Slashdot Mirror
What Advice For a Single Parent As Server Admin?
Dragon_Eater, with "lots of experience setting up PCs and a passable knowledge of Linux but severely lacking in the server/client department,"
writes with a situation that probably faces a lot of parents:
I want to set up three kids, 12, 14, and 15, with newer computers so they will stop fighting for time on the one ten-year-old Dell they share now. I can get the individual computers and a server put together without any problems, but the computer-handicapped single parent needs to be able to do the following via an simple application/web page: View client computer status, On/off, sleeping etc.; Deny Internet access, not LAN, just the web; Schedule time usage of computer, ex. 7 am to 10 pm on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes; and Apply some kind of firewall filter for blocking undesired web content. And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task; Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms.
Given the lists above I am thinking about a Linux-based router/server machine and running Windows on the clients for game compatibility. I also know that a server and network boot client is possible but not sure where to start on that one."
you got a whole deal of connectivity/administration project there. quit your day job.
Read radical news here
One issue will be the specific games that they will be playing. If they require administrator access, you're going to have a big headache.
Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes
If they don't get admin access, then you can do some of that with windows scheduler.
For the amount of control you want to exert over your kids there, I'd suggest you ask some former Stasi or KGB man, I am sure they can give you all information you need about totalitarian control of resource usage and information flow. Don't just ask slashdot - go to the pros. You gotta think of the children after all.
Ubi solitudinem faciunt, pacem appellant.
Try to make deals with your kids? No offense but you sound almost militant. I think you need a whole team of techs to do all the stuff you mention too. :-)
If you're severely lacking in the client/server department you don't have a passable knowledge of Linux, which is primarily a server operating system. Perhaps you may have a "passing acquaintance with Linux as used on the Desktop".
Most of what you described can be done with a decent modern router. The hardware monitoring is a bit overboard, logs will tell you what you need to know in the event of a disaster. The force log out could be done via router too, just deny internet. Alot of this can be done with very little technical effort and more parenting skill. Most of this is going to take a dedicated person to monitor it over the course of the installation.
Good-bye
It's amazing what kids can figure out when it comes to getting by the restrictions their parents set forth.
They're going to learn about networking, proxies, virtual machines, ip spoofing etc. All because they want to get on Facebook. Which they will.
Use OpensDNS for the filtering and otherwise just monitor them yourself. This seem like more trouble than it's worth.
OpenDNS will work well for filtering sites, just set the DNS server on the computers you wish to filter to the OpenDNS servers and set up an account to filter stuff.
http://CryoLANparty.com/ A lan I'm staff on!
I've done similar stuff with the various Linux/BSD based firewall distributions. Smoothwall, IP-COP, pf-sense are some good ones that are free, extendable, and have great user/hacker communities for support.
this is really easily done! 1) talk to your kids, be a real parent!!! i don't think you'll ever have a case where little billy gets in trouble at 1pm and you need to disconnect his computer rights from work. 2) if they need to be punished unplug the computer and take it away. 3) have admin rights to their computers so you can keep tabs on what they're doing and can't hide anything from you.
problem solved.
next.
Sounds like this list needs to be broken down into multiple sub-functions.
Web filtering, site access control, and total Internet denial are functions for a web proxy or other content filter. You should be able to find a linux-based web proxy that will do what you want in that department.
Scheduling usage hours, forcing logout, etc. is the sort of thing you can do with "policy" objects if you had a Windows Domain Controller. That's probably outside of your budget. But, generally, you need to be looking for client/workstation policy tools.
The computer health monitoring stuff might be part of the policy tools, but might not.
the simplest and most effective block is to go over and shut the computer off. Take away the computer if you have to (or just the cords if that's too much trouble).
Really.
Sounds like your kids are working for a corporation, not living at home...
Sleep your way to a whiter smile...date a dentist!
Some of the things you mentioned involve different technologies, and not all of them free or cheap. PC management is different than Internet firewall and filtering, for instance. There is no one silver bullet, save one. Be a good parent and limit them by penalty of death. :)
That being said, at the firewall level, I recommend setting up a PC to run Untangle. It'll help with all the nasties and if you purchase Policy Manager, you can schedule their Facebook (or whatever) time any way you want.
The children are old enough.
I have an old PowerMac G4 ($200) that I run OS X Tiger Server ($70) and my kids all have accounts on my Macs with Parental controls that dictate the times the kidos can be on the computer. I use OpenDNS to restrict web sites.
It works great, it's not perfect, but I can also log the sites the kids go to so I can make sure they are not subverting the configuration. It's actually pretty easy to setup and does not take much time to administer. (.5hrs a week). My kids (9,11,14) all have skype accounts and my oldest has a facebook account as well. OpenDNS works great! I can customize it to the level needed.
KRR
You could save yourself a lot of time and do the job better by building character rather than trying to restrict them with technology. Ultimately teaching them how to use the internet responsibly and how to live responsibly is going to be the better way to go than trying to control what they can do and when. Both you and your children will be happier for it.
Kids will find a simple solution to this: they will simply start doing what you want them not to from their friends computers, whose parents are not that ... protective. Trying to control too much will achieve you less control actually. The kids need a parent that trust them and help them learn about the world out there, not a parent that will destroy their "immune" system (not necessarily in a biological way) by constraining them in a tech-bubble.
China allready has this
Any router with dd-wrt (if it can handle it) would do most of the above.
Where to start: Scrap all your ideas and start over.
Yes, everything you asked for can be done. The reality is though is that, with the amount of complexity you are asking for, you will be a full time sysadmin for them - you might as well quit your day job now.
Your setup is simply too complex for a non-techie (and to be honest, as a techie, I don't want to have to admin something that complex at home). You need to stop asking "can I" and ask "should I?"
Windows PCs joined to active directory can let you manage them, set logon hours, etc.
Why do you care to know if the PCs are sleeping/on/off/whatever?
A router running DD-WRT will let you deny internet access based on hours and/or PCs in a simple manner. To be perfectly honest, I hate the concept of internet filtering (by parents or otherwise) as I believe it is another step toward turning people into drones, rather than teaching them to think for themselves, so I'm not even going to offer any suggestions on that subject.
I agree with the other posters, the system you have suggested will end as follows:
1. The kids will learn how to hack around it. This can be a good thing or bad thing, depending on your point of view
2. The system is so complex it will never work and the parent will never use it as they have no clue
3. You will grow to hate it as it will take too much of your time.
That's a tall order for someone who's self proclaimed "computer-handicapped". I think you need a different approach:
1. Set a budget (say $100) ...
2. Tell the 15 year-old that the money is his, if he can set the server up appropriately, but
3. Give the 12 & 14 year-olds a nominal amount (say $1) for each hole/weakness they find and report and
4. Dock the "finders' fees" from the money given to the 15 year-old
5.
6. Profit!
The 15 year-old has an incentive to set up things honestly, the 12 &14 year olds have incentive to keep the 15 year old honest, and none of the children have an incentive to collude, as they're competing for the same pool, and won't be able to milk any more money out of Mom & Dad.
Mandriva has very easy to use admin functions that can allow you to shut off a fair amount of what you are trying to do. With Dos Box installed it will play older games well and can have WINE added for newer ones. I have used SUSE, Fedora and ubuntu and believe that mandriva has the best root/admin control functions for setting up and keeping a computer running while disallowing changes by a user. Just be sure to create a STRONG password since your kids will be trying every possible way to defeat your settings. Oh, don't let a LIVE disk lay around for them to find. They will defeat all of your efforts with that after a while of practicing....
Maybe a real solution is to place the computer in the living room where you can see them while they use it and shut it off all other times.
We use a program called SynchronEyes which does most of these things, allows you to see essentially thumbnails of what each machine is doing, see its status remote on/off etc. It's Windows only. I see they've changed their product. It's called SMART Sync now. I don't see pricing which is probably not good. Here's a link
It's a pretty front end for VNC like functionality which would be free/oss but nowhere near as easily set up (but I'd wager largely what people will say since you specifically mention Linux and Windows and it works on both). I'm not really an expert on this part, but SychronEyes has worked well, after I added it to a custom Ghost image for that lab and set the clients to use hostnames instead of usernames for identification. It might be overkill for what you need though.
Seriously! Just stop!
1. You either come up with a "normal" computer usage policy, you know, talking to your kids about stuff like porn, sex, appropriate computer policy in your house (better not be too strict on this one :P), purpose of getting them the computers, internet privacy, etc, or,
2. don't and the kids will get to all the "inappropriate" places anyway and may get you into more trouble than you ever imagined.
Frankly, you can't "filter" porn. If someone wants to get it, they will. Maybe this is one of the good sides of internet porn - parents forced to deal with sex-ed of their kids. Although most go the "easy way" and pretend it doesn't exist - "but I installed a filter!!"
Second, I would be much more nervous about insisting that your kids DO NOT use any of the file sharing software without prior permission, on case-by-case basis. Explain about the MAFIA, I mean, MPAA and the like on their lawsuit campaigns.
Regardless, your solutions are *parenting* human solutions, not technical ones.
I'm doing something similar but in our family, we've got a 7 and an 8 year old and a 3 year old, so it's a different "ball game".
In our situation, I don't bother trying to put Linux on any of their machines. I've found that for the younger kids, the vast majority of their time spent playing anything Internet/web-based involves Shockwave Flash based sites (or sites using other proprietary 3D player plug-ins). Unfortunately, nothing runs this stuff quite as well as either a Windows XP (or later) OS, or a newer Mac running a recent version of OS X.
I found a free add-on for Firefox called Kidzui that was pretty nice. It basically turns the browser into a "kids' browser" that has a "home page" with good suggested sites for them to visit, and lets them click and explore around in a big collection of known "kid safe" web sites. Basically, it doesn't allow going anyplace except sites they pre-approved, but they make the whole experience feel like the kid is just getting around the net without restrictions. Additionally, it can email the parent weekly stats on the sites they spent the most time using, etc.
If you're using a Mac, OS X has pretty nice parental controls built into the OS for things like not allowing use of the machine after certain hours. I didn't find Windows had nearly as nice of capabilities for that, out of the box (though Windows 7 was closer than any previous version of Windows to offering it).
Honestly, I'm not that "sold" on putting forth the effort of setting up a lot of centralized administration and maintenance for the machines on a small home network (like for 3 kids). You may as well put free anti-virus/spyware software on each computer and let them auto update themselves independently. The products that support centralized management of the AV software tend to be expensive and/or buggy. (You get weirdness like one box that gets out of sync with the server console, so you have to mess with things to get them to both be on the "same page" about the workstation's status again.)
If anything, I think it'd be worthwhile to image the drives of all the machines, once they're freshly set up with the OS and applications and configuration defaults you like. Then, if one gets screwed up, you can just wipe its drive and re-image at will from your network server. Typically, on a kids' PC, they don't have that much important data to worry about losing anyway. If they're doing most things on the net, the sites they use are saving their high scores, user profiles, and such.
... forget the techie crap, and try spending more time communicating with your children.
I'd rather have a kid who I know I can trust to turn off his PC for the night, than have to rely on tech control and surveillance.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
I work at a small cybercafe and I always thought that the system we use to administer the computers here would be great for someone with kids.
Try http://smartlaunch.com
comaservers@gmail.com
You know they make software that will indeed most of what you want. (There are limitations that I don't think you grasp though. For instance you can know that a computer is on, but only know what it isn't if it happened to tell you that it was about to change to sleep or off.)
But from where you are starting, if you want all of this within the next six months you will need some deep pockets. You can either purchase enterprise software to help, or quit your job and learn to do it yourself. But you are asking for control many a full time admin would love to have but can't afford.
You CANNOT use technology to solve a management problem. This is the same thing - you can't use technology to solve your parenting issues. Your kids can't share, so they fight. Sounds like you need to teach them to share. When it comes to grounding them, physically take the box away, and teach them why you are taking it. You're just gonna do more harm than good by putting in restrictions like that. Teach them morals and whatever else so they learn not to go to websites with inappropriate content. You obviously took the time to have the kids, why not take some time and communicate with them?
I take it that you aren't an IT geek, still i'd advice you to find someone to help you set it all up. ;>
get an openwall/selinx/netbsd router, or just a decent hardware router with all the fancy
setups adjustable, most imortant run everything jailed/sandboxed. run syslogd/tcpdump, log all traffic, perhaps adjust filter rules, and content which isn't accessible for your kids on the net, and at the end of each day monitor the traffic logs, empty/recover sandbox content, and some other stuff i probably didn't mention
oh yes, don't let them have ROOT
Where N is the number of computer users and you want them in a shared space, not in each child's room. Providing each child a personal computer, especially in his room, is a guarantee that any kind of interaction between you and your kids and between themselves will end. Ensuring computer "scarcity" will force you and, more importantly, your kids to interact with each other. It may even force you and your kids, gasp, to share a computer.
This also has a couple side benefits:
1. There are no "secrets" on the computers so you have no need for the tight monitoring and/or policing you seem to think you want.
2. Virus infections become a shared painful experience with obvious lessons being learned on how to avoid it the next time.
HW monitoring is kind of pointless as it won't tell you anything.
This only leaves you with a couple problems to deal with:
1. backup - there are plenty of backup solutions out there. Generally, you'll want some kind of external drive setup with automated user data backups.
2. virus recovery - If you like anti-virus software, use it. However, you should probably also keep a fresh install method handy so you can simply re-install without having to deal with the mess (this is where a good backup becomes very important). Taken a step further and to save lots of time you could have all your machines running VM hosted Windows images. Then when one of the images gets infected or otherwise "goes bad" you simply revert to the latest and greatest clean VM image (user data backup is still very important).
Well, this all sounds a bit overkill for childrearing, but as a 26 year old university student who knows exactly nothing about raising children as a single parent, I'm going to give you the benefit of the doubt.
At any rate, all of the internet scheduling/cutting off can quite happily be done by any router running DD-WRT. Pick up an old Linksys WRT54G somewhere and you'll be fine. Set it up to use OpenDNS to filter any bad sites.
Scheduling of Virus Scanning is obviously a no-brainer as any virus scanner worth its salt will quite happily do that automatically. It's probably blaspheme around here, but for those friends with windows machines that I've had to help fix, I've actually had good luck with Microsoft's own free scanner.
As far as the hardware monitoring/log emailing, maybe just drink a beer on the porch and relax instead. Too much worry is bad for your health.
...commend your commitment to teaching your kids how to avoid and circumvent computer restrictions.
Both Windows 7 and OSX have parental controls that enforce usage times in a per-account basis, which apps can be run from these accounts, which sites can be accessed, etc. I have been using these with OSX (a good write up at http://theappleblog.com/2009/01/13/kid-proofing-a-mac-with-parental-controls/) with my 11-year old autistic boy and they couldn't be any simpler. He can only log into the machine at certain times, and I have the option to set a maximum session time per day. He can only run apps that I approve, and can go to sites only if I explicitly allow them. The bad news is that, at least in OSX, Firefox doesn't respect the parental control settings (Safari does it fine).
I checked with Windows 7 and the parental controls seem to be pretty similar. More at http://www.microsoft.com/windows/windows-vista/features/parental-controls.aspx
My only real annoyance is that Youtube doesn't have real content rating, which makes it a pain to filter properly. My son loves to make balloon sculptures and is always checking for new video tutorials, the problems is that while looking for these, he runs into the videos of the balloon popping fetishists. One second I am hearing a video explaining how to twist balloons into a roadrunner, next I hear a 300-pound woman in a bathing suit giggling and sitting on balloons to pop them. Gross.
Pedro
----
The Insomniac Coder
There are products you can buy that are normally used in businesses, that allow you to do key stroke logging, remote snooping the screen, etc. If you're as paranoid as the business that use these tactics on their workers then I'm you can find them with the Google. I don't expect they will be cheap, and they will require a lot of setup, you'd also have to do this away from home for obvious reasons. But if you mistrust your kids that much already I'm sure you're prepared for that.
This sort of thing sounds like it's right up your alley: http://www.softactivity.com/
Of course as pointed out above they can be circumvented with the Google too, often by the simple expedient of going to a library, or a friends house. You could of course spy on them there to, by bugging their phone, though of course if you follow down this route you'll work out that locking in their room, and home schooling them under armed guard is the only rational choice. What you're going to do in a few years once they leave home and become adults, (so called) is a different matter.
You could of course just lock them in the basement.
http://theappleblog.com/2009/01/13/kid-proofing-a-mac-with-parental-controls/
Buying a Mac is going to be way cheaper than dealing with viruses on Windows or trying to learn being a Sysadmin on Linux. Buy Mac Minis and cheap monitors/keyboards/mice or pick up a used MacBook or iMac. Look for something that has the extended warranty - hardware failures will be repaired for free. You could even consider getting them an iPad with a keyboard, and only installing the applications you want them to use.
Just keep a local account on each system with a password that they REALLY don't know, create their accounts with the instructions provided above, and you're done. For extra protection, have someone write a script for you that sends an e-mail every time the Administrator account logs in, so you can know if they have figured it out.
Also, don't bother with virus protection. Weekly backups and nightly syncing their documents is a much more realistic and effective option. Pick up a Time Capsule and their computers will backup automatically. Just make sure you restrict their hard drive quota so all of their information will fit.
dd-wrt will do it. A trusting relationship will too. Although, it may be a good way to catalyze production of tech savy kids. They will figure out how to get around it. :D
virtualization will kill any game need a video card better then a basic 2d one.
Your kids don't want censorship or locked down obsolete computers. That shit will just hinder their education.
This does most of what you want out of the box.
There is a nice admin interface where you can create profiles based on day of week, per MAC etc. Block certain keywords.
While I cannot imagine any one product will do all the things you mentioned as requirements, you might find most of the functions available in ClearOS (formerly known as ClarkConnect). You manage it primarily from a web-based interface which has pretty good granularity in terms of specific functions for specific users, and of course you can use the linux command line as well. These things are great for parking between the Intertubes and WinOS boxen, and I've been using them since 2003 for home and small business clients. Also, it will run on whatever ancient relic you have stashed in the basement computer graveyard. I have no connection with ClearOS other than as a user.
Twice as crazy as I would be if I was half as crazy as I am.
A decent NAT router will do all the internet control stuff you are looking for, with an interface that isn't too terrible to grok. The rest of what you're asking for starts to crank up the cost and complexity extremely fast, especially for a single parent with three teenage kids...
