So I promised a good friend I’d get back on the blogging horse and finally cover this topic. I must confess, Pooky and I were on a roll in blogging. Then the holidays kicked in, and with it little flu germies ran rampant through the home like cloaked nerds at a Star Wars convention. Let’s recap some of the key technologies that got us to this point:
Simply stated, any computer that wants to talk to another computer needs to use an IP Address. An IP Address is the binary name for that computer. Never forget the secret to the Internet: When you go to a website, you are actually looking at files on another computer somewhere in the world, which you accessed by its IP Address.
This was one of my favorite blog posts, the romantic fireside scene fills me with teh lulz. That’s a fancy nerd way of saying it makes me lol. Oh man, sorry, how about this – it milk were in my mouth, it would squirt out my nose. DNS is done by some computers on the Internet that translate friendly names to IP Addresses. If you type http://www.google.com into your web browser, your computer uses DNS to determine that Google has an IP Address 184.108.40.206. Your computer then loads the website from that IP Address. All that takes place within a few milliseconds – Pretty impressive.
Four Main Methods to Content Filtering
- At the client: content filtering software like K9 or Net Nanny is installed on the computer and allows everything that you have not specifically blocked. This can cause lots of false positives when it blocks legitimate traffic. For example, K9 loves to attack Minecraft traffic, causing no end of grief for my kids. I’m not a fan of this method, I’ll explain why in more detail later on.
- At the proxy: a proxy server is a computer that stands for or represents another computer on the Internet. On a computer network, you would connect to the proxy server and the proxy would connect to the Internet for you. The proxy would pass on “good” traffic and drop “bad” traffic. Most companies use this approach with a dedicated content filter appliance such as Websense. We can get similar functionality out of our home router, for free, using key word blocking.
- At the gateway: using access lists (a list that determines whether or not you can access something), you can filter requests before they leave or return to your network. This could be done on your router, assuming that functionality is built into your router. I have a Verizon Fios router, which has this built in. I also have a Netgear router, which also has this feature built in. I’d wager that most home routers have this functionality – but when in doubt, google it.
- In the cloud: your computer attempts to connect to something out on the Internet (the cloud), and is routed through a proxy or guardian that determines whether or not the traffic comes back to you. This would include using OpenDNS – you send your DNS requests (hey OpenDNS – what is the IP for google.com?) and if the website you want an IP for fits a category that you have designated to block, OpenDNS redirects you to a “this site has been blocked” page.
You could put all your eggs in one basket, then crash and burn if that one method fails. I personally recommend combining at least two, if not three methods. Each method has its own pros and cons, and ways to circumvent. From my own experience, most companies utilize a proxy, and most home users utilize locally installed software. I will say that I’m not a fan of the locally installed software. You have to install filtering software on every single device, but software isn’t always available FOR every single device. Do you have a web enabled television or video game console? Good luck with blocking that. Little Billy’s best friend Barry comes over to visit and connects his iPod to your wireless? He has free reign. Little Suzie boots from a parasite drive, and can get anywhere on the Internet.
Sorry, I should define that one – A parasite drive is a bootable thumb drive or CD/DVD that runs an Operating System on top of your existing hardware, like a deer tick latched onto a young buck. It uses all your hardware while bypassing your locally installed Operating System – and without running any software you may have installed to filter content. This sneaky tactic was used to great effect by Edward Snowden to avoid online detection by the government who desperately wants to hang him out to dry for leaking all their nasty monitoring secrets.
So anyhow, this is a short post about the theory behind home content filtering. Next up – step by step directions on how to make it happen, starting with how to set up and tweak OpenDNS like a boss.