# Home security with youngsters



## danaeckel (Mar 18, 2012)

I was wondering if there is software I can install on a server to monitor internet access. I have a youngster now, and I would like to monitor it on my server rather than on the client level.

Dana


----------



## fonz (Mar 18, 2012)

You could use explicit filtering software such as www/dansguardian (no experience with it as I don't have kids, but I've been told it works well), monitor the youngster's desktop with net/vnc or something similar, or just educate the kid on the importance of Internet safety. Or a combination of course.

Hope this helps,

Fonz


----------



## danaeckel (Mar 18, 2012)

It isn't so much filtering I am looking for as of right now. Sure I can teach safe surfing, which will work good until their friends are over with ideas. I expect children-teens to know how to flush their caches, delete history, etc, but the keys to the server will remain with me, and if they do something they shouldn't be doing, I want to know.


----------



## SirDice (Mar 18, 2012)

danaeckel said:
			
		

> if they do something they shouldn't be doing, I want to know.


Here's a novel idea, talk to them.


----------



## danaeckel (Mar 18, 2012)

I know kids/teens, they lie, break the rules, etc. I want to be one step ahead.


----------



## Hawk (Mar 18, 2012)

Sounds to me like you need a basic packet sniffer like security/snort . I'm sure the pros would be able to tell you the ideal program that would fit your needs. Just consider, however, this is analogous to tapping the phone. As a parent myself, I understand your situation, and I can see both sides of the privacy issue. But that's just differing parenting styles.


----------



## Anonymous (Mar 18, 2012)

danaeckel said:
			
		

> I know kids/teens, they lie, break the rules, etc. I want to be one step ahead.



This general statement makes me revolting somehow. We all were in the past kids/teens as well. I am 51 years old, however I can remember my youth, and I cannot remember me generally lying, breaking rules, etc. Instead, I remember treating my parents respectfully and being treated respectfully by them.

Now I am a dad of an almost 6 years old boy. He uses the internet by the way of bookmarks that I prepared for him. So, for the moment I am not that concerned, however for the future, I have many concerns. This is my list of IT related concerns sorted by priority:


spending too much time on the computer
using file sharing
(I don't want to lose my house, cars and anything else, because my son is sharing some idiotic songs, movies and/or games)
him being drawn into criminal activities
him taking part or being victim of mobbing in social networks
him visiting pages violating by any means the human dignity of anybody
(e.g. excessive violence, racism, other political and/or religious indoctrination, hard-core pornography)

I agree with SirDice. I also think that keeping on talking about any issue is essential, and should be the base for any other measures, and perhaps makes anything else already superfluous. In my opinion mutual respect is another important keyword here.  

I am going to address 1, and partly 2 on the client side, since a timer is part of the OS he is using, and regarding 2, the up-comming technology of execution-prevention of non-signed apps will be handy for this.

I am thinking to address also 2 and in addition 5 on the server side. The server is the gateway with NAT and firewall, and runs a recursive name server. Client access to foreign name servers is blocked by the firewall.

Of the server-side measures, 2 will perhaps be complicated, because blocking of some ports may not be sufficient - any ideas are very welcome here.

Regarding 5, query-logging is activated in /etc/namedb/named.conf. Several years ago, I wrote a name server query log analysis tool, which sorted the queries by users and domains into a FileMaker database. The users were confronted on a monthly basis with their logs, and this was already sufficient for keeping strange activities on a low level - this was not a hidden but an open type of control. When I find some time, I will re-vamp the query log analysis tool for sorting the queries into a PostgreSQL-DB, however, given the age of my son, I guess that I still got some time for this.

I don't think that concerns 3 and 4 can be addressed by any technical measures. This remains an educational challenge.

Finally, in no case, I am going to take hidden measures, since in my opinion this would contradict to my respect to my son, and also inhibit me teaching responsibility to him.

Best regards

Rolf Jansen


----------



## danaeckel (Mar 18, 2012)

Wow, some of that I didn't even think of. Right now I have a girl who is 5, and I took an old IBM Thinkpad and installed Edubuntu on it. To my surprise she could run Firefox, get into Google, and type in names of TV figures she likes. Needless to say that kinds scares me. And she watches me too much, and picked up very quickly. I plan to look into OpenDNS since I can set that up to block porn and some stuff, and I know I can setup DNSMasq, and IPFW to filter more.  Dana


----------



## SirDice (Mar 19, 2012)

I don't have kids but I see a lot of parents making knee-jerk reactions. They want to monitor _everything_ their kid does. I don't think that's good. I'm 40 and I also can remember my youth. My parents knew I was out but never needed to know _exactly_ where I was or what I did. They trusted me to do the right thing. Sure I made mistakes, I'm sure your kids will do too. But that's all part of growing up.

I've noticed small children couldn't care less about porn if they come across it. They'll think it's gross then click it away and move on. Their parents are usually more freaked out about it than they are.


----------



## danaeckel (Mar 19, 2012)

Maybe it is more the fact knowing she is growing up so fast watching her Google around, then watching 20/20 too much, and just knowing there are tools at my fingertips could give me some sort of comfort.


----------



## Hawk (Mar 19, 2012)

I agree with SirDice, but only partially. I've seen first-hand how different things are in third-world countries. The internet has no borders and people can "visit" other countries at the click of a mouse. There are some organizations that would love a chance to chat with the youth of other countries. Recruiters for al-Qaeda are smooth-talkers. Extreme example? Maybe. But the food for thought is that the Internet isn't like letting your kid walk to a friend's house down the street. You know your neighborhood and most parents unconsciously perform a risk analysis before making a decision. There's too much on the net to warn kids about. First it's "I like Tonka toys, too." After a week or so, they'll have your kids sniffing highlighters, or mixing sulphuric acid, acetone, and H2O2 to "see a neat-o trick." (majority of which CAN be found in the household) The keyword here is risk analysis. Just remember "who" is on the internet.


----------



## phoenix (Mar 19, 2012)

Working in a school district, I see this knee-jerk reaction ("We must control everything; we must block everything; we must use technology to control what the kids do on the Internet" etc) way too often.

The correct solution for "knowing/controlling what they do online" is (and always has been) supervision.  Simple as that.  You don't need website filters.  You don't need fancy technology to monitor/control what they do online.  What you do need is open, honest, continuous dialog with the children; open, honest limits on the amount of time they are online; and they need to be supervised until they can show some modicum of responsibility.

It really is as simple as that.  Treat them with respect; treat them with honesty; treat them like kids, and they will respond accordingly.  Treat them like criminals with tonnes of locks around them ... and they will spend more time finding ways around the locks than anything else.

You can't "block the Internet", even if you control the PCs.  There's always a way around it.

Treat them like people; make use of the computer a responsibility issue; and kids will treat the Internet with respect.

The more you lock things down, the more they will rebel.


----------



## Hawk (Mar 19, 2012)

danaeckel said:
			
		

> I was wondering if there is software I can install on a server to monitor internet access. I have a youngster now, and I would like to monitor it on my server rather than on the client level.
> 
> Dana



Monitoring such as this is transparent and the users of the system/network will most likely not know of this "wiretap." Thus, the children will not know they are being "watched." Further, Dana mentions that she is not interested in blocking sites, but being able to rest knowing that they're not getting into something really bad. Furthermore, I'm a bit surprised by some of the reaction/responses here. Someone has asked for technical help, not how to raise children. I'm probably not the best father in the world, but who am I to tell someone else how they should or shouldn't rear their children?


----------



## fonz (Mar 20, 2012)

Seeing as I don't have any kids (nor a desire to have any) I'm not touching the parenting philosophy thing with a 10-foot pole, but @OP: depending on exactly what you want, you could ask on a large Linux forum, e.g. LinuxQuestions.org. They have a large userbase, which means there might be a better chance that someone has had your question before. You may want to hide the FreeBSD part, ask if there are Linux programs that do what you want and then see for yourself whether they are in FreeBSD's ports collection or can be compiled from source or can be run in Linux emulation mode.

Fonz


----------



## hockey97 (Mar 24, 2012)

If you have a router at the house, you can use the router interface to restrict and limit what they can access. Depends on what router you buy. I have a linksys that allows me to block IM, and websites, and many other things like start logging everyone's activity. You can also try out opendns.org,  it's a free service, well the*re* is a free and a paid service. *Y*ou can monitor and control the internet on what the kids access etc. Most schools uses these DNS servers. *A*ll you have to do if you*'re* using a router, you will need to log in into your router and then change the DNS servers to the IP addresses of the OpenDNS servers.

Here is the website: http://www.opendns.com/


----------



## cosmin (Apr 9, 2012)

I think what you are looking for is squid with squidGuard installed.


----------



## danaeckel (Apr 10, 2012)

I have been thinking of OpenDNS, will work quite well for some stuff.

Dana


----------



## hockey97 (Apr 12, 2012)

danaeckel said:
			
		

> I have been thinking of OpenDNS, will work quite well for some stuff.
> 
> Dana



If you go here:  http://www.opendns.com/home-solutions/parental-controls/, they do have a free version. Most schools use it to block specific websites from adult sites to well known sites to get your computer infected by viruses. 

I don't use it for control purposes. I'm currently using it for the DNS instead of my ISP's DNS servers which openDNS actually sped up the time to grab websites. 

I was told you can actually record your internet usage like the time it was used and how long etc. I am sure it's a good choice the only down falls is that you better hope the kid don't know about computers.

Since you have to set up your computer or router to use their DNS servers. 

Which their IP address for the DNS servers are here:

https://www.opendns.com/opendns-ip-addresses/

Other then that I don't know if there are any good free software ones.

The only way the kids can get around this is if they know what a DNS is and how to config one. I mean they would then be able to get into the router or computer and just turn off the changes or delete the IP address and leave blank which then would use your ISP'S DNS servers.


----------

