Friday 5 June 2009

Squid, SquidGuard and OpenDNS



Use OpenDNS

While my kids are both very young at the moment, Josh will be starting at infant school in September, and from our recent parent's introductory tour of the school they will be providing a good grounding in IT Literacy, including Internet familiarity.

As my working life revolves around Computer System Administration, I have more infrastructure than most at home - I host my own email, I have a web server and SSH VPN server, I have three seperate networks etc. It also means I spend a fair amount of time testing and evaluating software and services at home myself and with my family.

My latest focus for my home networks has been to start looking at how I can give my children Internet access while protecting them from the destructive and criminal elements of the Internet but without getting in the way of them making use of what is a very rich source of knowledge and experience.

There are two approaches I am looking at. Firstly, I am implementing Squid and SquidGuard on my Linux firewall.

I have these both installed, and have been looking at getting a set of policies put together to manage it all - currently I am looking at web-based management interfaces for the combination of Squid and SquidGuard (I'm sure there are a few) but haven't made much headway as yet. Watch this space for more as I find time to play.

Secondly, to back it up (and because the site definitions are likely going to be maintained much more often) I have already configured OpenDNS for my home LAN. Initially this was with the intention of speeding up name resolution from home but the service, to my pleasant surprise, includes much more functionality than a simple DNS lookup service.

First impressions of the OpenDNS service are very good - and the added bonus features (such as DNS Aliases - for example I could link "email" with my webmail server, "news" with the BBC News web site etc) are already proving useful. I was not looking for this service to offer the same results as my Squid/SquidGuard combination, but that would seem to be the result. A complementary set of protections, and an extra layer of safety against viruses can be no bad thing.

As a no-cost solution I would recommend people look at this service - in my opinion it compares well against some of the paid-for "Net Nanny" style products out there on the shelves, and will complement almost any combination of security measures you implement to protect your Internet activities.

No comments: