Need some help on network security (Home)

[HyperTension]

Agh.. where to begin.....


My daughter has her computer (8years old) and I've been using KIS 2010, (always updated), with parental controls enabled (child) and FF with WOT, and there has not been any issues.


Until last week. Short story, she became click happy via google (usually searches for Hanna Montana, Jonas Brothers etc) and somehow gained access to some XXX sites, and never mentioned a word of it to us.... until she went to school the next day and told some friends. Friends told the teacher, teacher told the school counselor, counselor called me while I'm en route from being called into work (RN, Open Heart Recovery) for somebody whose day was worse than mine (perception changed after my chat with the counselor).

Initially didn't believe her, until I pulled up the history, and behold..... The process was basically she clicked on stuff, those sites (total of 3) appeared. She only looked at the intro page, and tried to again.

Virus scan is clean (well, nothing detected).

What can I do to lock this thing down within reason. She feels really bad, and I'd prefer the software to be running in the background to maintain trust / responsibility. I have no problems with changing settings via router or via her PC.

Internet: Comcast
Router: TEW-633GR

Her Computer:
P4 @ 2GHz
512 DDR
Windows XP Pro (SP3)
KIS 2010
Intel 10/100 NIC

Any help, tips, recommendations are more than appreciated in advance.
Connection: Wireless

 

[PTNL]

Least expensive approach would probably be an app running on her machine. Other than that, it would be replacing your router with something that offers content filtering by machine/MAC (Sonicwall or a dedicated box with a Linux distros perhaps).

 

[marley1]

have you tried K9? Maybe K9 and OpenDNS

 

[HyperTension]

I have no trouble with installing an app on her machine.

Beyond that, I'm more of a hardware nerd vs. filtering software (K9 / OpenDNS). I have no issues with learning though

I have a AMD Opty 175 with ram, PSU, a left over 7800GT that I could create another PC with... but what would the next step be?

 

[YeOldeStonecat]

2x of many solutions for you, both of these are FREE.

Microsoft Family Safety
http://download.live.com/familysafety

OpenDNS
http://www.opendns.com/

With OpenDNS you set their DNS servers into your routers settings, instead of by default having your router pickup your ISPs DNS servers. For Free you can sign up for their content filtering.

 

[djBon2112]

I've got a better idea. Your daughter is 8. Sure, she's young, but she's already seen what porn is. I think it's time you had a chat with her about it, what it is (if you haven't had the "birds and the bees" talk just say it's something adults do that kids shouldn't see), and let her know that you don't approve of it and don't want her going there again. Again, she's an 8-year old girl, so she's not exactly going to be seeking it out like, say, a young boy, and you did say she felt bad about it. Definitely keep the security you've got, but there's no reason to go nuts here.

 

[HyperTension]

I've got a better idea. Your daughter is 8. Sure, she's young, but she's already seen what porn is. I think it's time you had a chat with her about it, what it is (if you haven't had the "birds and the bees" talk just say it's something adults do that kids shouldn't see), and let her know that you don't approve of it and don't want her going there again. Again, she's an 8-year old girl, so she's not exactly going to be seeking it out like, say, a young boy, and you did say she felt bad about it. Definitely keep the security you've got, but there's no reason to go nuts here.

That topic covered within reason for this event. My biggest concern is that "there is always something worse", and it's just a click away

 

[Concentric]

Or just discuss it with her (maybe include the teacher/counselor since they seem so involved..?)

I genuinely think these issues require social, not technical, solutions. She might respect you more too, if you explain to her why she shouldn't and then trust her.

Or just have her use it when you'r around to supervise.


Edit: djBon2112 got there first!

 

[TechieSooner]

2x of many solutions for you, both of these are FREE.

Microsoft Family Safety
http://download.live.com/familysafety

OpenDNS
http://www.opendns.com/

X2, exactly what I was going to suggest myself.
OpenDNS is great... You can think of it as "hardware level" and unless she knows the IP addresses of those porn sites, it'll get filtered out. If you create an account and add your network, you can even block/allow particular websites.

And obviously the Microsoft tools add software filtering.

