PPRuNe Forums

Go Back   PPRuNe Forums > Misc. Forums > Computer/Internet Issues & Troubleshooting
Forgotten your Username/Password?

Computer/Internet Issues & Troubleshooting Anyone with questions about the terribly complex world of computers or the internet should try here. We will also try and help with troubleshooting any technical problems you may have with the forums.


Reply
 
Thread Tools
Old 2nd May 2012, 11:14   #1 (permalink)
 
Join Date: Jul 2003
Location: Oz
Posts: 740
Kids, computers & Networking.

My partner is moving in with me shortly with her teenage kids. Already, I'm getting sick of the.........."can i have the computer to go on facebook". So i want to find a solution.

Plan is to buy a couple of cheap laptops, but i want to my PC to act as a server/router, so i can have control of the internet. Partly so i can monitor what they are looking at, and, for disciplinary reasons, I can turn their internet connection off. Denial of facebook works wonders for behaviour modification.

In ideas on equipment and software?
nomorecatering is offline   Reply
Old 2nd May 2012, 12:24   #2 (permalink)

PPRuNe Spoonerist
Moderator
 
Join Date: Sep 2003
Location: Twickenham
Posts: 6,024
I have 2 teenage sons, and have reasonable experience in this area!

Personally I would not attempt to use one PC as a "server", unless you actually have a server OS installed, and can work with a domain rather than a workgroup. ICS has no support for content filtering and logging, which would be one of the main reasons you would want to use it in your scenario.

I suggest that you use a broadband router that allows you to set internet access policies based on IP address, controlling time for internet access (or just turning it off). Most routers give you the option to allow / block a handful of sites / domains, which can be handy, but it's not large enough to be useful, although the router logs may be able to show where they have been visiting.

For much greater control, configure the laptops to use OpenDNS as their DNS servers. You can then tailor the kind of sites that are allowed / blocked. Free subscription gives you adequate granularity: if you pay more you can get a longer black / white list to play with. You can investigate various free and non-free software like Net Nanny etc., but I find that Open DNS with minor tuning works reasonably well.

You can implement log on time restrictions directly on the laptops using local Group Policy settings in Windows.

You can, if necessary, remotely shut down a PC from another, provided you have admin rights on the target.

Above all, make sure their accounts are User-level only and set a BIOS access password on the laptops (and if necessary a power-on password), so that if you want to block booting from Optical / USB drives it won't be (easily) bypassed.


SD
__________________
This isn't a signature
Saab Dastard is offline   Reply
Old 2nd May 2012, 14:22   #3 (permalink)
Hippopotomonstrosesquipidelian title
 
Join Date: Oct 2006
Location: is everything
Posts: 1,589
The right router will also let you set your policies for individual computers by registering their MAC addresses, so you can ground one teen without grounding the other (or yourself).

And limit their bandwidth for torrents :-)
Bushfiva is online now   Reply
Old 2nd May 2012, 14:48   #4 (permalink)
 
Join Date: Aug 2002
Location: Earth
Posts: 3,172
Quote:
In ideas on equipment and software?

Three words.....

Faronics Deep Freeze

Then, no matter what weird and programs they download from questionable sources, all you need to do is reboot and you're back to a known-good config (once you've done the prep work of setting up that config to your liking and frozen it, of course) It's the sort of thing they use in internet cafs, libraries etc..... and not as expensive as you think for a basic implementation.

Should work wonders combined with the usual lockdown precautions of user-mode accounts, BIOS passwords and disabling USB/CD boot etc. etc..

As for what you use to stop them viewing porn, well that's up to you. There are a multitude of options out there. Saab's one of using something like OpenDNS sounds better than using some proxy software on your PC ..... what happens if your PC breaks ? You want to minimise easily avoidable SPOF's and excessive management time. Plus if you go the PC control route, and they find that out, it's going to be their primary attack target !

As for equipment ? Panasonic Toughbooks are probably just about teenager proof !

mixture is offline   Reply
Old 2nd May 2012, 16:31   #5 (permalink)

I'd rather be floating

 
Join Date: Nov 2000
Location: Cambridge, England
Posts: 2,727
Quote:
For much greater control, configure the laptops to use OpenDNS as their DNS servers.
Anything that relies on configuration on the laptops will of course be subverted by any teenagers who are sufficiently not-lazy that they can be bothered to do it.

