SWG agent categorizes requests from devices in real-time, enforcing the ITP policy as follows:

  • Blocked Requests: If a request is blocked, the device is redirected to a customizable block page, where organizations can tailor the messaging.
  • Allowed Requests: If a request is allowed, the device proceeds without any notification of the evaluation process.

Content Categories we can block include:

  • Adult Issues
  • Anonymizer/Disguised Activity
  • Criminal
  • Criminal activity
  • Drugs
  • Gambling
  • Aggressive
  • Discrimination/Hate
  • Sex and Nudity
  • Lingerie/Swimsuit
  • P2P Sharing
  • Pornography
  • Tobacco
  • Violence
  • Weapons

 Threat Categories (Blocked Automatically):

  • Bots / Cryptomining 
  • Dangerous Configuration/History 
  • Dangerous 3rd Party Infrastructure 
  • Dangerous Name Server 
  • Malicious SSL Cert 
  • Malware / Ransomware 
  • Malware C2 
  • Phishing 
  • Risky DNS Transactions 
  • Spam / Ad Fraud / Spyware 
  • Other Known Bad (Community Intelligence)

Want to Learn More?

Share This Article

An Article By

Sheldon Rezendes

Product Manager

Sheldon Rezendes heads up Cloud Secure Edge's Secure Internet Access from a Product Management perspective. His background includes a variety of roles centered on network, endpoint and platform security. He is passionate about the evolution of security and helping customers through all stages of their cloud journey.   

Related Articles

  • Need for Speed: Key Insights From the 2025 SonicWall Cyber Threat Report
    Read More
  • How to Address the Top 5 Cloud Security Challenges with Virtual Firewalls
    Read More