Really, you don't want to try to set up draconian enterprisy stuff, it's not designed for consumers, will take time to administrate, and will break on you anyway. Network control via NAT router should be sufficient. If the parent wants to be able to physically control computer use too, then set up the clients up with the hard disk in a removable bay carrier. Yank it when you want to deny access to the machine totally. Much cheaper than setting up a domain and controlling access with accounts, and more reliable.
Seriously though, today's popular computing tasks pretty much require network. The NAT router gets you enough control. All other security measures are pointless because the kids have physical access to the machines; it doesn't take much to get Ubuntu running from a USB key with a spoofed MAC address...which negates almost anything you might set up on the clients anyway (and can bypass some NAT restriction configurations anyway).
A decent NAT router will have web access logs, so if the parent is paranoid, they can check up on what websites the clients have been going to, and also block specific sites. If necessary, the NAT router can block communications by port, too, to deny specific applications from working on the network, such as msn messenger, XBOX, bittorrent, or specific game protocols. In practice though, it's a pain to change that stuff all the time.
Technology isn't going to solve the parenting problem of the parent teaching the kids what is and is not appropriate. That requires the parent doing *parenting*. You've already failed if you have to resort to logging, blocking, and physical denial to reinforce consequences for going outside what is acceptable, more than once or twice.
First of all may I remind you (parent) that your kid's education is your frickin' job?! Technology is still NOT able to replace good parenting and probably/hopefully that won't be the case anytime soon. Your teenagers will find a way to break your rules sooner or later anyway so why even waste time TRYING to create such a virtual soap-bubble-castle for them? They'll only feel more controlled and repressed and that will eventually lead to more rebellious behaviour from their part - none of you would like it. They're teenagers so just DON'T FORBID them a thing in "their own" home. They're not your slaves, they're still your kids! You (and your kids) won't succeed by using technology as a replacement for a real parent!
TALK and CONNECT to your kids, teach them meaningful ways of using modern technology (or even better let them teach themselves, they probably even know already much more about technology than you do). At this age they won't listen to you anyways but maybe with a little teasing ("You'll get a new computer, if and only if ...") will make them behave for some time. Apart from all of that: Three kids fighting over one 10-year-old computer, in the year 2010, sorry, but that's just plain ridiculous! If you can't afford a life worth living for your kids maybe you just shouldn't have produced them yet.
I'm not talking VirtualBox, I'm talking something with a real hypervisor like Xen. You configure Xen for the client to get all the "juice", and maybe localize the game software. Then again, I've never tried running something like FEAR2 on a virtual client...
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
OpenBSD with packet filter + djbdns for dns caching and resolution.
packet filter allows rules to control local NAT and redirection of connections to/from external addresses. But this does not control clients for all of the other functions you are asking, that probably can be done with PCAnywhere or some other VNC.
However it is not a simple task, from 0 to everything works it may take many many days if you have never done it before.
You can't handle the truth.
What they NEED to do is supervise what their kids are doing - not leave it up to the server - the kids will get around that SO quick.
All you're doing is giving a false sense of security.
Put the computers where the single parent can SEE the kids using them. And they can see each other. If you start hearing lots of giggling, check to see if they're looking at porn. Also, the kids will snitch on each other if they can see what they're doing.
I'm losing some mod points by posting this, but I didn't notice the ages here -- 12, 14, and 15? Let them have some old/spare computers if they want. Show them where to download a virus scanner and tell them that if they break anything, they have to fix it. I don't see what the issue is here. They are going to have homework the requires the Internet anyway, so shutting down access after 10pm and in the early morning is just going to hurt them. By the way, my middle and high schools implemented strict filtering schemes on their networks. We had to put a fair amount of effort into getting around them *not* because we wanted to browse facebook/myspace/b/ at school, but because we often did research for our essays on school computers, and we wanted actual, balanced evidence, rather than the limited and biased crap that the filters let through.
I do four things for my kid.
1. Install X10 controlled electrical outlets that you can control from either a secured (locked up) X10 keypad or from a secured computer interface. Nothing says do your home work like a dead electrical outlet.
2. Using third party firmware on the router, such as DD-WRT, set up iptables scripts that can either block all network traffic to the specific machine, block all Internet, block selected Internet sites, ... using a secured plink call to an on router script (see documentation on ssh and putty).
3. Set up separate non-admin accounts on each machine, one for fun and games and one for home work only. Share document storage area among the two accounts. Never give up admin tot he kids
4. Up to date antivirus software. .
Needless to say, I get lots of push back from my kid and I have not been completely successful in all four. But I have implemented enough so that he is not totally off the deep end (or so I am led to believe).
Being a parent has given me a new appreciation for functioning in a non-deterministic universe.
Good luck
-- Mache
This is one area where Linux amazingly has been lacking. Home Domain Controllers. You can create a home domain controller with features Windows has never dreamed. Its just really really, really too hard. There needs to be a Home Domain controller Application added to most Linux Distributions.
Mandriva comes close to this with the ability to setup fully functional Samba Domains stand-alone only. But if you try and configure OpenLDAP, Kerberos, Squid, FreeRadius or anything else, it becomes a time vampire to get it all working right. And its not that the software is buggy. Its that often, the software is configured badly, and not at all.
https://qa.mandriva.com/show_bug.cgi?id=58653 Take a look at this bug I filed.
//Microsoft Employee Here//
The new versions of Windows Home Server is perfect for what you want to do plus there is a great community of users who develop custom plugins for new functionality. Check out http://www.wegotserved.com/
Newegg.com has some great prices.
I'd say get them netbooks and set up a wireless router. It's more useful than a desktop PC and cheaper too. Regarding your desire for control, don't bother. If you want your kids to trust you, you need to trust them. It will work a lot better than exerting draconian control.
And if you really feel the need to punish your children for something by taking their computer away, you can just lock the netbook up somewhere for a day or two.
Proud member of the Ferengi Socialist Party.
How about getting a cheap broadband router and letting the kids chose their own computers?
You are not doing your kids any favors by monitoring everything they do, trust them to use the computers responsibly.
Try www.untangle.com. They have a very nice free solution for most of the internet access and content control needs. Policies combined with the logoff screensaver can also help with some of those (remember that the clients will have to be "Pro" versions, XP Home doesn't do domains).
Doesn't matter anyway. I thought the querent was a system administrator. There's no way they could implement anything I'm suggesting without previous sysadmin experience.
They have to use a firewall regulating network traffic in order to manage what their kids do online. There's no other way. Kids will get around any client machine kludges. And whatever firewall implementation they use, they're going to have to go geek to be able to interpret/manage the network traffic.
I still think its possible for them to implement a windows server and make the clients boot off an OS image, but the administrator will have to go through geek hell to manage his users.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
Hi, I'd agree with the idea of computers in a shared space as solving lots of issues. Monitoring them for hardware failures and uptime is all very weel but you're not running mission critical webservers on these units, if they crash once in a while that will also be a good life lesson to learn. I've setup openDNS on various friends systems for their kids and the free version is reasonably useful, it will give you full offsite internet logging without letting you know the individual machine thus giving you an overview without violating your users/kids privacy, at the end of the day they should be able to explore some of the web, just not the extreme stuff. Charlie
Get 3 Macs, not 3 Windows machines. There are parental controls built-in, and with Steam they run most of the same games. They also have digital media tools built-in, as well as many special subsystems related to that kind of work, which for kids that age is like the 3 R's. In college they will be using Macs, and people of their generation overwhelmingly use Macs, the skills will be more beneficial than learning Windows. There are no viruses, no scanners are needed, and they're Unix, so they are more Linux-compatible than Windows. They backup automatically to an external volume, and the kids have the Apple Store to do free seminars on whatever they're interested in.
For yourself, use Linux if that's what you're into. But your idea of computing is likely very different from your kids and their generation. They want the computer to disappear and make movies and play social games. It's a car for them, not a hot rod. And most of all, the Mac is part of this century, while Windows is literally their father's 1995 computer.
Macs are all-in-one, complete systems, and there are no low-end models, but with AppleCare you are guaranteed 3 full years of 100% operation of both hardware and software, and then when AppleCare expires, you can sell each Mac for half of what you paid for it, which you out towards the second generation of Macs and they will be cheaper than low-end Dells. So only the first generation is more expensive than low-end PC. You pay full price for your first Mac, but only half price for every subsequent Mac. Over time, not only will the resale value save money, but it comes with $1000 of software you don't have to buy later, and the reliability and lack of need for utility software and I-T time will save you money and time.
Here's the approach I will likely take once my kids are old enough to use the net:
- Negotiate proper rules with them.
- Have something log what sites they go to, when etc.
- Let them know about the logging, and make it clear that you will review the logs if there is a need to do so.
- Also, I don't believe that someone who is 12 needs unsupervised net access. Have a machine in the family room and let them browse when you're around.
Ultimately, the only common denominator for success is parenting.
.: Max Romantschuk
the computers he's trying to administer are like 10 feet away from him.
Not necessarily. Single parents tend to have a job.
If these are desktops, for "grounding" take the keyboard, mouse and power cord and lock them in your car trunk. If laptops, just lock the whole thing up.
My parents used to take away the stereo speakers as a punishment. Same concept.
For "hours of access" don't put the computers in the little darling's bedrooms, and send them to bed. That will mostly take care of filtering, too; nobody wants to be looking at porn in the family room.
When my stepson was 9 he had a computer in his bedroom. I put in a router rule to keep it off the internet but still let him print to the network printer. I don't know if he figured out how to get past it or not. The computer he could use with internet access was next to the TV in the living room.
The preferred solution is to not have a problem.
So you are ok with your kids being on AIM all day looking for older guys who make them feel special? Or surfing porn all day? Or, even doing what you want and accidentally running across goatse guy? He's not looking to be the gestapo. He's looking to have some basic protections in place to protect his children from the unsavory parts of the Internet, and to make sure that they don't abuse the priviledge of having a computer in their rooms.
Sure, he could fix this by doing what he does now, having one computer for all three in a public place. But he's trying to improve their access, not limit it. And he just wants to make sure that improvement isn't abused.
Learn to love Alaska
I would Google for information on setting up Linux and Squid on a PC that you designate as a router. I've found the following tutorial to be helpful: Linux Home Networking
I'm going to go ahead and join the folks saying you can't do all this from one app, but, for what it's worth, here are my suggestions for how to achieve your goal for free/cheap:
Hardware Monitoring: First, I'd tend to say that you don't really need this, but if you want it: http://www.almico.com/sfdownload.php Speedfan's probably your best bet, yo can configure it to send you an e-mail for events, and it also does pretty good logging and, as an added bonus, it has decent hardware compatibility. The other player is MotherBoardMonitor, but it's basically abandonware now, afaik.
For internet filtering: There's peer guardian (http://phoenixlabs.org/pg2/) or, as someone else suggested just use openDNS, the advantage of openDNS is it's very easy, the advantage to PeerGuardian is you can create exceptions.
For internet access: For this, go with almost any modern router, I personally use a WRT54g loaded with DD-WRT, I know I can force it to allow/disallow any given MAC.
For anti-virus: Pretty much any AV out there will let you schedule runs.
For setting hours the computer can be used: easiest way would be to find a computer who's BIOS lets you do that, disadvantage is that you'd need to be physically present to make an exception, or give the child the BIOS password and then change it when you got home. Other disadvantage is that it'd be some finicky research, since not all BIOSes will let you, and you'll have to find out before you buy the machines.
As far as monitoring computer status goes, I'd just install a VNC server on them (http://www.realvnc.com/) if you can't log in, the computer is asleep or off (does it really matter which?) if you can, then the computer is on, and you can see what the kid is doing.
I know this isn't really what you asked for, but afaik there's no one app to do all you want.
I needed a sig so people would know who I am, but I was too drunk to make something witty, so you get this instead.
Have you ever tried just turning off your TV and your computers, sitting down with your kids, and hitting them? - bender
I work at a school as a network admin where all the students have tablets in 7-12 grade. I get a few similar questions from parents every year, some even implying that the school caused the problems they are having at home and should fix them. The best course of action as others have mentioned is interacting with the kids. Over the shoulder parenting / net-admin works the best, if that fails taking away the computer works well too. However there are some technical solutions that I have helped some parents implement that are fairly non-techie friendly. I will say up front this will sound like a Microsoft commercial which is because it is what I have experience implementing. I am sure there are other solutions I just know this one can work. In Windows 7 it has some pretty good parental controls (http://www.microsoft.com/windows/windows-7/features/parental-controls.aspx) and then you can further supplement it with the Windows Live Family Safety (http://download.live.com/familysafety). These two together do a really good job of time based controls and logging, there content based controls aren't as good but are functional. As far as backup you can use a Windows Home Server (http://www.microsoft.com/windows/products/winfamily/windowshomeserver/default.mspx) to handle that and it will also do some nice shared storage. The cost of this setup is really just the hardware / os and potentially the WHS box. The features are just built in and are intended to be non-techie friendly. I know they are since I have had parents implement them on their own and tell me they work.
Hoyty
This is the very issue I have been looking at for a while now. I seem to have found a pretty good solution that works pretty well. Firstly before you starting thinking about network security you need to think about physical security. You don't what spend the time setting up a filter network only to have the kids figure out that all they have to do is move a network cable to a different switch. This happened to a co-worker and it was wonderfully funny to hear the story.
Anyways I have gone with a manged networked solution, so only the ports that I am using are active and are connected to separate VLANs. Now on the edge of the network I am currently using a Smoothwall (www.smoothwall.org), in a RED, Green, and Purple setup. I have the kids on the Purple interface, which only allows the two mac address of each of there systems. I have timed access per client, and content filtering per client.
Each of the clients is running windows 7 connected to a active directory. This allows for total control of their computers, I have locked them down so they can't install anything I haven't approved. I have also pushed IE rules for content accessibility however the kids us firefox which I have done the same for.
As it is now there are a few layers for them to gain access to before they will get unfiltered internet access. We keep a close eye on them still but in the end I keep an eye on all the network devices to see if they are trying to gain access and they haven't. As well I have always made it clear that if they wanted some more access to the internet they would have to come and ask for it. And if there is a site they heard about at school and they try it and they don't have access I normally hear them grumble about the same time I get an e-mail regarding the site being blocked. They have been pretty good about asking for access.
I hope this gives you some ideas.
Number one priority is figure out the exit plan.
In "about three years" by yer own figures, the oldest is going to be utterly and completely totally free, at college or whatever. In less than a year, total freedom for limited time periods behind the wheel, visiting stores and other peoples houses, etc.
Building a better cage is not going to help the kids relate, when they're finally released/paroled into society.
Which kids have the biggest problems at 14? The kids of "anything goes" parents. Which kids have the biggest problems at 19? The kids of overprotective parents. On average, 14 year olds can get into less trouble than 19 year olds. So, teach them responsibilities of freedom at 14 with your guidance, not 19 and alone.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Parents should be the ones making these decisions instead of the government (Australia anyone?). This goes to the heart of the argument regarding censuring content and who's responsibility it is to decide. Adults should be able to decide for themselves and parents should decide for their kids. It is up to each parent to decide what is and is not appropriate for their kids and to determine the best way to do it. Saying that the poster is enforcing fascist policies on his/her kids is the same argument that a government uses when trying to implement censorship laws on its citizens: you know what is better for them more than they do.
As for the technical question: Most of what you want to implement can be done through an off-the-shelf router that has had the firmware flashed with DD-WRT. You can set up individual profiles for the MAC address of the kids laptops that limits the times that they can access the internet, and when you ground them you can disable access completely via their individual profile. It also has some VERY basic web filtering. You have to have/buy a router that is supported by DD-WRT, but you can get one pretty cheap. The ASUS 520GU is supported and it usually can be had at NewEgg for around $40. If want more robust web filtering you can set up a linux server and run Dan's Guardian & install Nagios for hardware monitoring.
Jesus Christ, yes. Don't bother trying to roll your own for this sort of setup unless you want to transition to IT as a career. The migraines you will get trying to setup a proxy and a content filter alone will take a good weekend, if you are lucky. I've used ClearOS and before that Clark Connect for years without problems.
An Education is the Font of All Liberty
OS X will do pretty much everything you've asked for, with very little work. You can use parental controls to create a whitelist for which programs and websites are allowed. You can restrict account access to specific times and days. You can use ssh or vnc to connect to each machine to remotely administer it. (OS X has a very nice, fast, VNC client and server built in.) You don't need a virus scanner, since there are no viruses in the wild for OS X. You can prevent installation of additional programs. Automatically limit access to adult websites. Restrict who they can mail and IM with. Limit computer use to a certain number of hours per day. Log what they have been doing. Receive e-mail requests to add additional websites, IM users, etc. so that you can confirm additions without having to use their computer. And if you install the istat pro widget, you can monitor all of the computer's hardware sensors, which will give you all of the rest of the info you asked for. VERY easy to set all of this up.
View client computer status, On/off, sleeping etc.; Deny internet access, not LAN, just the web; Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes; and Apply some kind of firewall filter for blocking undesired web content. And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task; Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms. Given the lists above I am thinking about a Linux based router/server machine and running Windows on the clients for game compatibility. I also know that a server and network boot client is possible but not sure where to start on that one."
If you used an Edubuntu Server with
I think you should be able to handle this stuff manually, but if you are not, then these are the technical controls I see as being most useful in terms of being able to administer them easily. Building the LTSP client environment was the last thing I found difficult; There is help out there. Hell, I'd help you. I hope that it's easier than the last time I did it by now, anyway. After that you get a cute and easy to use GUI for administration of client machines. The latest LTSP is supposed to make it easy to designate programs to be run on the client machines so that the server doesn't have to do heavy lifting.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It may be tempting to install loads of software to spy on their activities, and to censor the internet, but lets face it, if they want to get to porn, they can and will. Nothing you do will stop that. The best thing you can do is educate them and try to teach them to be sensible and safe. If you don't think they have enough sense and maturity to stay safe online, then only let them on when you are watching yourself. You have to show trust and fairness with children, and putting up walls makes them want to break them down. Trust your kids to do sensible things, but teach them how to first.
I think that monitoring everything your children do... down to their fan speeds may fall under the realm of "over protective"
A lot of people on here are trying to give you parental advice.
That being said, here is my take on the situation and your request. Like many others I think that what you want is over the top for many reasons. The amount of time your going to spend monitoring and up keeping the network is going to be become more time than your going to want to spend, very quickly. It would be far easier for you to lay down the law with your kids and explain what they can and can not do.
I would then go with the basics.