My kids know that in theory I can look at the router logs to see what they've been doing, and that in theory I can block their internet access. In practice the only time I ever have completely disconnected them was when they allowed viruses into my network ... which hasn't happened for many years now.
Gertrude the Wombat is offline   Reply
Old 2nd May 2012, 16:44   #6 (permalink)
 
Join Date: Apr 2010
Location: Europe
Posts: 87
Dunno much about the complicated things, but it's said (and many parents think it's true, years of teacher-experience confirm it) - don't give them anything they can hide in their room with. Seriously. Unless it's a book.
probes is online now   Reply
Old 2nd May 2012, 16:53   #7 (permalink)

PPRuNe Spoonerist
Moderator
 
Join Date: Sep 2003
Location: Twickenham
Posts: 6,024
Quote:
Anything that relies on configuration on the laptops will of course be subverted by any teenagers who are sufficiently not-lazy that they can be bothered to do it.
GTW, not if they can't log on as an administrator, and can't boot from USB / DVD as I mentioned.

Quote:
Above all, make sure their accounts are User-level only and set a BIOS access password on the laptops (and if necessary a power-on password), so that if you want to block booting from Optical / USB drives it won't be (easily) bypassed.
SD
__________________
This isn't a signature
Saab Dastard is offline   Reply
Old 2nd May 2012, 17:23   #8 (permalink)
 
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 43
Posts: 1,110
Set the DNS that's distributed by the router's DHCP to be OpenDNS, and block in the router the use of any other DNS servers but theirs (tcp port 53). Then go to OpenDNS's website and create an account for your site and set it up so that you can control what's passed or denied. You might be able to get it to notify you when they go looking for malicious stuff too.

That way, all you need to do is to ensure you hide the router connection details from your ISP and password protect your router, and there's nothing they can do about it.

Simples
Mike-Bracknell is offline   Reply
Old 2nd May 2012, 21:05   #9 (permalink)


Probationary PPRuNer
 
Join Date: Jan 2012
Location: .
Posts: 2,184
You're all missing something

The normal openDNS servers at
208.67.222.222
208.67.220.220
are only filtered for bots / malware /phishing - not for porn or other undesirables.


If you want to make the browsing "family safe" then use their "family shield" servers at
208.67.222.123
208.67.220.123
Set those as your DNS servers - either on the router (if you want to protect the whole network) or just on the kids machines (if you want to be able to see the mucky stuff on your old machine
One point though - whichever way you go, make sure the kids can't change it back. Password out the router access, and only let the kids have access to a limited user account on the PC so they can't change the network settings

its also worth taking a look at the Microsoft Family Safety app - part of the Windows Live suite (though that can drive you mad with the number of requests it makes)
Milo Minderbinder is offline   Reply
Old 2nd May 2012, 21:45   #10 (permalink)
 
Join Date: Aug 2002
Location: Earth
Posts: 3,172
Quote:
and only let the kids have access to a limited user account on the PC so they can't change the network settings
How do you stop them setting up a proxy in the browsers ? (I know you can group policy out IE, but what about insert_your_preferred_browser_here)
mixture is offline   Reply
Old 2nd May 2012, 22:00   #11 (permalink)


Probationary PPRuNer
 
Join Date: Jan 2012
Location: .
Posts: 2,184
not something I've ever needed to play with much, but I assume you mean install proxy software on the local machine? If they only have a limited user account they won't be able to install it.
If you mean use an external proxy, then either block it through the HOSTS file, make the site untrusted, or block it through the router firewall
Of course identifying it first is the problem......
Milo Minderbinder is offline   Reply
Old 2nd May 2012, 22:03   #12 (permalink)
 
Join Date: Aug 2002
Location: Earth
Posts: 3,172
Quote:
but I assume you mean install proxy software on the local machine?
Erm no.... I mean a kind soul operating a proxy out on the inter web on ports 80 or 443 .... stick that in Preferences -> Proxies of the browser of your choice... and there you go ..... browsing freedom regained.
mixture is offline   Reply
Old 2nd May 2012, 22:08   #13 (permalink)

PPRuNe Spoonerist
Moderator
 
Join Date: Sep 2003
Location: Twickenham
Posts: 6,024
Quote:
The normal openDNS servers at
208.67.222.222
208.67.220.220
are only filtered for bots / malware /phishing - not for porn or other undesirables.
Milo,

This is simply not the case. Can I suggest that you visit OpenDNS and find out? You do need to subscribe, but this is free. Believe me, it is possible to do a great deal more than you state.