Beyond that, if you have an old PC to stick after the gateway, you can install Untangle on it. It'll run transparently on the network (IE, no port forwarding nonsense needed) and filter out stuff you specify.

 

[capnstabn]

Juniper SSG5 with websense off ebay!

 

[powertower]

It's probably malware, not a virus. download "malwarebytes" and update then run a scan. I think some routers today come with parental control built into their firmware. Maybe grab one and configure it to your taste.

 

[djBon2112]

That topic covered within reason for this event. My biggest concern is that "there is always something worse", and it's just a click away

Fair enough.

 

[Keiichi]

The least expensive approach would be to supervise her computer time. There is no substitute for actual supervision.

 

[TechieSooner]

The least expensive approach would be to supervise her computer time. There is no substitute for actual supervision.

Both of these solutions were free and would require less time to implement than supervising her the rest of her life, so how exactly is supervising her the least expensive approach?

Microsoft Family Safety
http://download.live.com/familysafety

OpenDNS
http://www.opendns.com/

OP already said he's had a talk with her. Sounds like he's doing as much as anyone could expect... He just wants an additional level of protection to keep his kid from seeing stuff she shouldn't be seeing.

 

[AMD_RULES]

X2342340982304982340283402938402394823 on OpenDNS

The easiest solution would be to install some sort of software on her machine. I'd go with some sort of Linux based firewall like smoothwall if you really wanna go on "lock-down."

 

[mattjw916]

Don't let your daughter surf the web unattended.

 

[TechieSooner]

What can I do to lock this thing down within reason. She feels really bad, and I'd prefer the software to be running in the background to maintain trust / responsibility. I have no problems with changing settings via router or via her PC.

Don't let your daughter surf the web unattended.

Um yea, these suggestions are all very helpful to the OP

 

[Keiichi]

Both of these solutions were free and would require less time to implement than supervising her the rest of her life, so how exactly is supervising her the least expensive approach?

Those options will only work to a point. There will always be a way to get to places where you shouldn't be. Long story short you shouldn't depend on a third party to replace good parenting. The established "parental controls" already costed the OP by being called in by a school counselor. I'm not saying that the OP should supervise her computer time forever (although I'm pretty sure most dads would love to do that ) I think it's in the best interest to supervise the kid's computer time now, so that there is some sort of communication going on. Then later on after the kid where to go and where not to go, then don't supervise as much. Build a trust/relationship and responsibility with your kid, not with your equipment.

And anyway those things don't necessarily protect against chat rooms and social networking sites, which is where the real trouble/fun starts.

 

[AMD_RULES]

pfSense is a popular linux distro used for firewalls... requirements are nothing

 

[TechieSooner]

The established "parental controls" already costed the OP by being called in by a school counselor.

And he had a talk with his daughter. You act like he just ignores it...
He says right there in his OP that his daughter feels bad, so she knows she's done wrong. He's got a handle on it.

His solution in place didn't work. So now he's looking for something better.

How are EITHER ONE of those things bad parenting in any way whatsoever? I applaud him for taking action.

 

[mattjw916]

Those options will only work to a point. There will always be a way to get to places where you shouldn't be. Long story short you shouldn't depend on a third party to replace good parenting.

^^This. A child that young should never be running around on the interwebs without a parent standing over them. Software helps but nothing is foolproof.

 

[Keiichi]

And he had a talk with his daughter. You act like he just ignores it...
He says right there in his OP that his daughter feels bad, so she knows she's done wrong.

It would be different he the OP had found out from his daughter directly, but he only found out from a school official who was told by the friends of the daughter. At least the kid's friends knew enough to tell someone.

Without those friends knowing enough to tell someone, then we wouldn't be having this conversation and everything would be status quo and the kid would may or may not be surfing the naughty stuff. One thing is for sure though, the OP wouldn't know about it.

 

[Valnar]

2x of many solutions for you, both of these are FREE.

Microsoft Family Safety
http://download.live.com/familysafety

OpenDNS
http://www.opendns.com/

With OpenDNS you set their DNS servers into your routers settings, instead of by default having your router pickup your ISPs DNS servers. For Free you can sign up for their content filtering.

