5

So I am trying to filter out adult content (porn, mainly) from the users on my home computers. I have read several other answers, but they seem to be pretty simplistic. I'm a tech geek, so I know all about OpenDNS as the "best" solution. The problem is that when you have hackers in your house (as I do), then they can just set their own computer's DNS to be Google's and get around it. So, what is a really good strategy to filter our bad content from home computers (Mac and Windows)? If you work in corporate IT, what strategies do your companies employ?

Thanks!

EDIT:

As suggested by @OldWolf down below, here is a good thread covering this on OpenDNS.com

Improve this question
1
  • Thanks so far for the answers, they're really great. However, can I get a comment on why it was downvoted? Too subjective?
    – daveslab
    Commented Oct 17, 2011 at 2:32

3 Answers 3

Reset to default
4

If you need that level of hard to bypass security, you need something a little more than a basic router - get a spare system, install something like untangle - basically a good router/firewall distro and force everything through that. There used to be an option to run it as a re router (that is to say, on a system with only one NIC, and having it inside the network) but that seems depreciated.

You can then set up a web filter and/or force everything through a proxy server (the advantage of this, is that your users can't use another proxy server to bypass it)

Unlike opendns, and other options, having a firewall to content filter cannot be bypassed easily

Improve this answer
0
3

Anytime, you allow someone to run as administrator on a computer you allow them to change IP settings. I would first restrict their user account to a standard user and disallow a standard user the ability to change the IP setting. This can be done is Windows I know for sure but I, thankfully, have no experience with OS X. I would still use OpenDNS for other computers that come into the house including XBox, Wii and other gaming consoles.

The second thing I would do is to install a filter onto the computer that does what OpenDNS does called Covenant Eyes or Safe Eyes. Both of these programs are quite difficult to bypass. Even if they get an admin account, they will need a password to uninstall it.

The last thing I would do, is after talking with your kids or roommates, depending on your arrangement is to tell them that their computers are blacklisted from the router if they continue looking at this smut. If you don't own the computers than this is the best option. It is better they cannot get onto the internet than do things on it that are harmful to themselves.

Improve this answer
1
  • 1
    I agree. The most you can do is threaten to ban them off your router and make sure they do not have physical access to the router.
    – surfasb
    Commented Oct 17, 2011 at 11:03
2

Presuming you're interested in OpenDNS but concerned about someone changing DNS settings locally. If you control the router, depending on the model and firmware, you can intercept the DNS port and force them to OpenDNS regardless of what they put in their local DNS. This will still not prevent them from looking up the IP through another service and typing in the host by IP, but it will take care of the simpler case. There are a large number of how-to's on the OpenDNS site depending on your router. See rotblitz's Apr 10th 2009 post here

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .