Sunday, December 21, 2008

Technical Interlude - Give the Gift of Safe

Happy Chanuka! Here is a gift for you - feel free to pass it on!

If you have kids in the house, you need to be concerned about inappropriate internet sites that are often just an innocent (or intentional) click away. You could take the Lakewood approach and simply ban the internet from your house completely, but of course you wouldn't be reading a heretic's blog in the first place if that is your mindset. I have tried numerous site and content filtering options over the years, and was never happy with software-based solutions (the Net Nanny method). For a while I used Smoothwall (more on that later) but currently have settled on a free service called OpenDNS. OpenDNS works by modifying the DNS settings on your PC so that all network name requests are routed through their servers. You can then manage the settings for your network (and here you have to know a little about how your internet provider dishes out your IP address, whether dynamic or static, with the former requiring a few extra steps on your part) to, for example, block categories of sites (OpenDNS provides a large number of them, such as pornography, gambling, and religious(!)), block individual sites (e.g.,, or open up a site that may be in a blocked category.

There are a few caveats that you need to know about this feature of OpenDNS. First, it works by blocking whole domains, and is therefore not useful if you need more sophisticated content filtering, for example if you want to block only certain pages on a site, or filter out specific words or images that you deem inappropriate. Second, since it works by changing the DNS settings on the PC, resourceful kids can override these settings if they have administrator privileges on a Windows PC (which should never be the normal mode with which they logon. Keep in mind also that if someone has physical access to a machine, if is very difficult to prevent a knowledgeable person from getting administrative access to a PC. But if your kids are bent on subverting your house rules, I suggest family therapy sessions.)

We have a bunch of computers in our house, and I have updated all of them (except for my own, no jokes please, this helps me evaluate whether a blocked site should be opened up) to use OpenDNS. It requires minimal management and works flawlessly. It may not give you all of the features of some commercial products but it is well worth a test drive. Even if you don't care about the domain filtering feature, it is still worthwhile to use the service for its phishing protection, cool network statistics pages, network shortcuts, and other features. And oh yeah, did I say that it's free??

If you would like internet content filtering - and are technically competent - I recommend using Smoothwall, an open-source (free) network firewall. Smoothwall, which will run on a cheap throwaway PC, can do just about anything you desire with a firewall (intrusion detection, VPN, etc etc) PLUS it can be used with the very sophisticated Dansguardian to filter actual content of pages based on such methods as phrase matching and URL filtering. Just be aware that if you do install a Smoothwall firewall, you'll be spending lots of time fiddling & playing with it, not because it is inordinately difficult to setup but because it so amenable to tinkering!

No comments: