Protect Your Home Network With Web Content Filtering
By Eric Geier
With more and more Wi-Fi devices--smartphones, iPods, tablets, gaming consoles--it becomes harder to enable web content filtering for all your computers and devices. However, instead of installing filtering software on each PC and trying to figure out the filtering for each mobile device, you may want to implement a network-wide solution. These can provide filtering at the network-level, which will work on every device, including mobile devices that might not even have filtering capabilities itself.
In this tutorial, we'll discuss a few different network filtering options that can protect your home or small business by blocking adult content, phishing attempts and other dangerous sites. Then we'll go into details on one solution and see how to get started.
Home network filtering options
There are four main ways to get network-wide filtering:
First, most routers have a built-in website filtering feature. However, this is only useful if you want to block or allow a few specific sites. It won't block all adult sites, for example.
Second, some routers also provide a real content filtering solution, which lets you block sites based on categories. This provides good protection but usually requires signing up and paying for the service. These solutions are typically targeted toward home and home-office networks.
Note: To see if your router has a website filtering or content filtering solution, check your router's documentation, product details online, or login to its Web-based control panel.
Third, there are Web content filtering solutions that are DNS-based and don't require any additional software or hardware on your network. DNS is used in the background on every network to help enable Web browsing. To use a DNS-based filtering solution, you'd simply have to change the DNS server addresses on your router. These solutions can be used in homes and businesses.
The only catch to a DNS-based solution is that technically inclined users (your children or employees) can bypass it by setting a different DNS address on their computers or mobile devices. However, this loophole can be patched. Most routers have a port filtering or blocking feature. You can use it to block users from being able to access port 53 to all IP addresses except the IP addresses of the desired DNS-based filtering solution. Thus users are blocked from using any other DNS servers and must use the one you've configured that has content filtering enabled.
Fourth, you can use a filtering appliance, which sometimes can provide additional services such as firewall, anti-spam and anti-virus. You can purchase and install a piece of hardware, popular in larger organizations. Smaller businesses might prefer to create their own, such as with Untangle.
Using OpenDNS for content filtering
We're going to discover and setup the DNS-based solution from OpenDNS. The company offers a free service that's great for home and small business networks. Though there are advertisements, they're only on the Guide and block pages, which you shouldn't see often. Setting up the service consists of creating an account, configuring your router, and then logging onto the OpenDNS Dashboard to set your filtering and security settings.
OpenDNS gives you Web content filtering on 50 different categories, lets you allow or block specific sites, and offers phishing and botnet protection. In addition to filtering and security, OpenDNS has a few other enhancements over the traditional DNS service ISPs provide, such as SmartCache, typo correction, and shortcuts.
To get started, create an OpenDNS account. During this process, step 2 will help you change your DNS settings. Select the Router option, which will help you configure your router with their DNS addresses: 184.108.40.206 and 220.127.116.11. As their directions say, be sure to flush your DNS resolver cache and Web browser cache after configuring your router. If you don't, it might be some time before OpenDNS works.
Note: If you changed the default password for your router and can't remember it, you can reset the router back to defaults by pressing and holding the reset button on the back of the router for up to 20 seconds. However, be sure to reconfigure your wireless and security settings.
Next, you should click the link on the bottom of the router configuration page to continue. It should test your settings, say it's successful, and point you to the Dashboard.
The Dashboard should bring up the Settings page, prompting you to add a network. Click the Add This Network button. When prompted, create a friendly name and select whether you have a dynamic IP or not. If you don't understand what a dynamic IP is, you can click the link. If you are using a dynamic IP for your Internet connection, you can download their updater software. However, if your PC isn't always going to be on and running, you should configure your router to update your IP (as discussed two paragraphs down) after configuring your OpenDNS Network and settings.
Once the Network has been successfully added, select the Settings page again. You should see your network listed; click on its IP address to edit all the network settings. Go through each setting on all the setting pages. It can take several minutes for setting changes to take effect.
If you have a dynamic Internet IP address and you'd rather have your router keep OpenDNS updated with your changing IP (instead of a PC), start by configuring your DNS-O-Matic account. This account is automatically created when you signup up with OpenDNS and uses the same username and password. Once logged on, select OpenDNS as the service, select the desired network (if you have multiple networks), and then click Update Account Info. Now you must log onto your router's control panel by entering its IP address into a browser, just like you did when configuring the DNS addresses. Then find the Dynamic DNS settings and enter them:
Nothing is foolproof
We discussed several ways to implement Web content filtering across an entire network. However, remember that no way is full proof. There will always be loop holes where users can bypass the filtering. A popular method that affects nearly all solutions is using a VPN or proxy site or service. Though most solutions can block users from downloading or using these types of sites and services, users could bring their own software on a flash drive.
You should always couple good supervision along with filtering. You might also want to look into using the Parental Controls of Windows Vista or 7 to better control other computer usage.
Eric Geier is a freelance tech writer and author of many networking and computing books. He also founded NoWiresSecurity, which helps businesses quickly and easily protect their Wi-Fi with enterprise-level security. Additionally, he's a Field Technician for Fast-Teks, an on-site computer services company that has hundreds of locations across the US.
For more help, check out the PracticallyNetworked Forums.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|