PPRuNe Forums

PPRuNe Forums (https://www.pprune.org/)
-   Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)
-   -   Kids, computers & Networking. (https://www.pprune.org/computer-internet-issues-troubleshooting/484282-kids-computers-networking.html)

nomorecatering 2nd May 2012 11:14

Kids, computers & Networking.
 
My partner is moving in with me shortly with her teenage kids. Already, I'm getting sick of the.........."can i have the computer to go on facebook". So i want to find a solution.

Plan is to buy a couple of cheap laptops, but i want to my PC to act as a server/router, so i can have control of the internet. Partly so i can monitor what they are looking at, and, for disciplinary reasons, I can turn their internet connection off. Denial of facebook works wonders for behaviour modification.

In ideas on equipment and software?

Saab Dastard 2nd May 2012 12:24

I have 2 teenage sons, and have reasonable experience in this area!

Personally I would not attempt to use one PC as a "server", unless you actually have a server OS installed, and can work with a domain rather than a workgroup. ICS has no support for content filtering and logging, which would be one of the main reasons you would want to use it in your scenario.

I suggest that you use a broadband router that allows you to set internet access policies based on IP address, controlling time for internet access (or just turning it off). Most routers give you the option to allow / block a handful of sites / domains, which can be handy, but it's not large enough to be useful, although the router logs may be able to show where they have been visiting.

For much greater control, configure the laptops to use OpenDNS as their DNS servers. You can then tailor the kind of sites that are allowed / blocked. Free subscription gives you adequate granularity: if you pay more you can get a longer black / white list to play with. You can investigate various free and non-free software like Net Nanny etc., but I find that Open DNS with minor tuning works reasonably well.

You can implement log on time restrictions directly on the laptops using local Group Policy settings in Windows.

You can, if necessary, remotely shut down a PC from another, provided you have admin rights on the target.

Above all, make sure their accounts are User-level only and set a BIOS access password on the laptops (and if necessary a power-on password), so that if you want to block booting from Optical / USB drives it won't be (easily) bypassed.


SD

Bushfiva 2nd May 2012 14:22

The right router will also let you set your policies for individual computers by registering their MAC addresses, so you can ground one teen without grounding the other (or yourself).

And limit their bandwidth for torrents :-)

mixture 2nd May 2012 14:48


In ideas on equipment and software?

Three words.....

Faronics Deep Freeze

Then, no matter what weird and programs they download from questionable sources, all you need to do is reboot and you're back to a known-good config (once you've done the prep work of setting up that config to your liking and frozen it, of course) It's the sort of thing they use in internet cafs, libraries etc..... and not as expensive as you think for a basic implementation.

Should work wonders combined with the usual lockdown precautions of user-mode accounts, BIOS passwords and disabling USB/CD boot etc. etc..

As for what you use to stop them viewing porn, well that's up to you. There are a multitude of options out there. Saab's one of using something like OpenDNS sounds better than using some proxy software on your PC ..... what happens if your PC breaks ? You want to minimise easily avoidable SPOF's and excessive management time. Plus if you go the PC control route, and they find that out, it's going to be their primary attack target !

As for equipment ? Panasonic Toughbooks are probably just about teenager proof !


Gertrude the Wombat 2nd May 2012 16:31


For much greater control, configure the laptops to use OpenDNS as their DNS servers.
Anything that relies on configuration on the laptops will of course be subverted by any teenagers who are sufficiently not-lazy that they can be bothered to do it.

My kids know that in theory I can look at the router logs to see what they've been doing, and that in theory I can block their internet access. In practice the only time I ever have completely disconnected them was when they allowed viruses into my network ... which hasn't happened for many years now.

probes 2nd May 2012 16:44

Dunno much about the complicated things, but it's said (and many parents think it's true, years of teacher-experience confirm it) - don't give them anything they can hide in their room with. Seriously. Unless it's a book.

Saab Dastard 2nd May 2012 16:53


Anything that relies on configuration on the laptops will of course be subverted by any teenagers who are sufficiently not-lazy that they can be bothered to do it.
GTW, not if they can't log on as an administrator, and can't boot from USB / DVD as I mentioned.


Above all, make sure their accounts are User-level only and set a BIOS access password on the laptops (and if necessary a power-on password), so that if you want to block booting from Optical / USB drives it won't be (easily) bypassed.
SD

Mike-Bracknell 2nd May 2012 17:23

Set the DNS that's distributed by the router's DHCP to be OpenDNS, and block in the router the use of any other DNS servers but theirs (tcp port 53). Then go to OpenDNS's website and create an account for your site and set it up so that you can control what's passed or denied. You might be able to get it to notify you when they go looking for malicious stuff too.

