Child Safety: How To Set Your Own Parental Controls

In previous posts I’ve made mention of the Australian government’s attempt to introduce mandatory, countrywide censoring of the Internet, not at all dissimilar in scope and effect to the oppressive restrictions which pertain in countries such as Communist China.

Although those plans to apply compulsory censoring to everyone have been overwhelmingly condemned by Australian Internet users, no reasonable person would claim there should be no control over the content that is accessible to children.The sensible position is that control should be in the hands of and managed by parents, guardians, schools and the like. But the usual objection to that policy is that it’s all too difficult, too technical, for the average parent to come to grips with.

In this article I’ll show you just how easy it is to apply your own filters to your home Internet connection. This very same technique is used by literally thousands of schools across America and around the world to protect students from dangerous, obnoxious or otherwise unwanted content.

In the process I’ll give you a few tips that will help protect your PC against infection by the many nasties that are always looking for an opening into your privacy.

Difficulty Level

This article is intended to alert readers to certain possibilities. Although there is enough information here to allow users who know their way around Windows to implement the project without further assistance, it is not a step-by-step tutorial. There just isn’t the space here to cover all the nuances of the various versions and possible configurations of Windows XP and Windows Vista. However, it is quite a simple project to implement even if you do need to engage in a little research to figure out how to access certain settings.

And speaking of research, always keep in mind that “Google is your friend”. The Google search engine’s ability to find information highly relevant to what you’re looking for is quite incredible, and it gets better all the time.

What You Will Need

Just two things; one of them is free and the other dirt cheap.

I’ve said many times that if you never do anything else to protect your computer from hackers, viruses, worms and various other malware, the one thing you should do is install a router.

A typical wireless router

It’s an established fact that a new Windows computer with a broadband Internet connection will be probed by automated hacker-bots within minutes, and repeatedly probed ad infinitum. For maximum safety you really need other mechanisms as well, such as anti-virus and anti-spyware software, and a good software firewall, but a router is an excellent start.

A router is just a small fifty-dollar box that you plug your broadband modem and your computer(s) into, instead of plugging them into each other.

These days most Routers come with clear installation instructions and near-foolproof software to set them up. They really are no big deal to implement. Speak to any reputable dealer about a “4-port wireless router”.

The free component you need is a service called OpenDNS. Again, no complexity here — just browse to OpenDNS and sign up for a free account. But before you do, consider this…

Both the router and the OpenDNS service require you to nominate a password for access to configuration and settings. It is EXTREMELY IMPORTANT that in both cases you use long, complex, unguessable, uncrackable passwords — a different one in each case. These two passwords are what will prevent the minors in your care from circumventing the safeguards you will put in place.

And for some insight into creating and using strong passwords see my article: How to Choose Use and Recall Strong Passwords. However, contrary to the recommendations in that article, DO NOT store the passwords for the router or OpenDNS in Roboform. Write them down clearly and store that paper somewhere safe and secure — somewhere the children will never be able to get at them.

Oh, and there’s another advantage to the OpenDNS service. They have the capability to detect and block major malware attacks, before the vermin gets anywhere near your PC.

How Will It Work?

Now if you’re a technophobe, don’t let the following explanation or any of the terminology put you off. You can still implement your own customized in-house Internet filtering without understanding a word of this section. But read it anyway — you never know, it just might help.

Here we go…

Whenever you type a Website URL (e.g. www.playboy.com) into the address bar of your browser, a sequence of events takes place that is invisible to you, but critically important for the success of your request.

A message is sent from your PC to a special computer “out there” called a DNS server, where DNS stands for Domain Name System. The message tells the DNS server what domain it’s looking for and asks where to find it. After consulting its database of domain names the DNS server replies with the IP address of the requested domain. If you don’t know what an IP address is just consider it a complex number that uniquely identifies every Internet-connected device.

There’s no way around this process. The Internet doesn’t understand requests for something like “www.playboy.com”, it only understand IP addresses. So until an IP address is obtained from a DNS server, no request for a domain webpage can be satisfied.

There are many DNS servers “out there” and your Internet Service Provider (ISP) almost certainly has at least a couple that your system is configured to send such requests to.

Now, official DNS servers don’t discriminate; when asked for the IP address of a domain they provide it honestly and without question. Asked for the IP address of playboy.com the reply will be 208.67.216.131 (at the time of this writing anyway — IP addresses can change), and the home page of the Playboy website will be loaded into your browser.