1. A scheduled virus scan on each computer for when they are at school.
2. Router with DD-WRT so you can set Internet access permissions when you are away.
3. OpenDNS so you can restrict many sites including proxies, adult content, etcetera.
4. Rewrite dns queries to opendns.
You have to remember that your kids are going to find ways around any setup. It just depends on how much time you are willing to spend setting it up and keeping it up.
I will say that, and I'm sure many will attest to this, having your own computer at the age of 15 opens up a Pandora's Box. You are taking a huge step in giving them their own computers, let them know this.
The parent is described as "computer-handicapped", so let's put it in terms he or she will understand: Consider, instead those old-fashed toys of yesteryear. Or consider the TV which many kids of my generation had in their rooms.
Could you imagine a parent asking that his children's toys will automatically stop working on 10pm? Or that his TV cannot be turned on when the child is grounded, or perhaps show only certain channels at certain times? Or the toys checking themselves and letting the parent know when one of them gets broken?
This is all ridiculous, of course. With toys and TV you simply couldn't even imagine doing this. With a computer you can *imagine* doing it, but it doesn't mean it makes sense to do it. A child will always find ways to break such technological rules, especially if the parent is so-called "computer-handicapped".
to be able to do the following via an simple application/webpage: View client computer status, On/off, sleeping etc.
Sounds like a job for a custom PHP script. You can determine On/Off by using PING tests.
Detecting sleeping status may be harder... consider using wired network connections and a managed switch with a CLI. Setup the PHP script to poll the switch for up/down status on each child's switch port.
Enable wake on LAN in BIOS resume from suspend. If port is up, but you are not seeing any packets, then it is probably asleep.
Deny internet access, not LAN, just the web
Any firewall can do this.
Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.
You can do this with Windows group policy. "Force logout when login hours expire". However, this may hurt them if Junior is up working on a report at 10pm due tomorrow.
Doing this has consequences. You may be better off TRACKING when the computer is on, enable Windows messenger, and write a script to automatically warn kids they should log off the computer now.
Use Sysinternal tools in your script such as PKILL, PSEXEC to kill know game processes on the machine, internet explorer, etc.
Force log-out and/or shutdown of clients, for grounding purposes;
Setup a Windows 2008 server, use Windows 7 business clients. Setup a Windows domain. Give kids accounts on the domain. Join all client machines to the domain.
If a kid needs to be grounded, lock their account. And use the "shutdown -i" program to send their machine a forced shutdown.
Use group policy to configure all lockdown, including firewall settings and mandatory Windows firewall exceptions (such as your management access).
Apply some kind of firewall filter for blocking undesired web content.
Get a Beefy enough Windows server to run Untangle for Windows.
And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task
Just about any Enterprise virus scanner will do. You configure an administration server, and install clients on each client machine. Some popular ones are Eset, Trend, Kaspersky, Symantec.
Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms
Uh, these are desktop machines right? You are going to have to be very choosy about your desktop hardware there, many devices will not even support IPMI or remote monitoring.
If it does, you can probably setup monitoring using standard free tools such as Zabbix or Nagios, though configuration can be a pain. You may need a Linux machine or virtual machine somewhere to provide this.
There are some commercial monitoring products that are free for a small number of managed nodes, e.g. free versions with limit of 10 hosts. But the most important thing is your desktops and other equipment actually support collection of that info, provide it over IPMI or CIM, and that Windows WMI providers are able to access the performance/health data.
Given the lists above I am thinking about a Linux based router/server machine and running Windows on the clients for game compatibility.
Hang on... you just said you want detailed management over Windows machines? You will either have a Windows server and domain first and foremost, or you are going to have a hard time maintaining this. Almost all the software required to manage Windows clients is Windows based.
A Linux server is great, as long as it has sufficient resources to run some type of Windows server as a virtual machine.
I also know that a server and network boot client is possible but not sure where to start on that one."
That doesn't make any sense... you said you want to run Windows on the clients.
Net booting Windows is complicated; the only thing that
I can tell you from experience that although there's not much of a Disk/CPU/Memory hit, the graphics performance is seriously business only. The real work of rendering still has to be done on the host, and then it has to be RDPd to the client. It's not going to fly at all, even with LAN connectivity.
If running Windows, make sure the kids don't have admin access and you can use policies to deliver the outage times. Load dd-wrt on the home router, and that can cut off internet access.
If only windows had something as simple as chroot.
In college they will be using Macs, and people of their generation overwhelmingly use Macs, the skills will be more beneficial than learning Windows.
I would love to see something to support this. I was on a university campus this weekend and I was curious about this myself. I actually counted PC vs Mac as I walked around and at best Mac was 20%? While I won't argue that Mac is gaining ground I would say a blanket statement like this is not quite correct. I think learning and being comfortable with technology is more important than learning either the Windows / Mac / Linux way to do things.
Also many of the implied exclusive features are built into windows as well? Lastly, um Steam I shall quote from https://support.steampowered.com/kb_article.php?p_faqid=98
"The Mac version of the Steam client will be released in April, until that time we will be unable to provide support for Mac issues.
For more information, please read the following news post:
Valve to Deliver Steam & Source on the Mac
Please note that not all Steam games will be available on the Mac client. Availability will be determined on a game-togame basis."
Right now Steam runs 0 of the games and who knows what the future holds there.
Hoyty
Oh for a mod point...
Sewage Treatment Facilities - "Our duty is clear."
Remove the power lead.
I agree but one should still be able to review logs of places the kids (or their friends) have been. I'm their parent, not just their friend.
Considering all things said in the OP, I find this a very alarming situation. What we've experienced in the past, these kinds of cases tend to have a rather alarming rate of "end game solutions."
I hope this is nowhere near my kids or the kids of my friends.
Seriously - you're over the board.
I learned computers by having my own, and learning on my own. Without a parent trying to tell me what was right or wrong. If you don't know enough about computers to do this on your own - why not let the 15 year old admin the network until the second kid turns 15 - then leave the duties to him, until the third kid turns 15 ?
Why do you want to limit what information the kids have access to? Isn't it better that they can browse the web and learn - without being limited? Give them general parental guidance, of course.
Teach them to build character, but don't limit their exploration options.
Sure they'll get hold of things you think are unsuitable. They'll do that no matter what. What do you do if you encounter them with the Anarchists Cookbook? You _talk_ to them. You tell them how unsafe it would be for them to try those things out, and you refer them to the wikipedia article that'll tell them quite simply that most of that stuff will blow up in their faces if they ever try to cook any of it.
Let them discover the web for themselves, and discover the world around them on their own. Without artificial limits.
"Rune Kristian Viken" - http://www.nwo.no - arca
If I were to read between the lines, I would think this is a SOHO vendor trying to figure out to get enterprise features on an ephemeral budget. Maybe wave the magic "linux" wand and it will all get better. If your time has value, then I'd suggest picking up a fortigate 60b and a copy of Windows Small Business Server. Add the free Windows deployment services and that takes care of PXE booting across the network and setup some logmein accounts and you're done in an afternoon. On the other hand, if your time has no value, maybe you'd consider running vyatta or pfsense and ClearOS. Or if your time has negative value, you'd could piece things together yourself. Let me introduce you to OpenLdap. Meh. Or maybe it's not that negative, rather you want to learn the cutting edge and this is a learning experience, how about Fedora and the FreeIPA project, which with 2.0 will likely become the defacto standard for identity management on linux. Course doing it all in one box can get a little tough at times, but whatever. Good luck. Thanks, Doug
I agree that what the poster's thinking of doing is not going to work from a practical POV, with the parent not likely being capable of administering the network they want to set up. But at the same time it's irritating to hear everyone give the same generic response of "I don't agree with filtering because blah blah blah therefore I won't dignify your stupid question with an answer". I'm not a parent, and while I don't think I would necessarily filter my child's internet access, I don't agree with people intervening in how a parent/parents want to bring up their child. I don't appreciate it when the gov't sanctimoniously decides what me/my children should see/think/do, so why is it better when an individual (or group of individuals, such as here on /.) impose their moral beliefs on someone?
This smacks of the same groupthink that hates MS/Google/Apple/Company-of-the-day without any thought behind it, just because it's the opinion-du-jour on /. It's actually funny how many +5 posts on Apple topics recently have berated Apple for trying to force their way of thinking on everybody, all the while the mods/posters missing the irony in their attempts at coercing others to agree with their anti-Apple opinions, a la Fox News' tactics. Yes, there are legitimate posts with legitimate concerns, and yet they are drowned out by hate-mongering.
Anyway, with that in mind, I agree with the DD-WRT/openWRT/whatever firmware on a decent router as part of the solution. Couple that with OpenDNS, enabling it as outlined here and elsewhere, will allow monitoring of internet activity, as well as filtering based on specific address as well as generic categories of websites if that's desired. This takes much of the work out of the hands of the parent/admin.
Keep the login/passwords private/secure, as well as the password for the DSL/Cable/Fios/satellite/whatever service you use to avoid bypassing. And if there are other open wireless networks nearby you might want to either eliminate wireless adapters from the computers, or lock it down to a single network (a la the dreaded Apple's network setting in Leopard/Snow Leopard to require admin creds to change networks)
Make some rules:
When they can use the computer in relationship to the higher priority things in life: School, homework, chores, time together as a family, other activities, sleep.
What they can and can't use the computer for: homework/IM/Facebook/games/whatever you feel is an appropriate use of a computer
The consequences for breaking the rules.
Write it all down and make them agree to it. Hold them accountable when they break the rules. They will.
