Network Security and Family Safety

Posted on by jonn

As the internet becomes more ingrained in life and children are using it earlier and earlier, it is that much more important to be able to keep them safe. There are a number of ways to do this and some work better than others.

If you have a limited number of devices and don’t have friends or relatives over much, it might be more cost effective to have an app like MobSafety Ranger Browser, SecureTeen or Qustodio installed. But, if you have a large number of devices or are concerned about friends coming over with insecure devices, our solution provides whole network protection. Any device that connects to your network will automatically be protected. And of course, it won’t hurt to have something installed on a device and have your network secured as well.

This document will describe what we at Tech Rescue currently do to attempt to help keep your network safe for you and your kids.

There are three main components to our setup, an external DNS server, a network controller and an internal DNS server. We recommend setting up all three, but it is possible to get by on just one or two of them.

DNS stands for Domain Name Server. You can think of it as the internet’s phone book. When someone types “google.com” into the browser, the computer goes to it’s DNS server to find the numerical address that google.com points to. Without DNS, you would have to know the IP address of every web site that you wanted to visit and some would not work even if you did know the correct address.

The First Component

The absolute minimum should be an external DNS server. We usually create an account on OpenDNS.com for that. A home account is free and it gives you the ability to block specific websites (like playboy.com) or general categories (like pornography). With this in place, someone going to a restricted location will get an error page telling them that it is blocked.

Once the account is created and your settings determined, the DNS settings on your modem will need to be changed. Unfortunately, Comcast makes it very difficult to do this and more recently impossible. It is possible to do it manually on each machine though, or you can get the next piece of our setup. You will also need to run a little program on one device that will tell OpenDNS when your internet service provider changes your IP address.

The Second Component:

We custom build a network control appliance that runs router software becoming the brain of your network. Among other things, It takes over the local device address management, runs a firewall to help keep intruders out and can block known bad email attachments. But, perhaps the the most important two things it does is to allow the DNS change to be made once and cover all devices connected to your network (including friends coming over) and it prevents a smart kid from changing their own DNS settings and allowing them to bypass the security and get to the blocked content. This device can also restrict certain device access during specific times of day.

We build a low power, inexpensive computer that costs about $250 for the hardware and about $110 for our time to put it together and set it up at your location. If you need wireless access, we usually have to have another device to supply that. They run anywhere from $100 to $150 for a good one or you can sometimes find them cheaper.

The Third Component:

Many client sites initially didn’t want this last piece of our network builds because of it appears to be redundant at first. But, having a local DNS server can be very helpful in both speeding up your internet name lookups and blocking unwanted intrusions from “drive-by advertising” We have two main systems for this. If you have a small number of devices, we use a Raspberry Pi machine that costs around $50 or if you have a larger number of devices, we use the same hardware that runs our network appliance in component two, at around $150. Usually if you have more than five or six devices, we suggest getting the bigger system.

Final words:

As always, feel free to contact us with any questions. We usually charge about $220 plus the cost of hardware for this type of install. Or, if you are a little bit technical and would like a challenge, we can give you some more information about how to do it yourself.

Total estimated costs:

One Component system:
Potentially Free. Some ISPs like Comcast have modems that don’t allow DNS changes, so another device might be required.

Two Component system:
$510 with Wifi Access Point or $360 without.

Three Component system:
$670 for the two components above, WiFi AP and smaller local DNS machine
$770 for the two components above, WiFi AP and larger local DNS machine

Leave a Reply

Your email address will not be published. Required fields are marked *