internet security child family

Protecting your family online

Protection for the Family

There are plenty of services and software that help to protect you and your loved ones online from nasty website, phishing attacks, viruses and malware. I read a recent article http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html and wondered if anti-virus was more of a hinderance than a help? Now the caveat. If you’re using copied/hacked/illegally downloaded  software or if you frequent dubious sites then you might wish to consider some options to protect yourself, using one of the many anti-virus solutions out there. After all you really don’t know how the software has been modified or even if the software you’ve procured is indeed what it says it is.

For the rest of us I do wonder if a constantly running anti-virus solution is actually having a negative effect on our PCs, especially lower end ones? I’ve decided to uninstall my kaspersky anti-virus software, which incidentally I purchased as it supposedly had the smallest footprint and the lowest impact of many of the mainstream anti-virus solutions out there, and I’ve promoted Microsofts Windows Defender to the forefront once more.

But that’s not all, an anti-virus solution will only protect the PC its running on and I wanted to also provide web safety for my family too. My two young children (9 and 12) have their own PCs and tablets and are regularly online these days. They are confronted with the World Wide Web in its entirety. From the BBCs Timmy Time to less suitable website starring naked men and women carrying out all kinds of sexual acts. An innocent search online can lead to some really worrying websites.

Many ISPs now offer free family safety solutions directly through their service and these can be turned on and off theorh the ISPs own control panel. However they may not give you much control over what you deem to be suitable content for your children or even adults. That’s where OpenDNS comes in. OpenDNS acts as a gatekeeper of sorts to the web, filtering out domain names and web services that fall into specific categories such as alcohol, dating, gambling, weapons and pornography to name a few. There are four pre-configured levels of protection, high, moderate, low and none and if these aren’t enough you can also customise the categories chosen as well.

In addition to this, you can also specify domain names that might not fit into any of these categories in a white or black list, allowing you to block everything except bbc.co.uk for example.

This is all carried out by modifying two settings  in your router/modem called the DNS servers. Its these DNS servers that are the signposts to websites, so essentially OpenDNS stops some of these signposts from working. Nice!

If you configure the DNS at the router/modem level, each and every device that uses that routers connectivity, whether that’s wired or wireless would typically use these DNS settings so there’s normally little else to do. Of course, there’s a way around this and that’s to configure your device to not use the OpenDNS servers but perhaps use Googles own DNS (8.8.8.8 and 8.8.4.4). If a PC or mobile was manually configured to use anything other than OpenDNS, you would  essentially bypass the security offered but most kids won’t know where to look (at least not until their teenage years).

Getting rid of adverts/speeding up web browsing

Another issue that many of us have is the incessant advertising we receive in websites and also in games. You have to remember that advertising funds the future development of websites and games and many developers rely on it to keep their services essentially “free”. The moment you stop ads being delivered, that’s also stopping their revenue. That said, I found that adverts were making my little netbook grind to a halt. Many adverts now are video based while some contain mini games and once you’ve downloaded three or four of these per page, a low end device really starts to crawl.

You can get around this by installing ad blocker software or plugins on your browser and on each and every device that you wish to block ads. This will certainly speed up browsing, but there’s a trade off as the ad blocker itself typically uses processing power to block ads. But there is a better way to block ads across your entire home network with nothing more than a Raspberry Pi and a single line of code.

Something called pi-hole recently came to my attention, so I spent a little time booting up my old Raspberry Pi 1, installing a fresh version of Raspbian Operating System and then running the pi-hole command. Within minutes I had a dedicated DNS server which uses OpenDNS as the Upstream DNS Servers. What does all that mean? Well essentially, pi-hole has a huge list of all the domains that tend to serve ads and it downloads them to itself. You then tell your home devices to use the pi-hole as their DNS server either by configuring your router (see above) or by manually adding the pi-hole IP address as the DNS server to each PC/phone/tablet. When your device makes a request to a domain that’s listed in pi-hole, the ad is essentially blocked before its even downloaded. The great thing about pi-hole is that you can use it in tandem with openDNS, giving you dual protection.

Pi-hole is free software and a Raspberry Pi with a case, SDCard and power supply would set you back around £45.

So whats next? Now that my little Raspberry Pis running again and feeling quite proud of itself, I’m going to see how well a Minecraft Server will run from it while pi-hole is running.

Strong-Password

How secure is my password

A question that we get asked regularly is “how secure is my password” and there unfortunately is no simple answer, however it is possible to figure out roughly how vulnerable you might be. There are some simple rules that we should follow when it comes to password creation and I’ve listed these below:

  1. make sure your passwords are at least 16 characters long
  2. use a different password for each service you use
  3. ensure that your password is not based on a dictionary word (in any language) or indeed any word that might be easy to guess
  4. ensure that your password contains a variety of uppercase and lowercase letters, numbers and also special characters such as $ % and * for example
  5. change your passwords every 3 months

Thats actually quite a daunting list but according to tools online such as http://random-ize.com/how-long-to-hack-pass/ my newly created password that fits all the above criteria might take 420,805,123,888,006 years and 6 months to crack. Thats a long long time but even thats not stricty accurate and I may discuss this in a future blog article, but simply mention “Moores Law” or more the death of Moores Law and the advent of Quantum Computing. As a comparison the password “password” can be guessed within 1 minute and 13 seconds, and thats if the computer doing the guessing isn’t cycling through commonly used passwords first.

If we consider that the only way we’re likely to remember these passwords is to use a piece of software such as a bespoke password manager, or even the web browser itself as many of them offer the ability to remember passswords or perhaps spreadsheet then ideally we should also be password protecting this source too, in case our computer gets hacked and vital data is exposed to the hacker. We could write them all down on a piece of paper and file that away, however my writing is atrocious and did I write a “1” or an “l”, a “O” or a “0”.

The more pressing issue is remembering all these passwords for each and every service. If we were to follow the above 5 points then I expect that we would be continually requesting password reminders. But is that really such a bad thing? After all if we’re asking for a password reset every time we need to log in, we’re potentially fulfilling point 5 while of course fulfilling all the other points as well?