Quote:
I mean a kind soul operating a proxy out on the inter web on ports 80 or 443 .... stick that in Preferences -> Proxies of the browser of your choice... and there you go ..... browsing freedom regained.
Interestingly, Proxy/Anonymizer is one of the categories of sites that OpenDNS can block, although I guess that entering one into the browser as an IP address might circumvent this.

SD
__________________
This isn't a signature
Saab Dastard is offline   Reply
Old 2nd May 2012, 22:11   #14 (permalink)

PPRuNe Spoonerist
Moderator
 
Join Date: Sep 2003
Location: Twickenham
Posts: 6,024
And another thing I just remembered - you can set Google to "safe" or "moderate" search settings, and password protect it - this needs to be done for each browser, but affects all users of the computer.

SD
__________________
This isn't a signature
Saab Dastard is offline   Reply
Old 2nd May 2012, 22:20   #15 (permalink)


Probationary PPRuNer
 
Join Date: Jan 2012
Location: .
Posts: 2,184
Mxture
As I said, I've never had to do it, but a quick Google finds

for IE
Disable changing proxy settings

for Firefox
Chris Ilias’ Blog : Locking Mozilla Firefox Settings

I'm sure it must be possible to find similar for the other browsers
Got any better ideas?
Milo Minderbinder is offline   Reply
Old 2nd May 2012, 22:24   #16 (permalink)


Probationary PPRuNer
 
Join Date: Jan 2012
Location: .
Posts: 2,184
Saab
when you say "sign up" do you mean to their "family shield" project? Those are the very servers that I listed - you can access them without signing up

You CAN do more by using their "normal" servers but (at least the last time I looked) you needed to install some of their software and thats just another layer of complexity you don't need
Plugging in the two "family shield" servers addresses into your DNS resolution "just works"
Milo Minderbinder is offline   Reply
Old 2nd May 2012, 22:29   #17 (permalink)

PPRuNe Spoonerist
Moderator
 
Join Date: Sep 2003
Location: Twickenham
Posts: 6,024
Quote:
but from memory to do that you need to intall their software (or did last time I looked)
Well you certainly haven't had to do that for the last 3 years! No software installed on any PC, either to configure or use it.

I initially had the family ones installed, but found that they were too restrictive. The configurable ones give you 56 categories to allow / block, plus at least 15 or 20 domains you can add as exceptions for the free subscription, increasing to many more if you pay.

SD
__________________
This isn't a signature
Saab Dastard is offline   Reply
Old 2nd May 2012, 22:34   #18 (permalink)


Probationary PPRuNer
 
Join Date: Jan 2012
Location: .
Posts: 2,184
Saab
can I ask you to check which of the two pairs of servers you are using?
Milo Minderbinder is offline   Reply
Old 2nd May 2012, 22:37   #19 (permalink)

PPRuNe Spoonerist
Moderator
 
Join Date: Sep 2003
Location: Twickenham
Posts: 6,024
208.67.222.222
208.67.220.220

SD
__________________
This isn't a signature
Saab Dastard is offline   Reply
Old 2nd May 2012, 22:50   #20 (permalink)


Probationary PPRuNer
 
Join Date: Jan 2012
Location: .
Posts: 2,184
Saab
OK, I see what you mean now. Things have changed a bit there
However I'd still maintain that for the average home user, just plugging those alternate server addresses in is the easier options
Milo Minderbinder is offline   Reply
Reply
 
 
 


Thread Tools


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT. The time now is 08:59.


vBulletin® v3.8.7, Copyright ©2000-2014, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1
© 1996-2012 The Professional Pilots Rumour Network