Router app parental control help

[Soniczed]

Hi there guys I'm looking for some help on parental control
Basically I have a house with a separate garage and a barn all 3 far apart
And want to have wifi on all 3 but with parental control
So my problem is how can I do this
My first idea is to have my main router on the house and one access point on each of the other 2 locations with open DNA on the main router my problem then became that all computers and devices are restricted and I woul like to have a few unrestricted like my own laptop and the wife's tablet and our phones
And everyone else that comes visit including my 4 kids will be restricted anywhere they go ????????
Tus is where I got stuck
Any help is greatly appreciated

 

[stevech]

you skipped the part about parental directions and consequences for cheating.

 

[Chunkers]

I went a fair amount of trouble looking into this kind of thing for my kids and after looking at the hardware options (including quite expensive custom router solutions running DansGuardian web filtering etc)

My eventual conclusion is that its hard to beat setting up your router to use openDNS (or similar) as its DNS server. If your kids are savvy enough to find a way round it they will probably will for most other solutions.

I sue openDNS free content filtering service and it works very well and I have confidence it protects the family from the worst of what the internet has to offer.

If your router supports it I guess you could have multiple sub networks e.g. LAN's some of which have direct access and others using openDNS or use 'exceptions' with different security?

Regards

Chunks

 

[Soniczed]

Open dns on netgear router

Ok so my main router is a netgear that supports opendns my problem is the entire network is now filtered where I woul like to have unfiltered access to a couple of devices like my smartphone , home server and laptop
Does anyone know how to acomplish this on opendns? Or any other router with the capability to allow unfiltered access to desire devices. ???

 

[coxhaus]

One way to lock down your network may be to use openDNS and then lock down all other DNS inside of your network. Use an access list to block all other DNS outside of your network. This will force everybody inside of your network to use the only DNS you provide which happens to be openDNS.

The problem comes when you allow exceptions. If you allow you’re MAC or IP address to use a different DNS then your kids can spoof your MAC or IP address if they know enough networking skills.

 

[CaptainSTX]

The problem comes when you allow exceptions. If you allow you’re MAC or IP address to use a different DNS then your kids can spoof your MAC or IP address if they know enough networking skills.

Unfortunately it doesn't take any more skill than being able to do a Google search and find and download a simple utility to change either a PC's MAC or IP. The only way to prevent this ( at least make it much more difficult ) is to take away administrative privileges on all PCs that you want to control.

 

[F5ing]

Or use the OpenDNS servers as static DNS on each machine that you want to filter. And then remove administrator priveleges for the users of each of those machines.

Then all other machines will use the DNS that's configured in the router.

 

[coxhaus]

Or use the OpenDNS servers as static DNS on each machine that you want to filter. And then remove administrator priveleges for the users of each of those machines.

Then all other machines will use the DNS that's configured in the router.

If you don’t lock DNS at the router then the kids only need a new machine such as a iPhone, iPad, PS3, or etc. to bypass the DNS lock down.

Actually a product like the free for home use Untangle software would be much better but it requires an extra PC to run it and some networking skills to setup.

 

[stevech]

If you don’t lock DNS at the router then the kids only need a new machine such as a iPhone, iPad, PS3, or etc. to bypass the DNS lock down.

What am I missing? A computer or smart phone can be user configured to use a specific DNS, rather than the one that comes from the router via DHCP.

 

[coxhaus]

I don’t think you read the whole post. If you create access lists to block all DNS traffic except for the specified DNS, then all other DNS will fail. I currently run my network that way. You cannot use my network with any DNS but the one I hand out. I don’t care what overrides are setup on the machine the traffic will not pass as the router blocks all DNS traffic except for the DNS servers I have setup.

 

[F5ing]

Or use the OpenDNS servers as static DNS on each machine that you want to filter. And then remove administrator priveleges for the users of each of those machines.

Then all other machines will use the DNS that's configured in the router.

If you don’t lock DNS at the router then the kids only need a new machine such as a iPhone, iPad, PS3, or etc. to bypass the DNS lock down.

Just trying to give the OP some options to think about.

As far as the kids are concerned, if they don't already know the WLAN password(s), they won't be able to connect any of the "new" machines without doing some "homework".

