Filtering/blocking software for child/teen/employee internet usage

[tankman1989]

I'm looking for THE BEST software out there that is the most versatile, configurable, non-intrusive (kids or employees can't alter or disable it) etc. Is there a program that you specifically use that you like?

I've thought about trying to use a proxy like squid and making a blacklist of sites that are not allowed to be visited. I have an idea of how to do this but it is a little labor intensive but it uses the users as the resource for new blacklisted sites but that means that if they already visited the site, it already didn't block the site - BUT - the next time they visit the site they will be denied.

I figure that I can create a list of keywords which are not allowed and if they appear on the site then it is blacklisted. If the site is a discussion site that is simply talking about the issue of a keyword then a complaint can be submitted and the site reviewed and if it doesn't contain inappropriate material then it can be whitelisted. Does this sound like a plausible way of dealing with this problem?

-Does anyone else have any better solutions?
-Do any of you offer this to your clients and if so, how often do they feel it is necessary?
-How can this be done with the introduction of tablet PC's, Iphones, etc.

Could I make a proxy site http://www.proxysite.com that will block certain bad sites? Maybe something like:
http://1.proxysite.com, http://2.proxysite.com, http://3.proxysite.com, http://4.proxysite.com, http://5.proxysite.com, http://6.proxysite.com, http://7.proxysite.com, http://8.proxysite.com, http://9.proxysite.com
Each one with varying degrees of filtration. Would that be possible?

 

[gazza]

Setup OpenDNS on your router, filter out the material you don't want user to see and keep your passwords secure.

 

[sassenach]

For business users, set up ACL's (Access Control Lists) on their routers so you can control exactly what traffic each node can send and receive.

For residential customers, KIS (Kaspersky Internet Suite) or Kaspersky Pure have an excellent Parental Control that is password protected and extremely vigourous in carying out its commands.

 

[16k_zx81]

DNS + local solution.

Something that notifies end users that they are being monitored is probably a good idea. Supervision being an effective deterrent.

 

[tankman1989]

I would like to create a blacklist and or whitelist of various degrees (G, PG, PG-13, R, NC-17, X and XXX) This way I can use the list for all customers.

Would the windows HOST file be useful for this?


Here are some areas which I would think parents would want to protect their kids from, and possibly employers limit their employees from accessing.
Drugs
Porn
Gambling
Child Predators
Explosives
Guns
Knives
Religion
Cults
Games
Music
Youtube
"adult friend finder type sites"
Occult sites
***can anyone add any other catagories which parents might find objectable?

I'm just having a tough time figuring out how to do this with Iphone, Android phones, tablets, etc. Can anyone shed any light on this?

 

[atlanticjim]

It would be a full time job to manage whitelists and blacklists for sites as well as manage the complaints of filtering innocuous web requests because your filter was not sophisticated as well.

Have you looked at OpenDNS as gazza has recommended. It will provide you with a solution for all devices. Of course that is only if the device connects to the web via a portal that you control. For example, a smart phone connected through your portal can just have the wifi switched off to use the carrier's broadband connection instead.

 

[Steve202]

If your looking for something to implement locally, take a look at untangle.

 

[tpcg]

Remove all links to Internet Explorer after you install FireFox, download the addon called ProCon Latte, enable it add a password to it. It has a whitelist, blacklist, and you can add sites, words etc...
This is what I have setup for residential customers.

For business we use Untangle.

 

[Encrypted Existence]

Remove all links to Internet Explorer after you install FireFox, download the addon called ProCon Latte, enable it add a password to it. It has a whitelist, blacklist, and you can add sites, words etc...
This is what I have setup for residential customers.

What happens when you get a user that's clever enough to either reinstall IE or install something else like Chrome...I think the best approach would be to use a DNS/ACL solution.

 

[YeOldeStonecat]

The Windows Hosts file approach would be prohibitively high maintenance...how will you keep up with every website out there?

For home users, even small business clients...OpenDNS is free and you can setup an account and work with content filtering.

For home users, Windows Live Family Safety works pretty well for young users.
Safe Eyes is a 3rd party product which does similar, there are other "net-nanny" types out there too.

For home users, there are some routers out there which have content filtering features.

For businesses, part of our "best practice" setup is using UTM appliances at the edge, instead of the old NAT router approach. Besides the added benefit of antivirus and antimalware scanning to add layers of protection to complement the desktop antivirus, they have rich and granular content filtering abilities. We mostly use Untangle for this.