Sounds like you may want to buy an extra computer or two. I wouldn't buy one computer for each child. It's important to learn how to share and budget their time well. Buy a good router with kid appropriate filtering. No wireless.
Don't let them put computers in their rooms. Depending on space, make one bedroom a computer lab, or just set up a large desk in a common room.
K12Linux is Linux Terminal Server Project (LTSP.org) integrated with Fedora 10 and higher, in a convenient LiveUSB or DVD media installer. Since 1999 LTSP has empowered many schools and businesses with Linux-based terminal servers and thin clients, allowing low-cost clients or recycled computers to become powerful Linux desktop machines. K12Linux allows easy deployment of a Linux terminal server, capable of serving entire networks of netboot diskless clients. Clients login to the central terminal server, where they can use any Linux desktop environment (GNOME, KDE, XFCE, etc.) and most desktop applications. Significant long-term cost savings are made possible by central management of software and accounts.
I may be bad with names, but I'll never forget your IP address
And then the kid asked if he could go to his friend's house.
I said 'sure'. But then I realised they might have internet access.
AND I WAS LIKE FFFFFFFFFUUUUUU
Don't rely on technology - just talk with them.
Put just enough security in to make sure you can log some of what they're doing, and leave the rest as a mystery. Periodically bring up some log of what they did when you weren't in the room, and discuss it. If they aren't sure of what you can see, they'll be far more paranoid.
I looked at porn as a kid, stayed a virgin for quite a while until 21 when I finally realized waiting around for a fairy tale wasn't wise. All the other kids who where under censordom ended up having children young and being the most rowdy people ever. Not only is your plan unreal, its results won't give you the outcome you expect.
Linux, xBSD or Solaris with squid and a router / firewall denying any connections except from the proxy. Everything (proxy, router/firewall, xDSL and the cable out) must be in a locked room and kids PC's may not have WiFi or Bluetooth because your rascals will bypass all your security efforts.
If I were to become a parent now, then I would only put these restrictions up on my teenagers to tell them: "You're restricted until you can figure out how to get around it." Because that's how I learned as much as I know now about computers.
Seriously though, forcing all of these restrictions will only cause them to resent you. If they want to look at porn then they'll find a way to get to it, if they can't find that then they have active enough imaginations and attractive enough girls at school. Sure, you can say that could happen, but at least you're not enabling it. However, talking to your children about it instead of just restricting them from it and saying that's that will help them from developing some sort of complex.
And how about this: Maybe your children are more night people than day people, as is the case with myself. This is a completely alright thing, but is for some reason frowned upon by parents who do things like restrict what hours they can be on the computer. Let them stay up as late as they want, let them sleep during the day. Soon they'll learn what they prefer. Either they'll dread feeling so tired at school because they didn't get enough sleep, or they'll miss spending time with their friends who don't keep the same hours as them, or they'll be completely fine with it.
You need to help them develop these things while under your supervision, because once they're set free in the world and not under your supervision anymore then all of these things that were taboo and inaccessible before are right there and they'll be poorly adjusted to them.
What do you use for parenting for other things not computer related?? Seems like you just need to be a parent. If they abuse their computer, you tell them not to use it when grounded. If they abuse that, they lose the computer... simple. Just like anything else related to parenting.
Dragon Eater, I think I noticed two specific areas you were addressing in your initial post ... the first was around setting limits around the Internet for your children and the second seemed to be more virus protection / system maintenance focused. I can share my observations with the first challenge but I haven't done much with our home network around automated maintenance. For the record, my wife and I have 3 boys in the house right now (6, 11 and 23). Our home has 3 desktops, 2 laptops and 3 netbooks ... along with about 5 ipod/touch, a Wii and WiFi enabled Nintendo DS systems.
I approached the challenge of tightening down our home network with a focus on trying to put controls on centralized hardware as opposed to managing something on every device. I settled on the Cisco/Linksys WRT610N router ($175.00) which allows me to block certain Internet sites. The Home Network Defender (HND) software, an add-on to the router, allows me to block sites from the Wii and any other wireless device without loading client software. HND ($50.00) also allows me to also schedule times for allowing Internet access. My understanding from books and other resources is that most kids tend to get in to questionable activities between 3:00pm and 6:00pm ... I've got Internet access setup so that they can only get online while we're home. We also do not allow any computers outside of the family rooms downstairs (i.e., no isolated internet, computer usage). The 23 year-old is only filtered by the router and manages his own devices. We only ask they he keep his PC and laptop locked with an account when not in use.
For virus scanning I use BitDefender (3 PC's - $50.00) . This product includes a decent amount of parental control. I'm working on setting up BitDefender in "network mode" which allows me to configure all the PC's from one location but you do have to install the software on each PC.
Network Magic Pro (8 users - $40.00) is another optional add-on for the Cisco router which creates online reports and let's you schedule Internet access times. As you can see there's not a single magic-bullet solution and some products have some overlap with others.
I'm running Windows 7 so I've installed Microsoft Family Safe Filter (free) which gives me the ability to allow and/or block specific sites. This solution is actually pretty neat since it allows the kids to easily send a message to my "MS Live" account requesting a specific site to be "opened". Along with Network Magic Pro the Microsoft Family Safe Filter provides some great online reporting.
It's not as daunting as it seems but I certainly had to spend a little bit of upfront time sorting out the overlap and getting a consistent installation on the PC's, netbooks and laptops.
And of course I help them with their homework, take bike rides, teach them the fine art of open-field tackles and maintain a healthy activity level with our local church. In the end, there is no guarantee but it's good to see other parents taking seriously the responsibility of protecting their children while they establish a character with solid morals and ethics. I pray every night that my kids will make good choices when no one else is around ... this world is going to throw them some pretty bizarre options soon enough.
Put the computer in the same room you are, and watch what your kids are doing. Oh, and interact with them too...
If you have to have some 'system' turn machines off due to grounding you have a bigger parenting issue going on.
---- Booth was a patriot ----
Get a decent router and you can setup the firewall and outright block internet access easily. It is the norm that the above would be controlled via a web interface. My last 3 (cheap and basic) routers also had an option for emailing logs and alarms. It will also have site filters but this is somewhat pointless as they'll either find a way around them, or find an alternative source that in all probability would be even less desirable than the ones you knew about in order to block.
The router should also show who is connected so this can effectively monitor who is on, though they could fake it. However, every single time I've read an article about children using computers the golden rule has been to keep the computer in a public area, not in bedrooms. On the other hand the non-hardcore gamers will very probably prefer a laptop, and to be honest an internet connection and some privacy is likely to result in some hormones being saited and more relaxed teenage boy. If they're girls, do not let them have webcams...
I'm yet to try any AV software that does not come with a scheduler, they usually pester you to set this upon installation.
Whilst you can find free software through google for high temp / fan speed low etc monitoring, IMHO this specification emphasises that you've overthought this project and practical common sense has got left behind somewhere. I don't think you can buy a computer now that doesn't protect itself from overheating, the rest will sort itself out.
Scheduling the time usage of computer is a job to do in person. Don't try to abdicate that responsibility onto a computer. Regardless, such reliance is an unwise strategy since they are very likely to figure out how to completely override all your automated controls.
In short, just get a router, puts the computers in a public place and do the rest with a little trust and parenting. Kids gradually turn into adults as the increasingly gain experience with how to deal with trust, responsibility and risk. The more you coddle them the more vulnerable they will be when they inevitably find themselves in a risky situation.
The computer will be almost useless to the kids if the networking is disabled at the firewall. Most
consumer firewall routers have network scheduling. Just turn that on and you are done. Remember
to set a password on the router.
If you want to see what your kids are doing at any point, then use a free vnc server on each of
the machines. You can control their machines with vnc too.
Just buy some simple antivirus licenses for the machines to control the viruses and find a way
to re-image the machines frequently to keep them clean if you want. You can have them keep
their documents on a share you control to lessen data-loss during re-imaging.
If they are really just working on an essay, then the cutoff on the internet will not affect that.
The hw monitoring is a feature the hardware vendor should provide.
Wine and Linux for the client machines should work well for your needs. Ive seen that most games work quite well under Linux+Wine. If Wine isnt enough, possibly CrossOver Games would be better.
Windows prior to Vista doesnt really offer capabilities that you are requesting, as far as I know. And Windows is still expensive...
But on the Linux side, there are a few tools that can do that.
For GNOME, there is GNOME Nanny. Though it seems restricted to time session management and web activities.
A more universal set of tools is available too:
Im not sure if there are other tools out there that work. I think Mandriva Linux actually provides integrated support for parental controls similar to GNOME Nanny and TimeKpr. The scripts from WebContentControl would let you block which applications they can run, though that isnt that big of a problem on Linux if they dont have a compiler or root access.
KDE itself has a configurable Kiosk mode, which can help control KDE itself.
I agree but one should still be able to review logs of places the kids (or their friends) have been. I'm their parent, not just their friend.
So I'm assuming you're one of the power obsessed parents who uses Verizon's "family stalker" app to make sure you know when your kid is peeing and if they stopped to get ice cream or not? That kind of control isn't parenting, it's being a dictator - not only will your children despise you for it for the rest of their lives, but you're teaching them that they should be controlled and to not make their own decisions.
On the bright side for your kids, parents like you teach them that every person in a position of authority is an egotistical asshole who's not worth a single ounce of respect.
