Parental Control Software
The internet in its raw form in my opinion is so tasteless and goes way outside the bounds of even an adult. However, there are so many good things about the internet that the internet cannot just be disconnected from our lives. This is where Parental controls come to play. If you read up anything about me you will see I favor K9 Web Security. After much research you just can't beat what you get for free from this software. Most paid softwares don't even compare. K9 can also be combined with opendns to lock down almost everything. The keyword to that last phrase was *almost*. It's impossible to block everything sadly. This is why blocking "bad" sites is just not enough. Another tool that is need is accountability reports.
Addict Helper Software
Accountability reports are usually used by addicts. These reports get sent to a sponsor or another person to review and talk about with the addict. What I want to persuade is that these accountability reports should be used not just for addicts but for parents and kids. The fear of having someone else know where you are going on the internet through reports is a good tool to keep you away from the demoralizing aspects of the internet. I have heard that convenant eyes is a great accountability solution. It does have a monthly cost, but is worth the cheap price tag. I would not recommend x3watch. Very often it doesn't work not sending the report to your sponsor and if the report does send it only shows random snipets of what is going on.
Incomplete Protection
Combining the tools of blocking the internet and adding the accountability reporting is a good step towards what is being looked at on the computer screen. This is not complete however. There are loop holes to consider. A teen could have all the above enabled on the PC and still get around the security.
Here are some additions to the above recomendations:
1. Disable boot from external drive and CD then password protect the BIOS. This makes the PC not able to boot to a disk that could have a bootable OS system. Booting to another OS system could allow avoiding any software installed on the current OS on the disk.
2. Make an Admin user on the PC with a password. Then make all other users standard users with update rights. This dissallows anyone from installing keyloggers (records what keys are being pressed...which if on the PC your password when typed could be hijacked). This also doesnt allow the software installed to be disabled. Even my highly recommended K9 has a flaw that can be disabled by changing a files contents and restarting. Without admin rights however this flaw is no more.
3. have each parent create their half of one password. On any password you create make the password split into two passwords that each parent only knows their part to the password. This is security 101 to any corperation. Don't give anyone all the keys to the castle. The responsability eats away at the person and since we are all human we all can fail.
4. Setup OpenDNS on the router and not on each indivdual PC. Doing this adds more security when a device that doesn't have K9 or other parental software installed to have access to your "bad" list. There is a loop hole with this concept in they can just change their PC DNS to another and get around this step 4. To counter I would suggest getting a router with DD-WRT firmware so you can force DNS resolution to always use the DNS you provide on the router.
5. use pingdom.com. This trys to setup communication to the router. If it fails it emails you that it is down. Without going into to much tech stuff it would be better if you used TCP settings to communicate and use a port you opened up. The port could be a protocol you use but could also be something you don't. If you don't use it just map the port to an IP not used on your home network. If a hacker notices this port is open and attacks it, he can't get anything out of it. pingdom is a great way to notice if someone is bypassing the router and connecting directly to the modem. Connecting directly to the modem means they bypass any security set up on the router.
6. May I suggest a tidius but good way to block everything except what is needed on the internet? block all catagories of the internet with the filter. After they are all blocked start browsing to your favorties list. Allow each of those websites that you know are good and can be trusted. Amazon and ebay sites in my opinion cannot be trusted as a simple search can lead to very revealing stuff. after allowing all your favorites start browsing around a little and when you have a website you know is good allow it. It's funny but I bet you only visit around 20 sites normally. Only when searching for something on google would you venture out of these 20 sites. So when you want to venture out in the open have the neccessary security, get someone to allow you full access for 20 mins while you search down your big project. That's all you really need to find the solution. If it doesn't you can always allow for more. I am sure your spouse or whomever will be gratefull you didn't spend hours resesarch on a the topic. Then, afterwards, your walls come back up and your secure again.
Castle Analogy
Think of the analogy of a castle. You need walls to protect the inside. The walls need to be high enough to evad a baruage from the air. There are guards to only allow what is good in. Another thing worth mentioning is when the King or Queen step out of the castle they never go out alone. There was always a protector, even if the protector was a single archor with a keen eye for look out.
