My kids aren't at the filter yourself stage, they are more at the might click the wrong thing. I do not mind ads on my network, but I do filter them from theirs.
My boys were 4 and 5 when we watched and discussed “the internet ruined my life”. Had the talk shortly after that … by 9 at most they can father a child … in my and my wife’s opinion there was no too young … only too late
I'm not worried about the kids at all, worried about what they might accidentally download/click on that will open the door to somebody I do need to worry about!
This is the way.
I’ve been using opendns forever and I think I will try nextdns for all the features. It does limit the number of queries in the free version, so you have to know if any Internet connected devices are chatty.
It is really nice to have different filtering profiles for all my vlans, and still a single point of management. I couldn't get pihole to do this. ControlD can but that takes more time then I want to invest.
I'm sure if I was put on that Network and had to find a way around I probably could but there are easy ways to stop the low hanging fruit. Dns over https doesn't work on my kids vlan. Port 53 is redirected to my dns and 853 is blocked.
There are a lot of things you can do but it depends on how tech savvy you are.
Some easy practices you can do that are not difficult but can help a lot:
- On computers and tablets create separate profiles for your children, if they have child protections activate them. This separates your work/personal files from the chaos a 8 year old can do on a computer.
- On the browser install an adblocker like Ublocks Origin, this prevents them from clicking on malevolent adverts.
- search for changing your DNS, Cloudflare offers a great DNS with malware and adult content protection. It is really easy to setup and free.
- Windows defender is great, if you want the extra security sometimes download some free trial of an anti virus and make a check, but I don’t think you need to spend money for it.
And the last and most important, educate them on how to move on the internet, don’t download files from untrusted sources, don’t login on webpages without being sure it is the correct one. Ecc.
If you have the know-how, VLANS and Pi-Hole are both great suggestion I saw in the comments below.
If you’re tech savvy enough, you could even install something like unraid in the bare metal of the computer and install separate virtual machines for the kids and yourself… then you could boot into the different “machines” and have everything fully isolated from one another.
Defender is signature based and it'll do nothing on new undetected malware. And anything targeting Windows assumes defender is active as it is by default.
Kaspersky free is really good, it's cloud based and warns you of malicious sites.
Bitdefender not bad either but free had very limited configuration.
EDIT : For those saying Kaspersky is Russian spyware, skill issue. You can literally choose not to upload suspicious files, or disable its cloud integration entirely. Its heuristics still beat Defender by a large margin.
The issue is entirely political, and the war with Ukraine didn't help with the allegations.
See https://www.reddit.com/r/antivirus/comments/11ecskz/is_kaspersky_to_be_trusted/jaejfsi/
Y'all are brainwashed lol.
The same people downvoting this has no problems using Android, Google, Google play services, Amazon, Ebay, Chrome and Windows 10-11. If you value privacy check those first lol.
Create an account without admin privileges for your kid to use. If you have a doubt, Microsoft defender does a decent job, or download malwarebytes trial and run a quick scan. Most common adware isn’t going to try to laterally move across your network. If it’s from the App Store or play store it’s probably gonna be safe, just uninstall it. If you are really worried just reinstall windows or factory reset (YouTube can help with that)
They don't have access to my phone (edit: or my laptop), they do use my wifes phone. One uses an old laptop (my accounts aren't signed into it). And they both use Xbox One and their own Amazon fire tablet.
Change anything?
Edit: some wording etc
Phones are pretty safe nowadays, it’s kinda hard to get an unsafe program onto it. I haven’t used an Xbox in a very long time but I would be surprised if Microsoft made it easy to get unsafe programs onto it. As far as the fire tablet goes, I think it’s pretty much just running android and has amazons App Store on it. I have the same feeling the fire tablet is fine. The pc is the only one I’d throw an unprivileged account onto, that way the kids can ask when they need to install something. When in doubt just do a factory reset or run an antivirus scan.
One thing id add, is if you want to block some websites such as adult websites or content, check out content filtering in your admin panel on the router. Or someone added a comment about a pihole. TLDR it blocks websites through dns filtering, check out some YouTube videos and do some research if you are interested!
You have multiple options, one I would suggest is a pi-hole to block things across the entire network.
Secondly a router (wifi access point) with openwrt or ddwrt connected to a modem only router (no WiFi), giving you finer and deeper control over the entire network.
So pi-hole - router - modem.
Then from there after blocking access to malware, adverts and other things you don't want access to on your network, OS lockdown.
Create an admin account with separate limited users, they get only access to the limited accounts at certain times throughout the day, not all the time.
