Chap Zero – Introduction (Whole House Router Based Parental Controls)

Never has the dissemination of obscene, dangerous and/or fraudulent material been so easy, widespread and unchecked. The Web makes it simple. Amidst all this, elementary and middle schools require that your kids use the Internet for homework and research.When the kids are done with their homework (or maybe before they do their homework), they’re playing games or doing a “bit” of social networking.

Oh, what fun it is to have to babysit their homework experience to make sure nothing bad happens, or watch over their shoulder as they play the latest web game! Back in the good old days, nothing bad would pop out of the math and history books, or the monopoly boards and spirographs for that matter. Ah, the good old days…

Now it’s a dangerous world out there.

Complicating and exacerbating this situation are the multiple Internet devices most kids use. Fifteen years ago, a household might have had one PC, or maybe even two. In this era of cheap technology, each kid may use two PCs and a tablet. A household with three children may have six or more devices used for Internet access, with different operating systems such as IOS, Android, Windows and OS X. How can the Internet be filtered on all of these devices to keep children safe?

The answer is with a centrally located single device that will perform all the filtering for all the kids and all the devices. All management of the controls are performed using this one device. This post discusses the overall design, functionality and a few basic technical details. The advanced technical details will be described in upcoming posts.

Remember that no parental control system in existence will nullify every threat but instead will dramatically reduce the number of threats. Vigilance, awareness and caution are still necessary.

The requirements for a workable and effective parental control system are listed below:

  • Adult devices are not filtered in any way.
  • A single and easy to learn parental control management point for all devices. No device will need to have individually installed parental control software. Devices that normally do not have parental controls, such as tablets, are also filtered.
  • Ad-blocking. All ads (and especially fake virus warning ads and registry cleaners) must be prevented from appearing on web pages.
  • Categories of web pages, such as porn, gaming sites and violent content, are completely blocked with an option to unblock.
  • Individual sites need the option to be blocked at all times or certain times.
  • Forced Safe Search. Searches for obscene content must not be permitted. Embedded obscene images must not be displayed in search results.
  • Be able to create daily schedules for blocking Internet access by time of day. The schedule must be configurable for individual devices, groups of devices and all devices.
  • The devices of any minor guests (friends of kids) must also be filtered.
  • There must not be any changes to the primary router.
  • System is immune to most attempts to disable it.

The router provided by your ISP is not suitable for some of these tasks. In fact, most routers can do only the daily scheduled Internet access controls and simple keyword blocking. The Verizon or Comcast supplied router must stay in place unmodified for two other reasons: The Internet connection comes through the Coax cable (not Ethernet) and the router is necessary to see the program guide on the TV. The Comcast supplied router also handles the home telephone connections.

Additionally as listed in the requirements above, the primary router cannot be modified and this is for a very good reason: Any failure of your Internet connection cannot be blamed on or be due to any facet of the parental controls.

The central control point, then, cannot be the primary router supplied by the ISP. What is needed is a secondary router that is connected to the primary router and is configured to create a safe subnet for any devices that need filtering. Typically this would be all the devices used by the minors in the household and their guests.

To implement all of the requirements requires a secondary router with a highly modified and powerful operating system. The router operating system (always referred to as firmware) chosen for this task is called Tomato. Tomato firmware is very powerful and highly configurable, which is necessary to make the numerous configuration changes that will turn said router into an Internet filter. Tomato firmware replaces the stock firmware on the router.

Even if parental controls are not needed in a household, there are parts of this system that might prove useful, particularly the ad filtering which can be done without the parental controls or forced safe search. Imagine no ads on any of your smart phones, tablets and computers. The ad blocking is relatively simple compared to the parental controls. Less router customization is necessary, and OpenDNS is not necessary at all.

I have implemented and tested this whole house parental control system, and it works like a charm. The “under 12” crowd should be pretty safe. Smart phones cannot be filtered using this mechanism unless the cellular data option is turned off and the smart phone is connected to the home WiFi.

No filtering method is perfect. Occasionally something mildly bad or PG-rated will slip through but probably nothing that will cause any lasting trauma. Indeed, most of the trauma associated with this system may happen when the kids realize they’re about to be filtered.

From an end-user standpoint, this system is almost plug & play and is very easy to manage. If it fails for any reason, your primary router continues to function normally.

Note: You’ll need to buy another printer for the kid’s subnet. Not expensive, and a small price to pay for the relief and freedom that the filtering will provide. Two subnets cannot share a networked printer because they cannot see each other (they have different DHCP servers for technical reasons related to the filtering). Then again, if the networked printer is connected to the router via Ethernet cable, you could switch the cable from one router to the other. I think that’s more trouble than it’s worth. And yes, I know I could set up a “trust” between the two domains but I’m trying to keep it simple.

Overall, I don’t think there’s an easier way to implement a highly effective whole house Internet filter. Working as a systems integrator, I’ve combined a lot of separate features and created something with real utility.  The beauty of this method is that no changes are made to the primary router (except to change the WiFi pass code). The recipients of the filtering connect their devices to the secondary router. The adults continue to connect their devices to the unfiltered primary router. All is good.

This entry was posted in Uncategorized and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s