But consider this…

What if inquisitive young Johnny Junior enters the Web address www.playboy.com, and the DNS server finds a note in its database that this domain is forbidden to the particular computer making the request (that is, your home PC). Then, instead of returning the real IP address of playboy.com, the DNS server returns something like this: http://208.67.219.135. It’s OK, go ahead and click that link.

Note: in a real-world scenario “example.com” will be replaced by the forbidden domain name, such as “playboy.com” in our example.

In other words, by configuring your local system to send DNS requests to a special DNS server, and by telling that DNS server what not to serve up to your browser, you can control what the computer users in your household will see.

Okay, sounds simple enough but…

How Do You Do It?

As you may have guessed by now, the OpenDNS service you signed up for earlier provides the special DNS server, and your account with that service allows you to stipulate what domains, or type of content, is to be blocked.

The other part of the setup is to change your local computer configuration so that it is the OpenDNS DNS server that is queried for IP addresses, rather than your ISP’s DNS server or some other.

In a home setup that DOESN’T have a router:

The IP addresses of the DNS servers to be used are stored in Windows. These Microsoft articles describe how to locate and set DNS values:

Windows XP – - – Windows Vista

In either case you want to “specify an IP address”, NOT “obtain an IP address automatically”.

The IP addresses you will specify are provided by OpenDNS, and are as follows:

208.67.222.222
208.67.220.220

In a home setup that DOES have a router:

The IP address of the DNS servers to be used will be stored in the router, and Windows will be configured to use the router settings. These Microsoft pages describe how to locate and configure the appropriate DNS settings in Windows:

Windows XP – - – Windows Vista

In either case you want to “obtain an IP address automatically”, NOT “specify an IP address”.

In this scenario you also need to configure the appropriate DNS IP addresses into the router. Whereas Windows only offers fields for two DNS addresses (more if you go into advanced settings), most router’s offer three fields. Once again, the IP addresses you will specify are provided by OpenDNS, and are as follows:

208.67.222.222
208.67.220.220
208.67.222.220

Special Considerations

From a security perspective it is a very bad idea for users to login to their computers with Administrative rights. People working away at computers on a day-to-day basis with Administrative rights is one of the reasons that malware does so much damage. There should be one Administrative account that is used only for configuration purposes. All users should login for their day-to-day computing activities with only a basic User account.

Now, this becomes important for another reason when your aim is to protect your children by implementing parental controls against undesirable Internet content. Here’s why:

If little Johnny Junior has Administrative rights there is nothing to stop him from entering any DNS IPs he likes into Windows’ configuration. Ordinary users can’t make such changes, but Administrators can. Regardless of his Windows user level he won’t be able to change DNS settings in your router (if you have one) because you will have protected that with a very strong password.

But if Junior changes the DNS settings in Windows from “obtain an IP address automatically” to “specify an IP address”, and then enters some DNS IPs that aren’t from the OpenDNS service, the Windows settings will take precedence over the router settings. Then Johnny is straight off to playboy.com, sex.com or anywhere else that catches his fancy.

Summary

As stated earlier, although this is a fairly simple project, you may need some help in particular areas.

• For help with purchasing a router I suggest you locate and consult with an honest and reliable retailer. Don’t expect a retail salesperson to have the breadth and depth of knowledge of an IT professional, but they should know their product line well and be able to advise you on a suitable make and model to meet your needs. Before handing over your money ask the sales person to prove to you that there is a public Support or Users Forum online for the brand he recommends.

• For help with configuring the router the best place is usually the manufacturers Support Desk or a Users Forum.

• For help with configuring OpenDNS, there is both a company-operated support department and a very useful Users Forum. Login to your account at OpenDNS and have a look around — its use is simple, obvious and self explanatory.

From both a security and a parental controls perspective, it may be worth your while to reconsider how each member of the household accesses computer resources, even to the extent of creating new User-level accounts, one for each person, deleting any old user accounts that had Administrative-level access, and applying a secret and secure password to the main Administrator account. The following URLs may be of some use in this endeavour.

Windows XP – - – Windows Vista

Warning

Is OpenDNS 100% effective?

Unfortunately, no it’s not. It’s just a fact of life that no blocking technology of this nature can be 100% effective. And the more effective you make a blocking technology, the harder it becomes to implement and maintain.

Keep in mind also that some of the best minds on the planet are constantly striving to find ways around the onerous censorship policies implemented by some communist and fascist-like governments, so there’ll likely always be some software or technique available that will be able to circumvent your parental controls.

OpenDNS strikes a convenient balance between effectiveness and ease of use, but it should not be assumed to give parents, teachers or others in a guardianship role such peace of mind that they no longer feel the need to actively monitor the online activities of their charges.