What happens in the movies when the King/Queen leaves without a gaurd? He/She gets into pearl. Although he/she may come back a hero, he/she still got into trouble and had to find a way out.
can you see the simularities from the castle to the web protection?
Conclusion
I would hope parents/addicts and anyone alike don't have just the raw internet flowing from their PCs. I would also hope that this article was helpful to someone and in turn will help many.
Friday, May 25, 2012
Thursday, May 17, 2012
Comparing ICS with older. Sensation 4g
What's Different? I am seeing nothing posted on comparing the old with the new. so I thought I would get into some of the things and let you know my experience
1. upgrading went without a hitch. downloaded and installed. was as simple as that
2. after install I got hammered with "this app wants permission to access". some of them didn't respond when I clicked on them on the notification area...Facebook app said it had to force close every time I did it. I went into the app store and found out there was a facebook update. after the update facebook stopped with the permissions thing. I got random permission requests as I played with it. I would think they eventually will disappear.
3. all my apps seemed to be OK with the update. K9 still works and still redirects webpages to its own version of firefox. play store is fine. my wireless settings transfered, my call records transfered over, my text messages where all there.
so whats different?
1. the look. You get some nice different styles of text. the loading bar is a circle that I get mesmorized each time I look at it and wonder how the white becomes white again. the notification area looks smoother. the notification icons on the top are clearer. the overall appearance just looks refreshed.
2. there are shortcut buttons on the bottom that are static. This means you can have 4 fav apps always avail to touch no matter what screen you are on. they can be changed just as if they where on the device screen.
3.The feeling for the device just feels smoother. I tap on something and it reacts...no "did I tap on it right?"
4.instead of dragging down an app to remove it you now drag up
5. to make a folder you can just drag an icon to another icon and make a folder.
6. the folder isn't just a simple vanilla folder but a transparent folder with tiny icon representing what is inside.
7. HTC weather now when you open it you don't get just a simple today forcast but a 3 day forcast without having to click on the box...great
8. the settings have changed a little. It looks better.
after looking through it for 15 mins this is all I came up with.
overall I am impressed. It looks fantstic and feels very much like I got a fresh new phone in an old jacket.
Thanks Google!
1. upgrading went without a hitch. downloaded and installed. was as simple as that
2. after install I got hammered with "this app wants permission to access". some of them didn't respond when I clicked on them on the notification area...Facebook app said it had to force close every time I did it. I went into the app store and found out there was a facebook update. after the update facebook stopped with the permissions thing. I got random permission requests as I played with it. I would think they eventually will disappear.
3. all my apps seemed to be OK with the update. K9 still works and still redirects webpages to its own version of firefox. play store is fine. my wireless settings transfered, my call records transfered over, my text messages where all there.
so whats different?
1. the look. You get some nice different styles of text. the loading bar is a circle that I get mesmorized each time I look at it and wonder how the white becomes white again. the notification area looks smoother. the notification icons on the top are clearer. the overall appearance just looks refreshed.
2. there are shortcut buttons on the bottom that are static. This means you can have 4 fav apps always avail to touch no matter what screen you are on. they can be changed just as if they where on the device screen.
3.The feeling for the device just feels smoother. I tap on something and it reacts...no "did I tap on it right?"
4.instead of dragging down an app to remove it you now drag up
5. to make a folder you can just drag an icon to another icon and make a folder.
6. the folder isn't just a simple vanilla folder but a transparent folder with tiny icon representing what is inside.
7. HTC weather now when you open it you don't get just a simple today forcast but a 3 day forcast without having to click on the box...great
8. the settings have changed a little. It looks better.
after looking through it for 15 mins this is all I came up with.
overall I am impressed. It looks fantstic and feels very much like I got a fresh new phone in an old jacket.
Thanks Google!
Wednesday, May 16, 2012
Is Cisco Linksys Guest mode secure enough?
Is Cisco Linksys Guest mode secure enough? The question I am trying to ask is does the guest mode really work and keep guests out of the main network. In short yes it does keep people out of internal networks. The problem is far from over though. Here is my research:
1. connecting to the guest SSID says it is unsecure. I am not too worried as cisco has it's own password to allow people onto the internet...but wait this is a problem. since this is an open network with no encryption everything is sent in clear text. This is a potential disaster. In theory after connecting to this network and opening the web browser cisco the browser window will ask for its password. if you send this password isn't it in clear txt? someone simple on the network with a packet sniffer can grab the password when someone logs on. Is this an issue? well sort of. I wanted to use this for select people, not everyone. These select people would be employees on break or a 3rd party company in the store doing a demo and wanting internet access. So for someone to get into the the Guest account would only need to do some sniffing around to get the guest password. Biggie? Well I won't want people on my network that I don't know which is why I am so picky.
2. This wireless should only allow internet access, no file sharing between clients connected to the network. In other words HTTP or HTTPS and that is it. This will have to be tested at a later time.
3. if you have your main page open in HTTPS the login screen from Cisco to type in the password doesn't pop up, it times out making you think something isn't connecting right. This is a potential problem since most home pages used are in HTTPS.
4. I cannot specify how long to release an IP to this guest. You can select from 1 to 10 guests on your your guest wireless. So if I wanted only 5 people on my guest access at a time DHCP would only release 5 and then the pool would be full till DHCP releases the oldest. The problem lies in I cannot say how long it takes for DHCP to delete entries not being used...This is only handled in the main settings effecting all connections and not just the guests in the guest wireless. This also means with lots logging on this even though maybe someone is gone it still doesn't allow any one one till the oldest expires. I wish there was a DHCP release time for Guest access.
5. there is no way to filter what guest access actually details. I cannot filter traffic to only allow HTTP traffic for example. If I do any type of white list it has to be done to all wireless devices, and not just what is on the guest list. This is a bummer. I would of liked a rule saying "I want my guests only access to these websites and nothing else". I would have also liked to not allow traffic between guests...making it more secure per guest.
6. I would have also liked to see some QOS on guest vs internal networks. I want to make sure my internal networks don't suffer because someone decides to watch hulu and download the next big game on bittorrent in our guest SSID.
7. Some other things: I cannot change the Guest access SSID, so I am stuck with "name-guest" with "name" being my internal SSID. I cannot change the IP address scheme. I don't know what would happen if I decided I wanted my internal network to be 192.168.33.0....
now for some good news.
trying to access the internal network while logged on to the guest network doesn't work. In all practicality they have made it separate from the internal network. This is great.
so to summarize yes guest mode keeps guest just guests on you network. The problems with guests on the network however, are very troubling. With no QOS, no filtering, and no encryption I don't see this working for very many.
If you want the types of controls to guest access I would like to send you to DDWRT or Tomato Firmware for your router. The router must be "open-source" and be on their lists on their website for it to work. It is a little tidus but newer routers actually make the process really simple. As to how to setup the DDWRT with guest access...that is a whole other animal and probably should go to another post sometime.
This is a great leap in the right direction Cisco, I just was expecting a little more.
1. connecting to the guest SSID says it is unsecure. I am not too worried as cisco has it's own password to allow people onto the internet...but wait this is a problem. since this is an open network with no encryption everything is sent in clear text. This is a potential disaster. In theory after connecting to this network and opening the web browser cisco the browser window will ask for its password. if you send this password isn't it in clear txt? someone simple on the network with a packet sniffer can grab the password when someone logs on. Is this an issue? well sort of. I wanted to use this for select people, not everyone. These select people would be employees on break or a 3rd party company in the store doing a demo and wanting internet access. So for someone to get into the the Guest account would only need to do some sniffing around to get the guest password. Biggie? Well I won't want people on my network that I don't know which is why I am so picky.
2. This wireless should only allow internet access, no file sharing between clients connected to the network. In other words HTTP or HTTPS and that is it. This will have to be tested at a later time.
3. if you have your main page open in HTTPS the login screen from Cisco to type in the password doesn't pop up, it times out making you think something isn't connecting right. This is a potential problem since most home pages used are in HTTPS.
4. I cannot specify how long to release an IP to this guest. You can select from 1 to 10 guests on your your guest wireless. So if I wanted only 5 people on my guest access at a time DHCP would only release 5 and then the pool would be full till DHCP releases the oldest. The problem lies in I cannot say how long it takes for DHCP to delete entries not being used...This is only handled in the main settings effecting all connections and not just the guests in the guest wireless. This also means with lots logging on this even though maybe someone is gone it still doesn't allow any one one till the oldest expires. I wish there was a DHCP release time for Guest access.
5. there is no way to filter what guest access actually details. I cannot filter traffic to only allow HTTP traffic for example. If I do any type of white list it has to be done to all wireless devices, and not just what is on the guest list. This is a bummer. I would of liked a rule saying "I want my guests only access to these websites and nothing else". I would have also liked to not allow traffic between guests...making it more secure per guest.
6. I would have also liked to see some QOS on guest vs internal networks. I want to make sure my internal networks don't suffer because someone decides to watch hulu and download the next big game on bittorrent in our guest SSID.
7. Some other things: I cannot change the Guest access SSID, so I am stuck with "name-guest" with "name" being my internal SSID. I cannot change the IP address scheme. I don't know what would happen if I decided I wanted my internal network to be 192.168.33.0....
now for some good news.
trying to access the internal network while logged on to the guest network doesn't work. In all practicality they have made it separate from the internal network. This is great.
so to summarize yes guest mode keeps guest just guests on you network. The problems with guests on the network however, are very troubling. With no QOS, no filtering, and no encryption I don't see this working for very many.
If you want the types of controls to guest access I would like to send you to DDWRT or Tomato Firmware for your router. The router must be "open-source" and be on their lists on their website for it to work. It is a little tidus but newer routers actually make the process really simple. As to how to setup the DDWRT with guest access...that is a whole other animal and probably should go to another post sometime.
This is a great leap in the right direction Cisco, I just was expecting a little more.
Tuesday, May 8, 2012
Next-Gen Firewalls...how are they different than Proxy or Parent Control?
I have been reading alot about these next-gen firewalls. Everytime I read this remarkably new idea I often think "sure its great, but how does it differ from what we already have?" Don't Proxy routers do the same thing in a sense? They redirect traffic to only go where you want it to go. A proxy can allow or not allow certain traffic to go through in and out.
Also I have a bigger stake to hammer into the ground: how does next-gen firewalls differ from parental control software? K9 Web security blocks certain websites from poping up according to catagory. You can also white list and black list types of traffic. So in other words just like a next-gen firewall you can disallow all traffic for lets say instant messaging in for example...same goes for K9 Web Security.
I fail to see any difference of all this other than the fact that a next-gen firewall works at the network level of computing, instead of the client level. Which all this is great, don't get me wrong....it is far better than just port blocking firewalls...but still how is this so revolutionary?
I also like the idea that all these devices are put into one single device. I guess that is revolutionary. Kind of a swiss army knife of sorts for networking i guess.
I guess we can say that Blue Coat had it right from the start for "next-gen" with their ProxySG...
Also I have a bigger stake to hammer into the ground: how does next-gen firewalls differ from parental control software? K9 Web security blocks certain websites from poping up according to catagory. You can also white list and black list types of traffic. So in other words just like a next-gen firewall you can disallow all traffic for lets say instant messaging in for example...same goes for K9 Web Security.
I fail to see any difference of all this other than the fact that a next-gen firewall works at the network level of computing, instead of the client level. Which all this is great, don't get me wrong....it is far better than just port blocking firewalls...but still how is this so revolutionary?
I also like the idea that all these devices are put into one single device. I guess that is revolutionary. Kind of a swiss army knife of sorts for networking i guess.
I guess we can say that Blue Coat had it right from the start for "next-gen" with their ProxySG...
Monday, May 7, 2012
IPv6 Handed out like SSNs
I have been thinking of the whole responsibility factors that go into the internet...there are none for those that haven't followed along lately. You can post anything under any name and get away with it. You can create viruses that harm and do so much bad and get away with it. There is no responsibility to what you do on the internet.
Granted Social media is changing that, somewhat. But you can still fake everything and get away with anything under you screen name as long as you don't tie them together.
