In the many posts of this blog, I’ve covered a lot of ground. I’ve attempted to explain content filtering, and its many types. I’ve tried to explain some of the background technologies involved in networking, security, and computing that would help you ultimately understand content filtering. And I’ve blathered on about stuff that I find fascinating. Today’s post will be rather simple, and rather specific. It will answer a question that came in as a result of the last post.

Man-on-ladder-writing-on-blackboard-300x300

Where do I begin? How do I start? Help!

Sometimes people describe things in avid and lurid detail, because that’s how they see the world. A lot of time, this is referred to not seeing the forest for the trees. As a supreme nerd dork dweeb, I am particularly guilty of this. This post is a departing from this trend, and will be highly practical.

The question that came across my path was from a mother who basically asked where to start. This post is for you.

legal-disclaimer

First, the Disclaimers

I am targeting Windows-based computers with this post. All you IOS / Macintosh / Android users are out of luck. Take what you can from this.

I am going to focus on one specific technology, or approach to filtering. You know from previous posts (if you’ve been reading them, that is) that there are many different ways to protect a computer. I will focus on one technology – that being client-based filtering. This solution involved installing a program on a computer.

There are also myriad products out there. PC Magazine has a rather excellent article out there that lists many of the most common products on the market, with a review, pros and cons for each. For this post, I am focusing on the Symantec product.

001

Why I chose Symantec is rather simple – I needed antivirus on several of my home computers, and Symantec offered this, along with content filtering, at a flat cost. There are pros to this solution, as well as cons. In the interest of time, I won’t dig into these. I chose this product. Do with this information what you will.

Defense In Depth

Another disclaimer, here. It is worth noting that there is no one single foolproof method for content filtering. Each product, technology and solution has its strengths and weaknesses – ways around them. That is why security professionals recommend a fancy term called Defense in Depth, which means implementing multiple layers of defense within your computer systems. With enough different security (or content filtering) controls in place, you greatly enhance your chances of success. I personally implement several different technologies in this regard – but everyone starts somewhere, and that first step usually involves a client-based solution like the one we’re discussing.

70080750Drop the Cash

First, you obviously have to choose and buy a product. Let’s assume  you have done so, and are ready to install and configure. Symantec makes this a breeze, with this article. A summary includes creating a master account, and tying it to your email address. Once that is done, you log into their portal, and create user profiles (called “children”). Each of these profiles / users / children have their own specific settings and filters. In my household, I have a separate account for each of my teenagers, a generic account for the rest of the kids (called “Littles”, in a nod to the 80’s cartoon of which I have fond memories), and an account for us adults. You really need a profile for everyone in your household – either shared, or individual.

Access Control 101

The technical term here is called Access Control. Wikipedia defines this as such:

accesscontrol

fingerprint-door-access-controlAccess control is a fancy word for allowing (or controlling) access to something. In this case, we want Access Control for the Internet. It is worth noting here that Access Control can become as complex or simple as you want it to. You may have a computer in the living room that has one user account, and is always on, and is always logged in. In this scenario, one profile may suffice. Or you may have three computers – one in the living room that auto logs on for everyone to use, and a laptop for your teenager, and an old clunky machine in the basement that is used for gaming. You could use one profile and apply it to all three machines, meaning that it’s one set of rules for all computers. Or you could have one computer in the house, and on that computer there are three different computer accounts – one for Grandpa, one for Mommy, and one for Little Junior. If you created one profile in Symantec, the same rule set would apply to all the users who log on. Or you could create three separate user profiles, and assign those profiles to different logins.

Does this make sense? When you create a profile, or child in Symantec terms, you are creating a set of rules. You will apply that set of rules to someone, on something. I’ll shut up and move on.

Installing the Software

004Well this is pretty simple. Install it. Botta bing. It’s worth noting that if you want to use the service on a device, you have to download and install the software on that device. Right? The Symantec “getting started” guide helps with this. Options for this product are to install on a Windows computer, install on an Android device (phone or tablet), or install on an IOS device (ipad, iphone, etc.).

When you install the software on your computer, it will want you to log into the service with your username and password. It will then list specific user accounts that exist on this computer / device, and ask you to tie each user to a profile. This goes back to access control. In my case, the grownups get tied to the adults profile. Teenager One’s user account gets tied to their specific profile. Teenager Two’s user account gets tied to their specific profile.

Important Notes

Access Control is pointless if you don’t enforce it. What I mean by this is if you create a profile for the kids, and block all the naughty stuff on that profile, and tie that profile to the kid’s computer account, it will do you no good at all if you leave the unprotected grownup user account logged on all the time. It’s specific here. If you have different profiles / rule sets, you must be disciplined to log on and off when you are at the computer. Otherwise, there is no guarantee that the kids are actually using the Kids profile. Does that make sense? The way around this is simple – create one profile, used by everyone, on all devices. But if you want your teenagers to have access to gaming sites, and the little ones to NOT have access to those sites, you would have two different profiles, and make sure the older kids actually log off – or the little ones may access those gaming sites.

I’ll also be clear here – EVERYONE IN THE HOUSE NEEDS A PROFILE. This goes for the parents, too. Don’t leave any device in the house free from a profile and protection. It’s worth noting that if you are accessing smut on a computer, it leaves residue behind that could (and often does) reach other people. When you partake of the dark side of the Internet, you are at a much higher risk for getting malware / viruses that can provide smutty popups for anyone on that machine. There are also cookies, cached pictures, etc. that are left behind each time you dip your toe into the smut pool. Not even anonymous browsing is a guarantee of safety in this regard. Own up here – block the smut for everyone, parents included. ‘Nuff said.

002So once you have installed the software on a device, and tied the logins to your profiles, you can configure the settings for each profile, from the Symantec web portal that you are logged into. This is a two-part process. First you define the services you want to use for each profile. Web Supervision (content filtering) is a no brainer for everyone. Also, Search Supervision (which prevents limits things such as Google Image Search). Other features may (or may not) be available, depending on the type of device you have installed the software on. For example, you can’t limit text messages on a computer – but could, on an Android phone.

And finally, you can drill into specific details for each of the services. This is where you can define web search categories that are off limits. I used the example of gaming, but it could really cover just about anything. The older kid profiles may need access to gaming sites that are off limits to the younger kids. Again, I’ll reiterate that you should block certain categories such as Porn and Web Proxies (a method for getting around your security measures) for everyone. But knock yourself out here.

003

And Finally

51NA2VEA4BLSymantec recommends in their tutorial (and I highly agree) that you need to discuss this with your family. How about a nice family meeting, where you talk to the kids about what you’ve implemented, and why? They should understand why you are doing this. This would also be an excellent time to discuss with your younger kids what to do when (not if) they ever come across junk on the Internet. Remember – you are responsible for your kids, but don’t have total control over other kids. This is a sad reality. A good book to go through with your kids is Good Pictures Bad Pictures by Kristen Jenson. In this sensitive area, you need to have open lines of communications within your family. Don’t let anyone in your home feel trapped alone in the confusion, guilt and shame of hidden porn addiction.

I hope that you have found this article helpful. Note that I don’t work for, or benefit from, Symantec. I chose this product – with its limitations and benefits – for reasons that are my own. Choose whatever product you wish. And as always, feel free to reach out to me with any questions, corrections, etc.

Advertisements