Netgear and OpenDNS to block porn from the cloud

There are lots of Internet filtering products on the market that enable parents to block certain types of websites such as pornography, hate sites, or sites that promote alcohol or drug use. Most of these products run on PCs or Macs by sitting between the operating system and the browser and checking any requested sites to make sure they're not blocked. The products generally do a good job blocking requests from protected PCs, but most don't work with game consoles, Wi-Fi-equipped iPhones or iPod Touches, or any other device that isn't running the software.

Netgear is about to ship routers designed to simplify the process by allowing parents to block content on any device using the home's wired or wireless network.

Netgear routers to offer in-cloud filtering

(Credit: Netgear)

The new routers, which will be available in early September, will be equipped with firmware that configures them to use OpenDNS' domain name server to look up the actual IP address of any site someone tries to visit. If that site isn't on the blocked list, it will be displayed. But if a parent has blocked that site, the user will instead be sent to a page that informs them that the site they tried to access is blocked.

Some existing Netgear routers can be upgraded with the new OpenDNS-compatible firmware starting August 10th.

Because the filtering takes place at the router level, it works with any device in the household that uses that router including Web-enabled game consoles and Wi-Fi mobile devices. It won't, however, work with devices that don't use the home network such as an iPhone set up to use the 3G cellular network.

Like other filtering products, parents have control over the type of content blocked and have the ability to turn it off so that it doesn't prevent mom or dad from visiting any sites. There is also a "white list" feature that allows parents to exclude any site from the blocked list. Because the blocking lists are "in the cloud," parents can configure the filter from anywhere.

Before employing any parental control system, I urge parents to think about how they will or won't fit in with your family. Consider the age of the child, the child's Web surfing habits, the types of risk your child takes, and what you plan to say to your children about the filtering product. Parents should tell their kids that they're using filters and explain why they think they're necessary. Also, parents should never rely on filters as the only way to protect children--parental involvement is still important. If you decide to use a filter, consider weaning kids from them as they enter their teenage years. Eventually, your kids will be on their own and part of a parent's job is to help a child make their own good decisions. You can't rely on filters forever.

For details about the service, I spoke with OpenDNS founder & CTO David Ulevitch.

Listen now: Download today's podcast

[protagonistic]

How long will it take the kids to realize all they have to do is bypass the router and hook directly to the internet? Then the parents will have to pay someone to remove all the malware that was installed on the computer.

[limaxray]

They wouldn't even need to do that much - all that would need to be done is to manually change the DNS on the local machine. Basically, once the kid learned how to use Google, he could easily read how to bypass it.

[omnichad]

@limaxray Let's hope that they at least planned for the changing of DNS servers, and the router can intercept those as well.

[jwuhavnfun]

in theory if the dns setting is done at the router, that should overwrite whatever setting is done on a pc. but if kids can go into the router and change the dns setting, that's a different story

[Pete Bardo]

Please explain what this has to do with "The Cloud". Or have you redefined the term for this article?

[timber2005]

"The Cloud" reffers to the word "internet" with one space and various different letters ;)

[larrymagid]

The cloud as in the filtering technology is on OpenDNS's servers, not on the PC.

[cvaldes1831]

I'm tired of people replacing "cloud" for "Internet" or "online." It's really a buzzword bingo term at this moment.

That said, this is not such a bad idea, being able to manage blacklists online. I'm using a script on my Tomato-powered Buffalo router that features DNS cache poisoning; it updates the host list every eight hours. I don't have anything to say in what gets added to the blacklist and managing the whitelist on the router isn't terribly intuitive. It's good to see that some router manufacturers are providing better tools/services for this stuff these days.

[gefitz]

Thank you for that last paragraph. For once, an article about filtering that acknowledges that they are simply a tool, not a solution.

[ddhboy]

I'm sure that the kids would just log into the router and disable the feature anyway, or get around it via proxy like they always have.

[larrymagid]

In theory at least the kids would need the password to log on to the router.

[rollcage]

A lot of routers can be set to manufacturer's settings (aka password reset) by holding the reset or power button for an extended period of time. Supposed to be used in case you forget your password, but could be used to get around one and then change the settings to what you'd like.

[cvaldes1831]

"A lot of routers can be set to manufacturer's settings (aka password reset) by holding the reset or power button for an extended period of time."

Which is why corporate IT guys keep networking hardware in locked rooms and closets. Computer security begins with physical security.

[ikramerica--2008]

And when the kid does this, you take action.

Seriously, it's not like it's some stranger hacking you. If the kid resets the router, you can take their computer away as punishment, and set it back up.

[Sprzout]

You know, seriously, I REALLY doubt that parents are going to know how to utilize this. I work for an internet company, doing tech support. I talk with people day in and day out that have no idea how to hook up routers, what a router is ("You mean that blue & black box with the antennas?"), how to set security up on it...Yet they have them so their kids can go online with their game systems and computers. Half the time the kids have set up the routers.

Most of what this article refers to is putting the security in the hands of parents. Parents who are buying a router with this "feature" (and geez, it's not that big a feature - my Linksys router that I bought 2 years ago had the capability for parental control, but I had to read up on it on Linksys' website) ARE buying it because they either 1) don't trust their kids, or 2) don't want to act as a parent and prevent their kids access to the internet. They want an easy way out, and are content to live in their little world.