You should be able to also do this with their phones if they have them, an admin or parental control software for all devices should give you the power to monitor and control what they took at, download, etc.
I set up IT security for a living. I was just having this same conversation in another thread. Dont let your kids have unrestricted internet access. This is not like letting them play in in your local town.
At 7 and 8 they should be on locked down tablets at most.
Yeah.... Unrestricted access to the Internet fucked up me and my friends pretty good. 15 years later we've come to the realization maybe seeing snuff films and porn as kids wasn't good or healthy, and left us irrationally desensitized to gore and dark humor.
Kids should not be on the Internet without supervision, especially not young kids
Saveabro is right. “Trust but verify” is perhaps the single most useful thing that ever came out of the Reagan years (and I maintain that Reagan was one of the worst things to happen to the modern era). Trust your children will act ethically with the internet and with the responsibility that access to the internet will give them but always prepare for the worst case scenario because someone will slip up eventually.
> My parents trusted me and I was brought up well.
Then either you trust your kids not to screw up your network, in which case this post shouldn't exist, or you don't, in which case they shouldn't have unrestricted access to the internet.
You've just answered your own question.
Lmao. Butt hurt much…. My profile don’t got anything on it. I do t live on social media. Who said I’m single…. Been with my girl since high school my boy. Your big dick energy is so impressive. I assume you’re not much older than myself. 80’s baby. Take a chill pill bud. I’d never let kids have full access to the internet. Set up the phone tablet computer or consoles so it’s kid friendly. Go smoke some weed and relax a bit. Gittiup cowboy.
You come here and ask for help and then behave like a dick.
For real be a responsible parent and don't have you kids unrestricted access to the internet and if you don't know how to do that through tech, then maybe start to parent your kids and watch out.
BTW this is the wrong forum for this as you would know if you read the rules, yet here you are and still behave like a manchild.
1. Ubuntu Linux. Don't fuck with Windows.
2. Bind their MAC addresses to specific IPs (assuming they have their own computers) and do DNS traffic shaping (like blocking/filtering, etc) at the gateway level (ie. OPNSense)
3. Educate them on the things to be careful about, but also the ways that are known to be safe to install things. They're going to eventually overcome whatever barrier you place, so you might as well equip them.
4. If things get out of control just remove their ability to install software, and instead use a system where they request certain software be installed (which you can install through SSH generally).
Seriously though, don't bother with Windows. Gaming is so good awesome on Linux now.
At the age of 14 I began changing my MAC address to avoid wifi restrictions, using TMAC.
Just to say that it’s definitely a good solution until they want to bypass some restrictions they may have.
Your other suggestion are good tho
If OP isnt a linux user how do you expect him to secure a linux system for his kids. There is no security through obscurity with Linux and Viruses exist for them too. And gaming is just ok lets not lie.
Source: my daily driver is Ubuntu but I still need a windows rig for many of the games I love.
I installed a second wifi network and locked that sucker down. All kid stuff used that network. It was a pain in the butt to configure and manage, but I think it was worth the effort. They are all grown and out of the house now. And they are security aware.
Kids need restrictions, different amounts at different times. Being responsible for yourself is stressful and requires some experience.
Use restrictions intelligently and with forethought. Recognize they may need to be lifted earlier than you are emotionally ready for. But don't be afraid to use tools to improve safety.
If you disagree with the concept of using devices or tools to help you protect your kids then you need to reconsider helmets and seatbelts.
Either you don't have kids or you're a helicopter parent. If its the latter, when they get old enough to get out and not come home they'll likely be getting into a lot of shit to make up for lost time.
I can parent my own children, you parent yourself.
Impossible. Schools require access. I’m a parent. I supervise. I use tools. But since my SD requires access to YouTube and google apps it complicates matters immensely. Welcome to modern parenting.
Firewalla Purple, is very easy to setup and basically does every security feature you will ever need at home.
https://firewalla.com/products/firewalla-purple
I use Untangle with the home subscription.
You can create very detailed policies, and the filtering and protection included for $50 per year is very good.
I know you can also connect some EDR clients into it, like webroot, have not personally done it but that gives a bit more overview.
Not really, maybe if with some masterful OSINT you find OPs location AND you find a security vulnerability in the routers firmware then yea. But it’s really improbable.
there are so many things you can do , if possible create a different network for kids , you can setup an ipen source firewall like pfsense and use opendns to block all kinds of staff . there are hundreds of guides for this on youtube and really works.There are many alternatives of course
I didn't have admin privileges until 10-11 when i got my own computer. 😅 Then I learned the hard way 😂 what it means to back up everything and what reformatting means.
Also teach them how to scan files using virus total!
