Friday, May 8, 2009

Protect and Serve

Protect and Serve

Got kids? Yeah? So… you have a firewall and antivirus and some kind of content filter on their PC so they can be safe right? Good luck with that.

Here’s a dose of reality for you – every 10 year old, yes even yours, knows how to bypass ALL that protection, and most can do it with out you ever finding out. Kids trade hacking secrets like we used to trade hockey cards. They share key-tools and decrypters passed on USB drives like passing notes in math class. If all the protection you have for them is sitting on a PC that they control, well, think about that for a minute……

OK, that minute’s over, now lets do something about it. There are some fantastic tools available to give you better control in an environment that you as a parent control. The easy path is to buy some retail software for $49 and install on their PC, but we already discussed where that leads. The more difficult, but more reliable way is to build a remote caching filter. This is a combination of hardware and software that sits between your family PC(s) and the internet, it intercepts every page and only passes on the ones that pass your rules, and you can build one for almost nothing.

Step 1: If you don’t have one already, get a router. Even if you don’t follow the rest of this, do yourself a favor and install a router. Linksys and D-Link make decent residential routers in the $100 range that will do everything you need. The router connects between the Cable/DSL Modem and your PC’s. Follow the boxed instructions to set this up, they are usually pretty straight forward.

Step 2: You will need a PC to act as a filtering server. This does not have to be anything huge, in fact, the one I used was a 5 year old P4 that was headed for recycling. It should have 512Mb of RAM or more, bit otherwise nearly any relatively new PC will do.

Step 3: Install Linux. You can download a free copy of CentOS-5 Linux from http://ftp.telus.net/pub/centos/5.3/isos/i386/CentOS-5.3-i386-bin-1of6.iso
This is a 640Mb download, so make sure you have the time and speed before you start. Download this to a different PC, then use whatever CD burning tools you have to burn this iso image to a disk. Place the disk in the new “server” PC and reboot. When the firs screen appears, type ‘linux text’ and press ENTER.
You can choose the defaults, or the obvious for most of the install questions, but when asked about packages and options, de-select everything including the optional packages. If you skip this, it will ask you for a CD you don’t have. Answer all the questions to the end then reboot. After the reboot, log in and run an ‘ifconfig’ and record the IP address – you will need it later.

Step 4: Get Squid. First, make sure your system is up to date by typing ‘yum update –y’ . Then ‘yum install squid –y’

Step 5: Get Dansguardian. Go to http://dansguardian.org/ and read over some of the docs so you understand what it does. Bookmark the page as you may need to come back here for configuration hints later. You can download the latest version from here: http://usmirror.dansguardian.org/downloads/2/ the instructions are pretty straight forward, follow them.

Step 6: Configure web browser proxy. Locate the communication settings for your web browser. In Internet Explorer is it in TOOLS > OPTIONS > CONNECTIONS. Find the PROXY settings and set the IP address to the address of the server you collected earlier. Set the port number to 8080. Now test your web browser with any site. If it works, then you can move on, if not, check to make sure Dansguardian is talking to Squid properly.

Step 7: Close other access with router. When you are able to connect to the internet through the proxy port, then you need to cut off all other access routes. Connect to the router and set the access rules so that the PCs you want to protect are blocked. This is usually done by IP address, so you will need to get these from the PCs you want to protect.

So now your family PC(s) connect to the content filtering Dansguardian that uses the Squid cache that gets the web pages from the internet. You can set a wide range of content filtering rules as well as control application access such as chat programs.

This may be a little more complicated than buying a $49 “nanny” program from Wal-mart, but it gives you more control over more functions with more flexibility all in a package that is separate from the PCs that need to be protected…and keeps it away from the 10 year old hackers.