 

[Soniczed]

Kate too young to know about config

Thank you all for the suggestions as far as config goes the router is already setup with opendns and it works great blocking filtered content my one problem is on devices I don't want to be filtered I am looking for a way to allow them with out any filters be it smartphone, tablet , pc ,etc......
The router I have comes with an app that allows me to create profiles but this requires me ti give out the admin password of the router isn't that stupid for a security standpoint.
So I'm still looking for a solution
Any sggestions ?????
Thanks

 

[stevech]

to bypass openDNS filtering. I recall that they have a way for adults to do so with password, etc.

Or, for PCs not filtered,just go into the network adapter settings and give a static DNS server address of 4.2.2.2

 

[PrivateJoker]

to bypass openDNS filtering. I recall that they have a way for adults to do so with password, etc.

Or, for PCs not filtered,just go into the network adapter settings and give a static DNS server address of 4.2.2.2

Yes that's true, assign devices static IPs, and on the device end, input that info too and manually select either a filtered DNS or non-filtered.

 

[coxhaus]

Or, for PCs not filtered,just go into the network adapter settings and give a static DNS server address of 4.2.2.2

If you allow the router to pass traffic from overrides on a PC from static entries then you are wasting your time trying to block anything.

 

[PrivateJoker]

If you allow the router to pass traffic from overrides on a PC from static entries then you are wasting your time trying to block anything.

I think this was a "filter everything" suggestion, w/ an idea on how specific devices could use the network but bypass the filtered DNS, by design (ie like a white list) by assigning google DNS or something similar to them instead of pointing those clients at router for DNS?? I might be misunderstanding.

 

[coxhaus]

I don’t have an answer but once you open a hole then the hole will spread. The hole needs to be password protected so the IP address or MAC cannot be spoofed.

 

[PrivateJoker]

I don’t have an answer but once you open a hole then the hole will spread. The hole needs to be password protected so the IP address or MAC cannot be spoofed.

If you're in a situation where users being able to spoof MAC addresses is a serious threat to whatever incoming or outgoing firewall you're trying to setup for the internet at your home, I think your kid has proved s/he is on the fast track to a solid GPA already. Just saying . . .

I did an unnarrated screencast on my Mac showing that this is possible. I didn't show the part where I change my router to use OpenDNS's servers and the part where I use a desktop widget (or DNSomatic in the Asus, or other things) so they know my external IP, so pretend that part was done.

Not necessarily endorsing this method, just saying it's possible to "white list" the DNS of certain machines in your network, and yes anyone could do it theoretically if they knew how or what was going on.

https://vimeo.com/74027217

 

[coxhaus]

PrivateJoker,

You need to check out what CaptainSTX wrote early on in the thread where a kid can Google how to change DNS and even download a tool to override the current DNS settings to bypass security.

 

[PrivateJoker]

PrivateJoker,

You need to check out what CaptainSTX wrote early on in the thread where a kid can Google how to change DNS and even download a tool to override the current DNS settings to bypass security.

But that's the caveat, if your kid is that smart, filtering the net should not be where you're spending your free time. Get the kid some piano lessons and an erector set, maybe a chess board.

It's also one of the many, very literal metaphorical similarities between real world security and network security. I have some pretty strong door locks & dead bolts on all of my entry doors along with heavily reinforced door frames, and metal reinforcement to slowdown the effectiveness of any pry attempts directly at lock area. Also long throw dead bolts into 2 pieces of 1/4" steel sunk with 4" screws. Best case scenario it takes 60-90 seconds longer to get into my house. A very determined person could still do it, no problem.

Sometimes making your IT security 60-90 sec harder to defeat (and totally dissuading 80% of intruders/kids from attempting in the first place with your defenses) is the best possible situation, because at the end of the day someone determined enough, experienced enough, smart or lucky enough will get into it if they choose to.

I know the doors to my home are the most difficult to enter of any home within 1/4 of a mi of me, minimally. . .I've looked hard during my dog walks. That improves my chances a lot, even though maybe a very determined kid or burglar could watch a couple videos on youtube and be able to bump/pick my locks open in seconds, still I made it far more challenging and maybe I created enough frustration time for the burglar to pick another house, or the kid to do something better with his time. That's all I can reasonably hope for.