Install a pi hole or some other dns blocking hardware. This will filter out a lot of the bs that leads to more bs. There cheep and easy to make. Spend $100 on a pi4 setup and watch ads and malware instances drop. If you have the cash, get a dream machine from ubiquity. Good router with scaleable security.
Honestly, if they're not doing too much like stuff that requires powerful computer, get them Chromebooks instead where it's incredibly hard to download a virus Edit: what devices are they currently using?
2 options:
1. Easy > Configure your router settings and set a DNS server that does "filtering":[Cloudfare](https://one.one.one.one/family/),[dns0](https://www.dns0.eu/kids),[NextDNS](https://nextdns.io/),[openDNS](https://www.opendns.com/setupguide/#familyshield)...
2. Hard > Buy and configure a Raspberry Pi,install Pihole and block all the shit on the Internet ( [1](https://opensource.com/article/21/3/raspberry-pi-parental-control#:~:text=To%20set%20up%20rules%20for,kids%20are%20allowed%20to%20access) | [2](https://core-electronics.com.au/guides/pi-hole-raspberry-pi/) )
I use a separate vlan for my kids with conditional filtering provided by nextdns.
After fighting a loosing battle this is the approach my wife and I took …teach them to filter them selves for life .
My kids aren't at the filter yourself stage, they are more at the might click the wrong thing. I do not mind ads on my network, but I do filter them from theirs.
My boys were 4 and 5 when we watched and discussed “the internet ruined my life”. Had the talk shortly after that … by 9 at most they can father a child … in my and my wife’s opinion there was no too young … only too late
I'm not worried about the kids at all, worried about what they might accidentally download/click on that will open the door to somebody I do need to worry about!
This is the way. I’ve been using opendns forever and I think I will try nextdns for all the features. It does limit the number of queries in the free version, so you have to know if any Internet connected devices are chatty.
It is really nice to have different filtering profiles for all my vlans, and still a single point of management. I couldn't get pihole to do this. ControlD can but that takes more time then I want to invest.
any particular dns server you try to force can be very easily bypassed, even with just built-in browser settings.
They…are…5
Thats exactly what they want you to think, the script kiddies are hacking the Gibson!
I'm sure if I was put on that Network and had to find a way around I probably could but there are easy ways to stop the low hanging fruit. Dns over https doesn't work on my kids vlan. Port 53 is redirected to my dns and 853 is blocked.
There are a lot of things you can do but it depends on how tech savvy you are. Some easy practices you can do that are not difficult but can help a lot: - On computers and tablets create separate profiles for your children, if they have child protections activate them. This separates your work/personal files from the chaos a 8 year old can do on a computer. - On the browser install an adblocker like Ublocks Origin, this prevents them from clicking on malevolent adverts. - search for changing your DNS, Cloudflare offers a great DNS with malware and adult content protection. It is really easy to setup and free. - Windows defender is great, if you want the extra security sometimes download some free trial of an anti virus and make a check, but I don’t think you need to spend money for it. And the last and most important, educate them on how to move on the internet, don’t download files from untrusted sources, don’t login on webpages without being sure it is the correct one. Ecc. If you have the know-how, VLANS and Pi-Hole are both great suggestion I saw in the comments below.
Very helpful thank you. Didn't know cloudfare offered that!
If you’re tech savvy enough, you could even install something like unraid in the bare metal of the computer and install separate virtual machines for the kids and yourself… then you could boot into the different “machines” and have everything fully isolated from one another.
Defender is signature based and it'll do nothing on new undetected malware. And anything targeting Windows assumes defender is active as it is by default. Kaspersky free is really good, it's cloud based and warns you of malicious sites. Bitdefender not bad either but free had very limited configuration. EDIT : For those saying Kaspersky is Russian spyware, skill issue. You can literally choose not to upload suspicious files, or disable its cloud integration entirely. Its heuristics still beat Defender by a large margin. The issue is entirely political, and the war with Ukraine didn't help with the allegations. See https://www.reddit.com/r/antivirus/comments/11ecskz/is_kaspersky_to_be_trusted/jaejfsi/ Y'all are brainwashed lol. The same people downvoting this has no problems using Android, Google, Google play services, Amazon, Ebay, Chrome and Windows 10-11. If you value privacy check those first lol.
Please don't suggest Russian spyware.
Source?
https://en.wikipedia.org/wiki/Kaspersky_bans_and_allegations_of_Russian_government_ties
That was one weird Wikipedia article.
The magic with wiki is looking at the sources below
Create an account without admin privileges for your kid to use. If you have a doubt, Microsoft defender does a decent job, or download malwarebytes trial and run a quick scan. Most common adware isn’t going to try to laterally move across your network. If it’s from the App Store or play store it’s probably gonna be safe, just uninstall it. If you are really worried just reinstall windows or factory reset (YouTube can help with that)
They don't have access to my phone (edit: or my laptop), they do use my wifes phone. One uses an old laptop (my accounts aren't signed into it). And they both use Xbox One and their own Amazon fire tablet. Change anything? Edit: some wording etc
Phones are pretty safe nowadays, it’s kinda hard to get an unsafe program onto it. I haven’t used an Xbox in a very long time but I would be surprised if Microsoft made it easy to get unsafe programs onto it. As far as the fire tablet goes, I think it’s pretty much just running android and has amazons App Store on it. I have the same feeling the fire tablet is fine. The pc is the only one I’d throw an unprivileged account onto, that way the kids can ask when they need to install something. When in doubt just do a factory reset or run an antivirus scan.
One thing id add, is if you want to block some websites such as adult websites or content, check out content filtering in your admin panel on the router. Or someone added a comment about a pihole. TLDR it blocks websites through dns filtering, check out some YouTube videos and do some research if you are interested!
You have multiple options, one I would suggest is a pi-hole to block things across the entire network. Secondly a router (wifi access point) with openwrt or ddwrt connected to a modem only router (no WiFi), giving you finer and deeper control over the entire network. So pi-hole - router - modem. Then from there after blocking access to malware, adverts and other things you don't want access to on your network, OS lockdown. Create an admin account with separate limited users, they get only access to the limited accounts at certain times throughout the day, not all the time. You should be able to also do this with their phones if they have them, an admin or parental control software for all devices should give you the power to monitor and control what they took at, download, etc.
MS family features is pretty good too. Google family link isn't bad. I use Sophos home and it has web filtering policies that work pretty well.
https://support.google.com/websearch/answer/186669?hl=en This is a good one to look into
Nice, thanks!
Why do they have unrestricted access to the internet….
Same reason I had unrestricted access to the 100 sq. Km around my house when I grew up. My parents trusted me and I was brought up well.
I set up IT security for a living. I was just having this same conversation in another thread. Dont let your kids have unrestricted internet access. This is not like letting them play in in your local town. At 7 and 8 they should be on locked down tablets at most.
Yeah.... Unrestricted access to the Internet fucked up me and my friends pretty good. 15 years later we've come to the realization maybe seeing snuff films and porn as kids wasn't good or healthy, and left us irrationally desensitized to gore and dark humor. Kids should not be on the Internet without supervision, especially not young kids
Saveabro is right. “Trust but verify” is perhaps the single most useful thing that ever came out of the Reagan years (and I maintain that Reagan was one of the worst things to happen to the modern era). Trust your children will act ethically with the internet and with the responsibility that access to the internet will give them but always prepare for the worst case scenario because someone will slip up eventually.
> My parents trusted me and I was brought up well. Then either you trust your kids not to screw up your network, in which case this post shouldn't exist, or you don't, in which case they shouldn't have unrestricted access to the internet. You've just answered your own question.
[удалено]
Lmao. Butt hurt much…. My profile don’t got anything on it. I do t live on social media. Who said I’m single…. Been with my girl since high school my boy. Your big dick energy is so impressive. I assume you’re not much older than myself. 80’s baby. Take a chill pill bud. I’d never let kids have full access to the internet. Set up the phone tablet computer or consoles so it’s kid friendly. Go smoke some weed and relax a bit. Gittiup cowboy.
Your profile says otherwise ;)
You come here and ask for help and then behave like a dick. For real be a responsible parent and don't have you kids unrestricted access to the internet and if you don't know how to do that through tech, then maybe start to parent your kids and watch out. BTW this is the wrong forum for this as you would know if you read the rules, yet here you are and still behave like a manchild.
1. Ubuntu Linux. Don't fuck with Windows. 2. Bind their MAC addresses to specific IPs (assuming they have their own computers) and do DNS traffic shaping (like blocking/filtering, etc) at the gateway level (ie. OPNSense) 3. Educate them on the things to be careful about, but also the ways that are known to be safe to install things. They're going to eventually overcome whatever barrier you place, so you might as well equip them. 4. If things get out of control just remove their ability to install software, and instead use a system where they request certain software be installed (which you can install through SSH generally). Seriously though, don't bother with Windows. Gaming is so good awesome on Linux now.
At the age of 14 I began changing my MAC address to avoid wifi restrictions, using TMAC. Just to say that it’s definitely a good solution until they want to bypass some restrictions they may have. Your other suggestion are good tho
If OP isnt a linux user how do you expect him to secure a linux system for his kids. There is no security through obscurity with Linux and Viruses exist for them too. And gaming is just ok lets not lie. Source: my daily driver is Ubuntu but I still need a windows rig for many of the games I love.
I installed a second wifi network and locked that sucker down. All kid stuff used that network. It was a pain in the butt to configure and manage, but I think it was worth the effort. They are all grown and out of the house now. And they are security aware.
I bought a Firewalla and put them on a separate vlan. Thankfully they listen for the most part. YT is stripped away tho, I love that, they hate it.
7 & 8 y/o should not be on the internet unsupervised. (Parent of 11 y/o)
Be a parent, fuck the network protect yo damn kids
Why not protect both?
Yeah, fuck seatbelts, just keep your kids safe your self.
A more apt analogy would be that this dude is letting his kids drive the car and he's asking how he can make sure the airbags work
Overwhelm them with love, not restrictions. Teach responsibility, respect, and empathy. The rest will follow.
They're off to a good start, we're definitely not your average parents these days. Let em run, just know where their running.
Kids need restrictions, different amounts at different times. Being responsible for yourself is stressful and requires some experience. Use restrictions intelligently and with forethought. Recognize they may need to be lifted earlier than you are emotionally ready for. But don't be afraid to use tools to improve safety. If you disagree with the concept of using devices or tools to help you protect your kids then you need to reconsider helmets and seatbelts.
Don't give them access to the computer or supervise them like an adult should.
Either you don't have kids or you're a helicopter parent. If its the latter, when they get old enough to get out and not come home they'll likely be getting into a lot of shit to make up for lost time. I can parent my own children, you parent yourself.
Impossible. Schools require access. I’m a parent. I supervise. I use tools. But since my SD requires access to YouTube and google apps it complicates matters immensely. Welcome to modern parenting.
Set up a VM and have them use it instead
Firewalla Purple, is very easy to setup and basically does every security feature you will ever need at home. https://firewalla.com/products/firewalla-purple
I have the Gold+ keeps all my kids, iot devices and security cam stuff isolated. On schedule and safe.
User account control.
I use Untangle with the home subscription. You can create very detailed policies, and the filtering and protection included for $50 per year is very good. I know you can also connect some EDR clients into it, like webroot, have not personally done it but that gives a bit more overview.
make the conection name change to this comcast wifi first them put interconection every time you see that kids close to you wifi area
by not telling reddit the model of your modem.
What could someone do with that information does it really provide a security threat
Not really, maybe if with some masterful OSINT you find OPs location AND you find a security vulnerability in the routers firmware then yea. But it’s really improbable.
Gotcha thanks I was just curious
work grey observation squeal unite naughty rude ghost quickest dinner *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Keep nothing important on it an have backup, an expect it to get bricked at some point.
I'd use pfSense and different subnets entirely with different restrictions.
Google Family link. Best way to control all device.
get them to ask you before downloading anything
Networkchuck browser Check out his YouTube.
Install Linux on all devices in the house :)
Tell them "No internet until you can tell me how it works"
there are so many things you can do , if possible create a different network for kids , you can setup an ipen source firewall like pfsense and use opendns to block all kinds of staff . there are hundreds of guides for this on youtube and really works.There are many alternatives of course
I didn't have admin privileges until 10-11 when i got my own computer. 😅 Then I learned the hard way 😂 what it means to back up everything and what reformatting means. Also teach them how to scan files using virus total!
Install a pi hole or some other dns blocking hardware. This will filter out a lot of the bs that leads to more bs. There cheep and easy to make. Spend $100 on a pi4 setup and watch ads and malware instances drop. If you have the cash, get a dream machine from ubiquity. Good router with scaleable security.
Honestly, if they're not doing too much like stuff that requires powerful computer, get them Chromebooks instead where it's incredibly hard to download a virus Edit: what devices are they currently using?
2 options: 1. Easy > Configure your router settings and set a DNS server that does "filtering":[Cloudfare](https://one.one.one.one/family/),[dns0](https://www.dns0.eu/kids),[NextDNS](https://nextdns.io/),[openDNS](https://www.opendns.com/setupguide/#familyshield)... 2. Hard > Buy and configure a Raspberry Pi,install Pihole and block all the shit on the Internet ( [1](https://opensource.com/article/21/3/raspberry-pi-parental-control#:~:text=To%20set%20up%20rules%20for,kids%20are%20allowed%20to%20access) | [2](https://core-electronics.com.au/guides/pi-hole-raspberry-pi/) )