Skip to main content

How to make internet browsing family safe

This post covers a couple methods you can use to implement safer internet browsing for your family. As usual I'm not going into too much details, just providing you with high level pointers. It is yours to find out details by yourself.

First thing you would need is to disable the ability to recognize malicious hosts, or hosts that provide contents you do not want to see. For every website you visit, your browser makes a request to one or more DNS servers, typically your ISP's DNS servers, to resolve website hostname into an internet addressable address called "IP address". That IP address is the address of the host that serves the contents of the website. Without knowing this IP, your browser cannot reach the website. So the idea is to limit your browser to recognize safe websites only. How you'd do that? Simple answer, use OpenDNS's DNS servers rather than your ISP's. OpenDNS's servers would limit name resolution to only safe websites. Their list of unsafe websites is community sourced and fairly reliable.

So go ahead and setup a free account with OpenDNS service. They will tell you their DNS IPs for eg. 208.67.222.123 and 208.67.220.123. Then, open up your router's configuration web gui, and setup those DNS IPs, so that your router would use OpenDNS servers rather than your ISP's DNS servers.

Disconnect your PCs and devices from the router and reconnect those so that they request updated DNS settings via DHCP. Now all devices you reset should be using OpenDNS name servers rather than your ISPs'. They will all be safer now. But that is not just it.

Next, you want to add firewall rules in your router to block access to all other DNS servers except OpenDNS's so that no user on your network could override their DNS settings locally on their system. What you want to do is to allow access to port 53 TCP and UDP of each of OpenDNS IPs. Next, you want to disallow access to outgoing port 53 (TCP and UDP) to all other servers. Steps to do that will depend on your router's make and model.

For AC750 (Archer C2), I am attaching screenshots to give you idea on how the target and rules would look like. You need two targets for the OpenDNS IPs and a Generic (catchall) type target with specified port.
Once the three targets are setup correctly, the rules would look something like this:

As added measure, you can use pfSense firewall and add Captive Portal. This will give you ability to control internet access timings. You can even print time-limit designated vouchers and award them to kiddos when they do chores successfully. They would then be able to use vouchers to login and get internet access for a certain duration. If there is an interest in that - I can do a couple posts to show how to do that.

Have fun, and stay safe!
Disclaimer: If you follow the information here, there is no warranty, I am not liable if it deletes your data, gets you hacked, burns your house down or anything else. If you follow the information contained here you do so entirely at your own risk.  My views and opinions are my own and not necessarily represent the views of my current or former employers.

© Raheel Hameed and www.raheelhameed.com, 2017. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to author and this website with appropriate and specific direction to the original content.

Comments

Popular posts from this blog

Recovery: Your PC/Device needs to be repaired

If you see this message when you boot your Windows 10, there is something you can do to fix. Read below. "Recovery Your PC/Device needs to be repaired Error code: 0xc0000225" All it is saying is that system startup boot information is somehow messed up. But it is an easy fix. You need a Windows 10 installation media or Recovery media. Boot from the media you have. Then navigate to Troubleshoot, and then choose Advanced, and then Command Prompt. At prompt, change current directory to: cd c:\ Then run these commands one by one to repair your boot sequence: bootrec /fixboot bootrec /fixmbr bootrec /rebuildbcd During these steps it may ask you if a particular Windows partition is the right one to boot into, choose yes if it is. Remove your recovery media, and reboot your computer. It should boot fine.

Using XPerf

XPerf comes with Windows SDK. You can get it from MSFT website. During installation there is an option to install just the performance tools should you want only perf tools and not the whole SDK. To collect a trace from administrator command line: Begin your workload. xperf -on base+cswitch+power -stackwalk Profile -f c:\kernel.etl  Let the workload execute for a while. xperf -stop  If you have previously created c:\merged.etl, delete it. xperf -merge c:\kernel.etl c:\merged.etl  Now, before you can view your trace in UI, setup your symbol path: set _NT_SYMBOL_PATH=<path to PDB files>  You should now be all set to launch the viewer: xperf c:\merged.etl (this launches the viewer)  On the UI, there are several different type of graphs for various measurements. From inside the Graph menu, you can enable these views: CPU Usage by Process. CPU Sampling by CPU. Stack Counts by type. Happy XPerf-ing!

Backup and Restore SVN Repository

SVN provides a simple way to backup or export SVN repository along with modification history. To export repository located at /mnt/svn/branches to a file "dump_file", you would write: svnadmin dump --incremental --deltas /mnt/svn/branches >~/dump_file On the other SVN server, you can restore the entire repository along with the modification history by doing this: svnadmin create --pre-1.6-compatible /mnt/svn/branches svnadmin load /mnt/svn/branches <~/dump_file The first line will create a new empty repository. You can remove --pre-1.6-compatible flag if you like. It's needed only if you want to make your repository compatible with previous versions of SVN. The second line restores your repository from "dump_file". Hurray! Now you can move your SVN repository to the other server without loosing your change history.