What I want to see is IPv6 addresses given out to us like SSNs. Maybe a block of addresses for the multiple devices you would carry. Granted this is far from the norm but think of it. We use these addresses everywhere. With BYOD going ramped in 2 years your company will likely make you bring your own device to connect to corporate. Each device you own you have a IPv6 addresses tied to it and cannot change (kind of like a MAC but without the ability to change it...ex.MAC cloning)
think of the responsibility that happens. No one gets away from doing something against the law. Everything you do leads a trace back to you. You are responsible for everything you type and look up. I can hear some people begin to get worried....something along the lines of "but the the government knows where I am always and I have no privacy..." Privacy is an issue. That is why before we do this there are ground rules....like there should have been when the internet was created...
I can also hear the "what if I get my IPv6 stolen, I lose my ID..." yes that is how it is with SSN...why is this such a threat? At any rate yes SSN fraud is horrible and happens a lot. With IPv6 however if there is something stolen or you suspect it stolen there is a trace back to what has happened. It's like a paper trail without any break in the trail...
Granted Social media is changing that, somewhat. But you can still fake everything and get away with anything under you screen name as long as you don't tie them together.
What I want to see is IPv6 addresses given out to us like SSNs. Maybe a block of addresses for the multiple devices you would carry. Granted this is far from the norm but think of it. We use these addresses everywhere. With BYOD going ramped in 2 years your company will likely make you bring your own device to connect to corporate. Each device you own you have a IPv6 addresses tied to it and cannot change (kind of like a MAC but without the ability to change it...ex.MAC cloning)
think of the responsibility that happens. No one gets away from doing something against the law. Everything you do leads a trace back to you. You are responsible for everything you type and look up. I can hear some people begin to get worried....something along the lines of "but the the government knows where I am always and I have no privacy..." Privacy is an issue. That is why before we do this there are ground rules....like there should have been when the internet was created...
I can also hear the "what if I get my IPv6 stolen, I lose my ID..." yes that is how it is with SSN...why is this such a threat? At any rate yes SSN fraud is horrible and happens a lot. With IPv6 however if there is something stolen or you suspect it stolen there is a trace back to what has happened. It's like a paper trail without any break in the trail...
Thursday, May 3, 2012
Ultra Notebooks, Inputing methods, and a guess on future computing
So here is a novel idea for the new Ultra notebook class of computing:
1. laptop design with keyboad that is detachable
2. Super slim design of ultra notebooks
3. multi-touchable screen
4. Keyboard is the fancy seperated key design you see on all the new laptops
5. The keyboard doesn't have a touch pad. Why would you ever use the touchpad?
So in essence think of the Asus Transformer, slim it down a bunch, take off the touch pad mouse on the keyboard and you got the new wave of computing.
I personally think we need to find a new way of inputing to a computer. The keyboard is great and I don't see it leaving any time soon for normal computing but there needs to be a new way with the way our computer devices are changing. A keyboard isn't fitting in with tablets and phones sense it is just to big. The touch screen keyboard is nothing like a regular keyboard and you end up pecking out your words.
Speech is looking promising since it can be done easily and without any extra device other than a tiny microphone in the device. I think a grand hoop from keyboard to voice was what Apple was imagining with Siri...It just didn't explode like the smart phone or tablet did. I imagine this is because no one wants to be seen talking to a phone telling it what to do in a public area.
So that leaves mind input. We have been able to control station changing with mind control, why not look into text input and "mouse" scroll movements. I think just as we looked into seriously making a smart phone smaller and better that with the same focus mind inputs would become readily available and easier for the mass public.
The new Google glasses look somewhat promising to the new computer device and is a step towards the grand view of contact lenses the government is trying to figure out.
Before I get extreme I would think the future of computing lies in BYOD. Bringing your own device that becomes your corporate computer and personal computer. This is an IT nightmare but is easily handled by instead of locking down each individual device, the lockdown has to happen on the network side. There also has to be a IPS/IDS system in place for anything unwanted that comes in from a device doesn't spread and IT staff are notified and asked to clean up the mess. With this in place then it makes it easy to impliment the corperate network outside of the building since everything is in place.