That way, all you need to do is to ensure you hide the router connection details from your ISP and password protect your router, and there's nothing they can do about it.

Simples :ok:

Milo Minderbinder 2nd May 2012 21:05

You're all missing something

The normal openDNS servers at
208.67.222.222
208.67.220.220
are only filtered for bots / malware /phishing - not for porn or other undesirables.


If you want to make the browsing "family safe" then use their "family shield" servers at
208.67.222.123
208.67.220.123
Set those as your DNS servers - either on the router (if you want to protect the whole network) or just on the kids machines (if you want to be able to see the mucky stuff on your old machine
One point though - whichever way you go, make sure the kids can't change it back. Password out the router access, and only let the kids have access to a limited user account on the PC so they can't change the network settings

its also worth taking a look at the Microsoft Family Safety app - part of the Windows Live suite (though that can drive you mad with the number of requests it makes)

mixture 2nd May 2012 21:45


and only let the kids have access to a limited user account on the PC so they can't change the network settings
How do you stop them setting up a proxy in the browsers ? (I know you can group policy out IE, but what about insert_your_preferred_browser_here)

Milo Minderbinder 2nd May 2012 22:00

not something I've ever needed to play with much, but I assume you mean install proxy software on the local machine? If they only have a limited user account they won't be able to install it.
If you mean use an external proxy, then either block it through the HOSTS file, make the site untrusted, or block it through the router firewall
Of course identifying it first is the problem......

mixture 2nd May 2012 22:03


but I assume you mean install proxy software on the local machine?
Erm no.... I mean a kind soul operating a proxy out on the inter web on ports 80 or 443 .... stick that in Preferences -> Proxies of the browser of your choice... and there you go ..... browsing freedom regained.

Saab Dastard 2nd May 2012 22:08


The normal openDNS servers at
208.67.222.222
208.67.220.220
are only filtered for bots / malware /phishing - not for porn or other undesirables.
Milo,

This is simply not the case. Can I suggest that you visit OpenDNS and find out? You do need to subscribe, but this is free. Believe me, it is possible to do a great deal more than you state.


I mean a kind soul operating a proxy out on the inter web on ports 80 or 443 .... stick that in Preferences -> Proxies of the browser of your choice... and there you go ..... browsing freedom regained.
Interestingly, Proxy/Anonymizer is one of the categories of sites that OpenDNS can block, although I guess that entering one into the browser as an IP address might circumvent this.

SD

Saab Dastard 2nd May 2012 22:11

And another thing I just remembered - you can set Google to "safe" or "moderate" search settings, and password protect it - this needs to be done for each browser, but affects all users of the computer.

SD

Milo Minderbinder 2nd May 2012 22:20

Mxture
As I said, I've never had to do it, but a quick Google finds

for IE
Disable changing proxy settings

for Firefox
Chris Ilias’ Blog : Locking Mozilla Firefox Settings

I'm sure it must be possible to find similar for the other browsers
Got any better ideas?

Milo Minderbinder 2nd May 2012 22:24

Saab
when you say "sign up" do you mean to their "family shield" project? Those are the very servers that I listed - you can access them without signing up

You CAN do more by using their "normal" servers but (at least the last time I looked) you needed to install some of their software and thats just another layer of complexity you don't need
Plugging in the two "family shield" servers addresses into your DNS resolution "just works"

Saab Dastard 2nd May 2012 22:29


but from memory to do that you need to intall their software (or did last time I looked)
Well you certainly haven't had to do that for the last 3 years! No software installed on any PC, either to configure or use it.

I initially had the family ones installed, but found that they were too restrictive. The configurable ones give you 56 categories to allow / block, plus at least 15 or 20 domains you can add as exceptions for the free subscription, increasing to many more if you pay.

SD

Milo Minderbinder 2nd May 2012 22:34

Saab
can I ask you to check which of the two pairs of servers you are using?

Saab Dastard 2nd May 2012 22:37

208.67.222.222
208.67.220.220

SD

Milo Minderbinder 2nd May 2012 22:50

Saab
OK, I see what you mean now. Things have changed a bit there
However I'd still maintain that for the average home user, just plugging those alternate server addresses in is the easier options


All times are GMT. The time now is 18:02.


Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.