Saturday, August 31, 2013

Internet Security – Time to lockdown my nerd apprentice – part 2


In my first post I gave a brief overview of how I am creating a security/protection strategy for my family network.
Suffice it to say I am trying to get ahead of my little nerd/geek before he knows what's up. In the last week alone with the blog post and the changes I have already made at the firewall level and the relentless requesting of his phone I think he's starting to get suspicious. I need to toe a fine line, I want to lock him down but not be repressive. If I am to hard line I will probably trigger some animal instinct to make him want to break out from under the thumb of "the Man".

Progress on the Lock down...

I have signed up for the free version of OpenDNS Parental controls as a starting point. If you are a geek/nerd skip the next few sentences. For the rest of you DNS stands for domain name system. I know still not helpful.  So in simple terms DNS converts the human readable http://google.com it into to the IP address 173.194.46.9 that the "World Wide Web" understands.   Imagine if you had to rember that address everytime you wanted to go to google, it would be unbearable. In comes DNS to save the day and give us an easy way to remember our favorite website addresses. Most likely the DNS system you use is provided by your Internet service provider and embeded in your router so you never see it.

Most DNS providers are basic.  You type in http://yahoo.com and DNS kicks in and sends your computer 98.139.183.24 and life is good. If you or your kids are in search of a grimier sort of web site DNS still kicks in and returns the DNS address.  OpenDNS accomplishes this same task, but it also acts as a gateway by blocking access to sites that you deem unworthy. 


How do you get started?


  1. The following link will take you to the OpenDNS Parental controls site.
  2. Chose one of the options that best fits your family. Personally I chose the OpenDNS Home option because out of the two free versions this option allows me the most control.
  3. Once you select the option you want you will need to create an account with OpenDNS. I will not go into details since the process is pretty straightforward.
  4. For this next step you will need to gather some information:
    1. The brand of router you use at home
    2. The model number of the router. This is usually printed somewhere on the router usuallly on the back.
    3. Your router user name and password. Should be printed on the router in the same area as the serial number.
  5. Update your router using the directions from the website. The setup is slightly different for every brand of router.
  6. Most home routers today have a dynamic IP Address assigned by your internet service provider. In simple terms it changes every so often. If you have ADD and want to get  completely off track figuring out what a dynamic IP address is, click here.  Otherwise, take my word for it that you most likely have a dynamic DNS at your house so you will need to install a dynamic IP updater. Follow the instruction here to setup the OpenDns Address updater.
  7. Once you have the above steps complete you will need to sign to OpenDNS and set your filtering settings based on cateories you want to allow/block.

At this point you have updated your router and set your blocking and security preference but you are not done. You will need to go and clear your DNS Cache and browser cache. If and you do not clear the cache any bad sites that have already been visitied on your devices will still be visible for some time. This is because nerds are efficient and designed the systems to store ip addresses of sites you frequent locally at the browser or at the router. If you are setting OpenDNS up because you want to block current activity in your home you definitely need to clear the cache. Luckily the site  gives decent instructions on how to do this. The links below will walk you through the process of clearing your cache.

You will need to do this on all computers in your network.  If you have any Mobile devices you will need to clear the DNS cache and Browser cache on all of your mobile devices as well.
I don't have any Adroid devices so I can't really comment. However, on the Iphone follow the steps below:      
  1. go to settings
  2. tap airplane mode to turn it on tap it again to turn it off, this should clear the cache. I did it a couple of time for good measure.
  3. Scroll down through settings to Safari
  4. Tap on Safari
  5. Clear Browsing history. Not sure if steps 3-5 are entirely necessary just wanted to make sure.
Now you are really done unless you want to customize the messages. I did but I am a nerd and wanted to give a funny message to the boy to let him know we would be talking later.

Conclusion

I really like Open DNS and think it is a great first step.  The funny thing is that the wife is actually getting blocked the most.  One of the features of OpenDNS is that it also includes several security blocking features that identify phishing sites and prevents you from falling prey to unscrupulous sites.

Also realize that when a site is blocked you are taken to a blocked page that has a note about why the site is blocked, usually has a way to contact the administrator (you) and has a bunch of ads at the bottom of the site. This might be a turnoff to some people. I'm not sure how the blocked page looks in the paid version just remember you are getting the service for free and this is how they pay the bills.   Luckily the ads respect the types of sites you wanted to block so even though you have some advertising your family is still not exposed to the ick of the internet.

Unfortunately Open DNS does not block everything I wanted to block.  From my testing it does not block google images, or YouTube videos   think it is a beginning baby step. Why? Well some of the things I wanted to block, explicit pictures from Google images, explicit videos from youtube, did not get blocked. I do have to say though that explicit images from Bing did get blocked.   For the real lockdown I am probably going to install something like PFsense and squidGuard but that is a bigger nerd build for another day.  Next on my radar is his I phone...