Now to state the extreme. I can see future computing edging towards implants. Devices that our body excepts and gives power to. With new devices in our bodies taking power away from normal functions the body and mind must be fit and well.
check this link out for more info on this idea:
http://r.smartbrief.com/resp/dDoHDXukdwewfKhQfDajegcOUrLX?format=standard
Think of just some of the implimentations of genetic computing: a computer that knows what you eat and how it is affecting your body. Browsing the WWW with just the swipe of your eyes.
Think how that would change our learing atmosphere. General learning is no longer needed. A computer inside of us already knows it all and can show us whenever wherever. Is this a bad thing? If everyone has all the knoweldge then it comes down to making right decisions with the knowledge. Instead of needing to spend our young years learning the general knowledge we start were the last of us ended, not needing to catch up. We just sped up elementary through college learning to seconds instead of 2 decades. We don't have to repeat any learning. We get relevant information to the task at hand when we need it, not needing to learn useless information in what we want to go into.
Is this scary? sure I have focused on the good, but is the bad really relevant? is whomever saying this is bad just scared of what will happen? All I can say about the fear of unkown is look at Columbus or any adventurer. They had fear. They conquered their fear and look at where it got human life.
1. laptop design with keyboad that is detachable
2. Super slim design of ultra notebooks
3. multi-touchable screen
4. Keyboard is the fancy seperated key design you see on all the new laptops
5. The keyboard doesn't have a touch pad. Why would you ever use the touchpad?
So in essence think of the Asus Transformer, slim it down a bunch, take off the touch pad mouse on the keyboard and you got the new wave of computing.
I personally think we need to find a new way of inputing to a computer. The keyboard is great and I don't see it leaving any time soon for normal computing but there needs to be a new way with the way our computer devices are changing. A keyboard isn't fitting in with tablets and phones sense it is just to big. The touch screen keyboard is nothing like a regular keyboard and you end up pecking out your words.
Speech is looking promising since it can be done easily and without any extra device other than a tiny microphone in the device. I think a grand hoop from keyboard to voice was what Apple was imagining with Siri...It just didn't explode like the smart phone or tablet did. I imagine this is because no one wants to be seen talking to a phone telling it what to do in a public area.
So that leaves mind input. We have been able to control station changing with mind control, why not look into text input and "mouse" scroll movements. I think just as we looked into seriously making a smart phone smaller and better that with the same focus mind inputs would become readily available and easier for the mass public.
The new Google glasses look somewhat promising to the new computer device and is a step towards the grand view of contact lenses the government is trying to figure out.
Before I get extreme I would think the future of computing lies in BYOD. Bringing your own device that becomes your corporate computer and personal computer. This is an IT nightmare but is easily handled by instead of locking down each individual device, the lockdown has to happen on the network side. There also has to be a IPS/IDS system in place for anything unwanted that comes in from a device doesn't spread and IT staff are notified and asked to clean up the mess. With this in place then it makes it easy to impliment the corperate network outside of the building since everything is in place.
Now to state the extreme. I can see future computing edging towards implants. Devices that our body excepts and gives power to. With new devices in our bodies taking power away from normal functions the body and mind must be fit and well.
check this link out for more info on this idea:
http://r.smartbrief.com/resp/dDoHDXukdwewfKhQfDajegcOUrLX?format=standard
Think of just some of the implimentations of genetic computing: a computer that knows what you eat and how it is affecting your body. Browsing the WWW with just the swipe of your eyes.
Think how that would change our learing atmosphere. General learning is no longer needed. A computer inside of us already knows it all and can show us whenever wherever. Is this a bad thing? If everyone has all the knoweldge then it comes down to making right decisions with the knowledge. Instead of needing to spend our young years learning the general knowledge we start were the last of us ended, not needing to catch up. We just sped up elementary through college learning to seconds instead of 2 decades. We don't have to repeat any learning. We get relevant information to the task at hand when we need it, not needing to learn useless information in what we want to go into.
Is this scary? sure I have focused on the good, but is the bad really relevant? is whomever saying this is bad just scared of what will happen? All I can say about the fear of unkown is look at Columbus or any adventurer. They had fear. They conquered their fear and look at where it got human life.
Subscribe to:
Comments (Atom)