 

[Cornerstone Technologies]

Here are some areas which I would think parents would want to protect their kids from, and possibly employers limit their employees from accessing.

Drugs
Porn
Gambling
Child Predators
Explosives
Guns
Knives
Religion
Cults
Games
Music
Youtube
"adult friend finder type sites"
Occult sites

The above list seems inclusive of about 99% of the entire internet.

I am wondering, is this something a customer asked for? Or are you creating a solution that is looking for a problem? I don't interject my values to parents unless they are very specific. The responsible parents that actually care about their kids are actually being a parent and watching what the kids are doing. The ones seeking filters and solutions are ones that are not actively involved, is what I have observed.

 

[dbdawn]

You need an appliance, something like a Barracuda Web Filter.

 

[seedubya]

The responsible parents that actually care about their kids are actually being a parent and watching what the kids are doing. The ones seeking filters and solutions are ones that are not actively involved, is what I have observed.

I have three kids, all with access to pc's, laptops, phones and consoles at different points throughout the house. How do you propose that I watch everything they're doing, all of the time? Can you give me the power of bi-location? What about while I'm cooking dinner or taking a dump? It is physically impossible to watch every thing, every minute of every day so any piece of software or hardware that makes this more manageable is worthwhile. To suggest that I'm a bad parent because of this is extremely inaccurate, insulting and just downright ignorant.

@OP
I use Untangle and Open DNS. Their phones have 3G disabled at carrier level. They have limited accounts on all PCs and laptops. This still doesn't help when they're at a friends house or whatever but I can't, so far, cover every base.

 

[oldtech]

Check out covenanteyes www.covenanteyes.com

 

[TechLady]

I use OpenDNS and various plugins for Chrome. This is enough for eight-year olds and they do not really look for trouble (yet)...also their computer is right next to mine. May have to get something a little more robust in the future, but so far so good.

 

[pceinc]

We use the following...
SecureSurf from Appriver (DNS Based, global settings)
McAfee SaaS (Proxy Based, user level settings for policies and reports)
OpenDNS (DNS Based, can apply settings to Networks)

For residential we use K9 Web Protection. It's free and very easy to setup.
They limit 10 license keys per email account.

We also use firewall policies if the firewall supports it.

For what it's worth, when proposing a filtering solution to a business client, I found using the cost of time wasting analogy works best. If you have an employee who wastes at least 1 hour per month on personal internet use, you've already spent more on that employee's wages for that 1 hour than it will cost to filter that employees internet connection for the entire month.
The response we usually get is, "I've never thought of it that way." We also offer 30 day trials of SecureSurf. We setup with no filtering and reporting only. At the end of the month we show them a report of websites accessed to see if they have a problem.

 

[agh3]

2nd pcinc's suggestions.

I personally use and setup for my clients with teenagers K9 Web Protection and also implement OpenDNS on the router with category filtering.

Drives my teenagers nuts that they can't work around the two levels of protection. My 17yr old even had "older online friends" trying to help him hack around it but they were unsuccessful.

I've also installed K9 at churches and small schools to protect their computers and it's worked great for them.

Best feature is hours of internet use. I setup my kids so their internet connection terminates at 9:30pm so they're in bed no later than 10. If they're working late on a project, I can override that for 15/30/60 minutes using a password.

 

[tempusfugit]

I would rather just monitor at the router level, and terminate employees who don't listen and beat the snot out of the kids. If you're going to a proxy to be smart, you get the beating stick too.

Filtering always ends up prohibiting useful sites - Ya my boss doesn't want me watching youtube videos all day, but there's about a million useful videos for a computer tech.

 

[brandont]

I agree with a few other commenters, OpenDNS is really good.

 

[MobileTechie]

Bear in mind openDNS is worthless if they have access to the IP settings of the network connection in Windows.
Teenagers will get past almost anything that isn't router level because if you type in searches like "bypass Family Safety" or whatever you'll see hundreds of posts on how to bypass these host-based systems and most suggestions include live CDs and proxies. It's no big deal to stick a linux on a USB and boot into it quicker than Windows does anyway and do whatever you like unmonitored. So I think router-level is the only real answer and make sure they don't know your router passwords or ISP details (or they'll just get their own router). Many parents forget about iphones and ipod access too. I think monitoring is key. If someone knows they will get caught and punished they don't do it.