Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OpenDNS Family Shield


  • Please log in to reply
9 replies to this topic

#1 snglnluvnit

snglnluvnit

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:13 AM

Posted 14 February 2014 - 11:43 AM

Hello all, I am having an issue keeping my step-son off of porn sites.  Without getting into "parenting specifics" I just want to block all access to those sort of sites altogether.  I found this OpenDNS Family Shield, which sounds pretty good!  My question is does anyone know if it will slow down my overall connection.  We have 4 computers in the home and only one needs to be blocked.  Any suggestions, thoughts, experience and opinions are welcome.

 

Thank you,

Scott



BC AdBot (Login to Remove)

 


#2 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 14 February 2014 - 02:53 PM

I have found of late, that Opendns DNS servers are slow. Some routers & gateways, especially ISP provided, do not allow the DNS to be changed, so you have to do router behind router. You can also use Smooth wall, m0n0wall, pfsense to block at the network level, by using it as your router.

Or even better, look for a business grade router, that allows the rules to be set on the router, then using a DNS service. Also using Family safety if you have Windows 8 or 7, you can lock down the machine.

There is the Zyxel ZyWall ZWUSG20 Firewall, which would allow you to harden locally what can and cannot be accessed, if you cannot change the DNS on your router, or find the OpenDN servers slow. http://www.newegg.com/Product/Product.aspx?Item=N82E16833181144

#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:13 PM

Posted 14 February 2014 - 08:27 PM

If your son wants to look at porn you cannot stop him, not even by taking away administrator rights and putting a 'net-nanny' type application on the system. There are plenty of site name/url obfuscation links available online (mostly set up for people blocked for political and torrenting reasons), which will outdo any ISP/proxy/router/firewall configuration.

 

It's tricky... But the reality is, is that if he has access to the machine physically, and knows how to use Google, you cannot stop him.



#4 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 14 February 2014 - 10:17 PM

If your son wants to look at porn you cannot stop him, not even by taking away administrator rights and putting a 'net-nanny' type application on the system. There are plenty of site name/url obfuscation links available online (mostly set up for people blocked for political and torrenting reasons), which will outdo any ISP/proxy/router/firewall configuration.

 

It's tricky... But the reality is, is that if he has access to the machine physically, and knows how to use Google, you cannot stop him.

Actually you can in the same way that your employer stops you from looking at that stuff on their network.  OpenDNS Family shield when set up properly, will stop people from going to those sites.  Only way to get around, is to know what the administrator password is for getting pass the gates so to speak.

 

The best way to do it, is at the LAN, before they can even get out the front door so to speak, by using a security appliance.  I am not worried about it on my network, due to if my son wants to watch or search for that stuff, he can just turn off the wifi on his Samsung S4 Active and look at it.  But on my network, I can control what people are doing, due to I have it secured for not allowing this stuff.

 

If I was going with anything to further lock down my network, I would be looking at the Cisco ASA 5500 series.  It runs around $370, but it is meant for locking down SoHo & remote small to medium sized offices.  http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/product_data_sheet0900aecd802930c5.html  http://www.cisco.com/c/dam/en/us/products/collateral/security/ips-4200-series-sensors/data_sheet_c78_459036.pdf


Edited by Greg62702, 14 February 2014 - 10:26 PM.


#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:13 PM

Posted 14 February 2014 - 10:23 PM

Not so... I know how to several ways to bypass these blocks, it's not hard. My employer could not stop me going anywhere, if they tried.

 

edit: fortunately, for me, I am the person who controls this in my company, and I'm adding rules constantly to curb these practices. But much goes by undetectable...

 

edit edit: here's a great basic example of one bypass.

 

http://www.hidebrowsing.com/

 

but there are others that actually open up the new page inside the current page and the url never changes. there are other services that make a 'tiny' url and never open the full blocked url. other services connect only to the ip address and never search a word in the address bar. To overcome this you could stick on a local 'netnanny' type service, but if the user has access to the machine they can just boot off a live disk and do what they want anyhow... There's no realistic way to stop a determined person who can use google.


Edited by TsVk!, 14 February 2014 - 10:36 PM.


#6 snglnluvnit

snglnluvnit
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:13 AM

Posted 14 February 2014 - 10:50 PM

Well, I want to thank everyone who responded.  I have struggled with him on this subject for many years.  He is my stepson and on certain things my hands seem to be tied.   

Thanks,

Scott



#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:13 PM

Posted 14 February 2014 - 10:53 PM

good luck Scott...



#8 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 15 February 2014 - 02:04 AM

TsVk!, what you are suggesting, will get people fired from their jobs.  If I did that on my employer's network, which is a government employer, and we deal with HIPAA all day long, the management would not bat an eyelash to escort someone out, that is trying to get around the protection.  It is a known fact that Porn sites are laden with maleware.

 

As for the Lan coordinator, telling people it is okay to circumvent any security measures on a network, is a very easy way to lose your job.  Especially since this forum is crawled by various Search Engines.



#9 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 15 February 2014 - 02:07 AM

Well, I want to thank everyone who responded.  I have struggled with him on this subject for many years.  He is my stepson and on certain things my hands seem to be tied.   

Thanks,

Scott

The problem is that it is not your son.  It is your Step-Son.  All you did was take over the lease as the father figure in the relationship.  If his mother is doing nothing to curb the activities, or looks at it as nothing is wrong with what he is doing, your hands are tied.

 

Now of course if mom is on board, and also looking for a way to secure the network, keep malware from infecting the machine that was used to browse to porn sites, and to also keep it from propagating to the other computers on the network, your best bet is going with a hardware Security appliance, over something like OpenDNS.

 

It is very easy to get around that security measure, and kids these days, usually know more about computers and networking, then the majority of the parents out there.



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:13 PM

Posted 15 February 2014 - 02:07 AM

TsVk!, what you are suggesting, will get people fired from their jobs.

 

I'm not suggesting anything... just stating facts.


Edited by TsVk!, 15 February 2014 - 02:10 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users