Treat your kids like human beings instead of slaves - you'll thank yourself in 40 years when you need your kids to pay to support you.
"The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." ~Thomas Jefferson
Holy crap. So many technical solutions. The answer here is simple.
Put any and all computers in a public place. They want to play games? Fine. But you'll know about it. They want to browse porn? They probably won't when you're around. And make sure you have full and complete access to every machine.
The answer is to handle it socially, not technically, like other people have said.
Why don't you put a hidden gps tracker in the 15 year old's back pack? Or issue them laptops you payed a guru to pop open and inset a always on independent mic and recording part from The spy shop? It's not just about kids should have privacy, kids need privacy and they need more every year as they get older to develop and be self reliant and also to become interesting adults. You ever meet that young teenager who only thing he can talk about is what he has over heard his parents say because he's had no time to form his own thoughts? those kids are so sad.
If one wants to go this route, it can be done, but ONLY with some of the newer CPUs/Chipsets. I think they are now named Intel VT-d and AMD-Vi respectively. So far, you have to hunt for which cpu/chipsets support this. The only place it's clear that have support is via AMD's NEW Opterons, and chipsets. Consumer stuff is (especially for some reason with the Intel CPU/boards) subject to vendor whim.
If going Linux host-Linux guest via X11 you'll take a hit, but you'll still have hardware acceleration. There are a few Linux-Linux 3D solutions that don't use X, but I have not tried to mess with them.
The simple solution to the parents problem is to tell the kids what not to do, and log the computer's network activity. If they're visiting bad web sites, it'd be easy enough to find out.
When the kids know what they do is being watched, and they can get grounded, that's usually enough.
As for limiting the time they can use the computer. Why? I've spent almost every waking moment of my life in front of a computer, from age 7 to present (27). Kids are less destructive around the house when they have something to do with their time.
I once lit a patio table on fire with gelled gasoline, lit the end of a modeling cement tube on fire (very neat), sled down the steps of the deck in winter, climbed all over the roof, got buried up to my neck in sand by neighbour kids and left for half an hour, poured acid into a harddrive (it boils out as poison gas, yay), sat on a tree branch for hours reading books two feet away from a power line, etc. Guess what? Had nothing better to do at the time. My list would be a lot longer, and more imaginative, if it hadn't been for constant access to a computer.
Yeah, I still live in my parents basement. And I'm a virgin. But, isn't that exactly the protection parents want for their kids?
There will still be the older boyfriends met IRL who will make them feel special (or rather abusive boyfriends similar to their controlling dad), constant thoughts of sex, and government-recommended colonoscopies. After infancy sheltering your kids is not protecting them and is just as likely to damage them.
Don't forget to tell the neighbours that they need to encrypt their wifi or the kids will simply use that. :)
Are you serious?
Half of these problems are not technical problems. They are talk to your kids problems.
"View client computer status, On/off, sleeping etc.;"
Walk into bedroom to see if child has gone out and left the computer on, is working on computer or is in bed.
"Deny internet access"
Remove ethernet cable
"not LAN, just the web;"
Temperately give back the ethernet cable or use USB sticks.
"Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.;"
Talk to child and tell them what they can and can not do, then check they stick to it.
"Force log-out and/or shutdown of clients, for grounding purposes;"
Remove power cable
"and Apply some kind of firewall filter for blocking undesired web content."
My 2 are not old enough for this yet and I am as yet undecided as to whether or not to censor their internet.
And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task;
Fair enough on the virus scanner, but what tasks would you want to schedule remotely?
(and is you house that big that it needs to be done remotely?)
Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms.
Get a life. There are more important things.
If you run your home network like a police state, its users will come to treat you as head of a police state. If your kids are already so screwed up that this is the only remaining option, then you need to be restrained yourself.
You're a nub. No wonder she was screwing around behind your back.
1. Has all the features you desire plus easy networking and compatibility with Linux, Windows, and Mac OS servers.
2. Ridiculously easy to setup and manage from a different Mac OS based system to prevent tampering with settings
3. Will save you a lot of time in setup and continued support
Works right out of the box, no special stuff needed, no additional software, no new routers, etc., etc. etc. There may be other less expensive, or free solutions, but how much of your time is it going to take to setup all the features you want? Your time is valuable too! Wouldn't it be better spent with your family instead of trying to configure your computing environment?
Point taken, but Reagan had it right: "Trust, but verify"
If you give them Linux boxes, Ubuntu has a package called 'timeoutd' which allows you to enforce pretty flexible time-based limitations. I limit my kids to 90 minutes per day each on the computer (if they're doing schoolwork I can give them some more) and lock them out during hours they should be sleeping, etc. It's all configurable per-account, so you can easily lock one or more of them out of the computer completely for a period of time (grounding).
I've found that by putting per-user time limits on each of the kids, I actually don't have too much trouble with them fighting over the one shared machine, either. No one can hog the computer all day because timeoutd will kick them off when they hit their time limit. As a side-benefit, they've all learned the value of creating a good password and keeping it secret ;-)
Other precautions I take are putting their computer in a public area of the house and installing the DansGuardian filter. I also pay attention to what they're doing, though I obviously can't supervise them all the time.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
So, because sheltering them is bad, you should encourage bad behavior?
Learn to love Alaska
What is wrong with just using parental control software that already exists? I know it's part of the OS on a Mac, and I'm sure there are some analogs available for Windows. You're overthinking it and trying to build the "ideal system." Anyone who has owned a computer for more than a few days realizes quickly that the "perfect system" is a myth, albeit a pretty one. You're a single parent. You have more to do than administrate 4 computers (yours and the 3 they will have). In fact, try just adding 1 or 2, it's likely they don't all need one. Just one that isn't yours. You know your kids best, but I doubt all three need to use the computer at the same time. Just my thoughts. Really, though. You're making this harder than it needs to be.
Nitewing '98
Everything works...in theory.
False choice. He said he'd rather raise a kid he can trust not to do all those things than to blindly enforce it through software. That trust is lacking in your scenario.
:gasp: teh PR0NS!
Trust but verify, and the verification is missing in his scenario.
Appeal to emotion, slippery slope. Give the kids even a little leeway and they'll kind themselves talking to Chester the Molester or browsing for
For someone that whines about rhetorical tricks, you moved to the strawman pretty quickly. For one, I never addressed the issue of them looking for porn. I only addressed accidental running across it, like with mistyped domain names being redirected to unwanted sites. You made up the part about assuming they'll be looking for porn or even if they were that it should be blocked.
And there are a number of people out there that look for youngsters to take advantage of. Whether it's a good thing or bad thing to shelter them from those is not in question (unless you are saying that talking to Chester is a good thing). But what's in question is whether restrictions to prevent it are more harmful than the chance of running into Chester. And you don't address that, and pretend that question isn't even there.
Backpedaling after all the hyperbole. Yep... I just wasted my time even replying to this one.
Yes, you think that showing barnyard porn to your children is a good thing because sheltering them from it is bad. You are the one launching into hyperbole about what I said, demonizing any filtering or protection at all, then pretending that "good parenting" can prevent typos that lead to typosquatting porn sites. And then have the gall to assert that I'm the one engaging in hyperbole.
Learn to love Alaska
Don't create work for yourself and reinvent the wheel... Most of what you want to do is already built in to Mac OS X.
Check out the Parental Controls - there is a good quick movie on Parental Controls that shows what can easily be done.
If you need centralised administration and monitoring of these controls, then you can use a Mac OS X Server - which can now be had in the Mac mini Server which has dual 500GB hard drives so you can mirror them and costs under a grand.
Specialist Mac support for creative pros, Melbourne
Hope the following helps with your issues: Client / Server: Each of the workstations can be set up to "phone home". Select the "Webmin Servers Index" option
- View client computer status: "System and Server Status"
- On/off, sleeping etc.
- Deny internet access, not LAN, just the web: "Webmin Users", can schedule time
- Block access w/Squid
- Remote virus scanning of client machines, or scheduled task;
Unnecessary if you'll put a basic Linux distro on the clients
- Some kind of hardware monitor, high temp / fan speed low etc "Hardware"
- Email alerts for various log files / alarms. "Monitoring"
Hope that helps. It's not even a steep learning curve, and you get to ignore the viruses and adware they were going to pick up anyway.
I know I might be modded down for this, but it has parental access controls that do most of what you need.
Linux has the abilities but lacks many of the tools found in Netware and NT/Windows. One of them is using time usage tools. I could be wrong and maybe there are some free tools for unix that are out there that have a nice gui to set things up which generate the appropriate shells scripts. Maybe someone replying can mention this.
Do not be cheap and just get 3 $450 netbooks for your kids and the problem will be solved.
If you have no script extensions and link firefox you can get rid of most of the security problems. Just make sure you have access to sites like coolmathgames addictingames or where ever kids go to on the net these days.
http://saveie6.com/
All these access restrictions seem a bit over the top, considering the end goal seems to be a simple time-based limit as to when people can use machines. Install $30 worth of surge protected powerbars in their rooms, and buy those cheap timers for the circuit breaker box they sell at home depot to cut the power to their rooms at certain times of day. Install a couple cheap nightlights with batteries installed in case they need to get up at night, etc.