I went to OpenDNS's website recently. Within 2 min, I had changed my DNS server on my computer, provided by their support pages. I didn't need to log in with a username/password to do so, and that DNS server is allowing me to bypass the DNS server that my router is running. If I can do it in 2 min. by reading documentation, what's to stop a 15 year old kid from doing the exact same thing to get around what OpenDNS is trying to do? All they'd have to do is find a different free DNS service (or contact their ISP for a list of DNS servers) to bypass OpenDNS' filtering system.

Big security holes in the system, just as others have pointed out.

[Toothbuck]

Why wouldn't parents just use a solution like Untangle? It's not that hard to setup, provides a lot more features, and it's free - assuming you have an extra system with 2 nics laying around.

[amiller77--2008]

Netgear wireless routers have always allowed blocking by key word, or domain names, which is why I've always purchased their brand. Other brands, when I checked in to them, have only allowed a very limited number of words or addresses blocked, or no blocking at all. I don't understand why having the content blocking in the "cloud" is any better than having the blocked list stored in the router itself, except that it can be set up or adjusted off site.

[jwuhavnfun]

content blocking by keyword in the router is applied to all computers connected to the router. having the block list stored in teh "cloud" allows it to be customized so each person has her own setting

[arshield]

I use OpenDNS for a variety of reason, one of them is router based filtering. Yes you can get around it. No filtering works when you are trying to get around it. But it does work for accidental stuff, pop up ads, etc. I don't know what extra they have done to make this easier but I have been using it for several years with a variety of routers (at least one or two were netgear). Took me about 3 minutes to set it up. I have some tech background but it really wasn't that hard before.

[larrymagid]

I think your comment makes a lot of sense. I have no doubt that this solution will keep young children from bumping into sites they shouldn't visit but I also have confidence that smart teens will find a way around it as they do with other filters. The best filter doesn't run on a device but in a kid's head. Filtering is no substitute for education and parenting.

[krosafcheg]

1. Cloud is a buzzword to get you here in the first place.
2. OpenDNS is great.
3. Hosts files are free and work from known lists publicly available.
4. Netgear routers already have filtering options.
5. Linksys routers flashed with Tomato do even better.
6. Computer dorks like us are not the mass purchasing public.

[ikramerica--2008]

Why do you need to use a router for this? Is it simply that the router updates the IP address automatically in the OpenDNS system? Can't you just put the OpenDNS addresses in any router config, then leave it alone?

[larrymagid]

Yes you could do this in OpenDNS with any router but most parents would have a hard time doing it. Netgear makes it a lot easier.

[ikramerica--2008]

It's simple. OpenDNS makes it simple. Most people just don't know about it.

[siteriver]

This is actually a great idea! My daughter now uses her Nitendo DS to surf to some sites - I manually set my router to use OpenDNS but a lot of my neighbors wouldn't know where to start. I have to get after some of them for broadcasting their wireless access with no password :-)

[JustMe222]

Keyword blocking at the router level is WAY TOO EASY to bypass. My 8 year old son with autism figured it out in about 5 minutes simply be adding spaces to word or misspellings which Google or any search engine offers corrections for. He wasn't looking up anything terrible, but had a few fixations on items we were interested in curbing.

[larrymagid]

In theory at least if your kid did find something inappropriate on a search engine, the router would prevent him from actually getting there That's not to say that a very clever kid can't find a way around the filter, but that's the way it's supposed to work.

[lasdkl]

You can use the extra features of openDNS right now by creating an account at opendns.com and setting yor dns servers to 208.67.222.222 and 208.67.220.220. You can use a dynamic dns client to tell the servers when your ip changes.

[dlh2009]

I like OpenDNS. I use it to filter out websites that are bad. I am glad to see that someone is teaming up with them to offer some kind of solution. I wish that ISPs would configure OpenDNS on their servers and allow their customers to change filter settings so it is some what a smart proof system.

[kwstiegert]

I purchased this router and have begun the process of setting up security.

-all settings are on the web and password protected.
-you can give every computer on the network an ip address and then restrict a range of them so that kids are not logged on at certain times of day. We sleep better knowing kids cannot log on period after our curfew.
-the blocking is poor. You have to enter words and domain names line by line. After putting in words and web page names, I tested it. Those words and pages are blocked-that was easy. But then in 60 seconds, I was around the security and into the nasty world of porn. Furthermore, porn sites are using domain names with non-porn words. For example, dancingbears.com is a porn site.


We need one of two things.

-Netgear needs a purchasable service that blocks only obvious porn sites with three or four levels of security.

-or-

the government should require all porn sites to have a domain identifier so that a product like netgear can simply put in the one identifier in its keyword list.

[jwuhavnfun]

it doesn't look like you're using the latest but instead are using what was built into the router, using keywords to create a block list, etc... That's not new nor unique only to netgear
i bought the product and was directed to www.netgear.com/lpc during the installation. download a few programs, one of them is the fw which i need to upgrade. i was then up and running in 5 minutes. interface is clean and easy to use, the best thing of all is that now i can remotely log into my security settings while i am away from home.