This is the best recommendation, especially if it's just one PC. If you have multiple PC's, or don't want to install parental filtering on your other PC's, load up Untangle on a spare computer and put it behind your firewall in transparent bridge mode.

An 8 year old girl's curiosity would be squelched enough by the software filtering. An 8 year old boy?....well, Untangle is probably safer. They can be resourceful when determined.

 

[TechieSooner]

It would be different he the OP had found out from his daughter directly, but he only found out from a school official who was told by the friends of the daughter. At least the kid's friends knew enough to tell someone.

I give up. I don't care if it's an 8 year old girl or a 40 year old woman... People do stuff on your network that you're not aware of. That's all there is to it.

All you can do is explain the expectations, minimize the chances they'll actually do it via some form of filtering, and correct any issues that arise out of it.

I guarantee you in most every corporate network in America, including mine, there's someone getting away with something that nobody knows about: intentional or not.

An 8 year old girl's curiosity would be squelched enough by the software filtering. An 8 year old boy?....well, Untangle is probably safer. They can be resourceful when determined.

Kids nowadays get around everything... It's amazing, really. GPO objects protect the client machine but there's only so much you can do to protect what they can do online (short of implementing a whitelist... Which I've actually done before).

 

[djBon2112]

pfSense is a popular linux distro used for firewalls... requirements are nothing

pfSense is BSD, but close.

 

[Valnar]

pfSense is a good firewall, but I'm not sure how it helps the OP's filtering requirements.

 

[calvinj]

I'll stand with anybody here who has recommended opendns. Simple setup. Nothing to install. She'll never know the difference. Turn it on. Block the things you don't want her seeing, log it and watch it work.

This here gives you the trust aspect that you want and the ability to watch like you should as a parent and also gives her some "freedom" if you will to be responsible with the computer. You shouldn't need anything else. Pfsense, Untangle, and etc. Wouldn't worry about it at this point. NOW if the problem persists and you find that she is looking at porn this is where something like pfsense or untangle could easily come into play

 

[keenan]

pfSense is a good firewall, but I'm not sure how it helps the OP's filtering requirements.

Squidguard, or at least it will let you force OpenDNS or something similar in a way that is difficult to circumvent, which isn't really possible with most consumer equipment. Just starting with a plain OpenDNS setup is probably going to serve you well though. Easy and doesn't require any change to the setup or hardware.

 

[TechieSooner]

pfSense is a good firewall, but I'm not sure how it helps the OP's filtering requirements.

Untangle is just the #1 easiest to use and setup distro, in all reality. Smoothwall, pfSense, etc.... They can all serve a purpose but I think that purpose is in bigger organizations where you more routinely have one device serving one purpose. Untangle is a complete all in one package.

This here gives you the trust aspect that you want and the ability to watch like you should as a parent and also gives her some "freedom" if you will to be responsible with the computer. You shouldn't need anything else. Pfsense, Untangle, and etc. Wouldn't worry about it at this point. NOW if the problem persists and you find that she is looking at porn this is where something like pfsense or untangle could easily come into play

Good point... Start with OpenDNS (reuqires 10 minutes of time, if that) and if you still have a problem or want more, then you could lookat doing Untangle.
OpenDNS isn't foolproof though, obscure domain names, IP addresses (usually linked from malicious source like spam or another website), these things it won't help against. But for 95% of web browsing it's great.

 

[entropism]

What about something like WOT, combined with a porn site filtering hosts file?

http://hostsfile.org/hosts.html

WOT has a nice degree of parental control filtering built in, and you set the password to disable it. In fact, WOT, with the hosts file, and openDNS might be all the security you need. I'm also in the camp that she shouldn't be on the net unsupervised, but that's my opinion.

 

[calvinj]

Good point... Start with OpenDNS (reuqires 10 minutes of time, if that) and if you still have a problem or want more, then you could look at doing Untangle.

Again this just sums it up. Start Simple and work your way up the chain of goodies you can do to protect your network / computers / kids / etc