On a separate note, check out the details (as I don't want to retype them) here:
http://slashdot.org/comments.pl?sid=1487038&cid=30537220
Works like a charm. It's truly a beautiful sight to behold when the TV is off 15 minutes BEFORE the deadline, knowing that:
a) no exceptions
b) the next save spot is likely at least 20 minutes away
c) the power shutoff could "damage" the wii (until they realize the surge protector is in place for a reason, lol)
So you are ok with your kids being on AIM all day looking for older guys who make them feel special?
If a teen is looking for older guys to make them feel special, she is already emotionally vulnerable and needs some help. Cutting off the computer/internet without providing some support will just make her look for someone in real life.
Or surfing porn all day?
Pretty much the same deal. Your job as a parent is not to pretend that porn does not exist, but to explain that the behaviors depicted in it are unrealistic and often unhealthy.
Or, even doing what you want and accidentally running across goatse guy?
Look, sooner or later your precious little angel will see that pic. He or she will also see many other disgusting things, both in real life, on television, and on the web. You can't prevent that, but hopefully you can give enough context to allow little Junior or Princess to assimilate it and get on with his or her life.
He's not looking to be the gestapo. He's looking to have some basic protections in place to protect his children from the unsavory parts of the Internet, and to make sure that they don't abuse the priviledge of having a computer in their rooms.
Look at the age ranges again. They're not going to accept those kinds of top-down restrictions blindly. They'll get that you don't trust them, aren't telling them what they can't see, and become naturally curious about it. And since you've given them no background or explanation at all, they'll have no frame of reference for assimilating it in a healthy way.
Can anyone help me make my own music video? I am too lazy to do it. Can anyone with common sense plan this out so I do not have to use the gray matter that god gave me? I was thinking about titling it "Boats and Loose women." Does any one have a sailboat I could borrow?
Fucking moron...
All it takes it to talk to your kids.
My suggestion has a few purposes. 1, cause kids to learn to maintain two OSs 2, minimize your support time, 3, limit damages due to viruse. 4, reduce time wasted on networked games.
Suggestion is build dual boot machines for kids & set your server to limit Windows connection to Internet to about 1 hour per day. You can suggest kids to do home work in Linux. With only an hour of Windiz to play networked games, they will learn to use Linux and will do more homework. When Windiz partition is infected, no home work will be lost from Linux partition. Kids can learn to install or disinfect Windiz with no loss except network game time. Maybe you will also limit Linux Internet time or total computer run time?
You will need to prevent kids physical access to server!
I always find this story archetype surprising.
I'm the guy with the sheltered upbringing who worked hard, got good grades and didn't change my attitudes much when I went to uni.
Your children have virtually unlimited time to break it.
You will not win.
Net filters and lockouts only stop honest or stupid kids. In the honest case, you should just trust them to better prepare them for the real world where no one looks over their shoulder.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
If your "client" PCs run windows..be it xp, vista, or 7 and are Professional or higher, obtain a copy of windows .edu you can grab a copy of .edu email addy and it will work
Server 2003, 2008, or 2008 R2... run dcpromo on the copy of server to setup a domain and create an account
For each of your kids. Then setup the client boxes to be part of your domain. The server will allow you to control
When each of the logins are allowed to log in, as well as run a local DNS server which can whitelist sites as well
As log and view all of their activity. If you have an email address that ends in
Any of the windows server options from www.dreamspark.com if the school your email is with isn't listed it doesn't
Really matter.. Pick a listed school and use your
If a teen is looking for older guys to make them feel special, she is already emotionally vulnerable and needs some help. Cutting off the computer/internet without providing some support will just make her look for someone in real life.
So, just to be clear, you are arguing that it's safer for them to talk to strangers online in that mental state than to not talk to strangers online?
Pretty much the same deal. Your job as a parent is not to pretend that porn does not exist, but to explain that the behaviors depicted in it are unrealistic and often unhealthy.
So that's a yes, it's ok, as long as you talked to them first about it?
Look at the age ranges again. They're not going to accept those kinds of top-down restrictions blindly. They'll get that you don't trust them, aren't telling them what they can't see, and become naturally curious about it. And since you've given them no background or explanation at all, they'll have no frame of reference for assimilating it in a healthy way.
So you are assuming that there will be no explanation. I'd agree, if you never actually speak to your children and lock them away in their room with a computer, whether there are or aren't filters won't have much effect on their mental state. I didn't think that was the choice, but when you break it down to that, then you are 100% correct. Filters are irrelevant if you never speak to your children.
Learn to love Alaska
For one, I never addressed the issue of them looking for porn. I only addressed accidental running across it, like with mistyped domain names being redirected to unwanted sites.
You said "surfing porn". Sounds like a whole lot of mistyping going on.
Switch back to Slashdot's D1 system.
I suggest you get acquainted with what a current mobo can do for security. The workarounds we are all familiar with would more likely put the machine into a brick-like state, at least until the correct password is entered.
Hah my dad is a MCSE and has tried all that restriction crap me, years later I'm 22 and have an interest in computers fueled by my past of circumventing my fathers restrictions
Well, I am sure they will look for pr0n when they are old enough, no matter what. I know I did and the Internet did not exist. And those older guys looking for younger kids existed also before the Internet.
So the best thing a parent can do is prepare them for the moment that man arrives. If that means you need to spend several hours per day with your kid, though luck. It is called parenting. And don't put the PC in their room. Putting the PCs in the family room is not limiting access. Putting down firewalls and time limits is limiting.
Be there if they are. Might be that you or your wife needs to give up their job, but what do you want? Educate your kids or a new TV? Oh and don't be afraid that your kids hate you, because they will anyway (and won't). You do not need to be a friend. They have plenty of friends. What they need is a parent and Cisco is a lousy one.
Don't fight for your country, if your country does not fight for you.
...when looking for parenting advice (or parenting-related technical advice, since people want to turn it into a parenting question), don't turn to Slashdot!
...the future crusty old bastards are already drinking the Kool-Aid.
Google is your friend:
http://www.linuxforums.org/forum/redhat-fedora-linux-help/60324-remote-shutdown-windows-linux-box.html
This is info from 2006, things may have advanced a bit more since then.
Either you trust your kids or you don't. If you don't, work on it.
"The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
Someone has control issues....
Does nearly all, if not all, this out of the box.
If you have Verizon FIOS available to you, the routers included with this service cover everything you've listed and it's a fairly simple interface.
Where genius and insanity become confused true wisdom is found
Pfsense would be helpful. It's a handy router distribution that can be used for various relevant things, including seeing what DHCP leases are active and also be scheduling when the router will route traffic.. http://www.pfsense.org/ - I expect others have referenced it thus far??
you got a whole deal of connectivity/administration project there. quit your day job.
At home or in the work place, nothing says "I don't trust you" quite like Nazi parental controls.
These posts express my own personal views, not those of my employer
As the OP can tell by the number of responses that actually answer the questions asked, there are numerous ways to accomplish what was asked. They are all different and all will provide most of what was asked.
What your asking for is no different than how most computer systems are configured in the corporate world. The primary difference is that most businesses have full time people to deal with issues. IMHO, if you're interested in having the computers run some flavor of windows is to use group policies to control restrictions. The downside to using any solution is that given enough time, one of your kids will either figure out how to bypass the security or one of their friends will show them how. All the windows restrictions in the world won't matter once your kid gets a copy of ERD Commander or it's newer incarnation; Microsoft Diagnostics and Recovery Toolkit.
The correct thing to do, and this was mentioned quite a few times, is to monitor what's being done on the computers. Set some guide lines and make sure that your children AGREE to the guide lines before they are allowed to use the computer. If they cross a line then you punish them. What's the sense in locking down all your desktop and laptops when the kids can use their iPod touch to hop on the neighbors open WiFi connection?
Do what thou wilt shall be the whole of the Law - Aleister Crowley
Route the DSL, cable, power, lights, thermostat etc through a lockable box. Might take some nonstandard connectors, etc. An inspection of the room once in a while to make sure no wires have been spliced. A front door peephole thingie installed backwards in each bedroom door might be appropriate too. Can it be hacked around? Sure, but its a major inconvenience with poor return and the risk of getting caught.
....you be a parent and idk.. talk to your kids about when and what they can do online instead of doing secret things behind thier backs so they resent it because they dont know why they arent allowed. You cant automate parenting.
Where to start: Scrap all your ideas and start over.
Yes, everything you asked for can be done. The reality is though is that, with the amount of complexity you are asking for, you will be a full time sysadmin for them - you might as well quit your day job now.
Your setup is simply too complex for a non-techie (and to be honest, as a techie, I don't want to have to admin something that complex at home). You need to stop asking "can I" and ask "should I?"
Windows PCs joined to active directory can let you manage them, set logon hours, etc.
Why do you care to know if the PCs are sleeping/on/off/whatever?
A router running DD-WRT will let you deny internet access based on hours and/or PCs in a simple manner. To be perfectly honest, I hate the concept of internet filtering (by parents or otherwise) as I believe it is another step toward turning people into drones, rather than teaching them to think for themselves, so I'm not even going to offer any suggestions on that subject.
I agree with the other posters, the system you have suggested will end as follows:
1. The kids will learn how to hack around it. This can be a good thing or bad thing, depending on your point of view
2. The system is so complex it will never work and the parent will never use it as they have no clue
3. You will grow to hate it as it will take too much of your time.
"To be perfectly honest, I hate the concept of internet filtering (by parents or otherwise) as I believe it is another step toward turning people into drones, rather than teaching them to think for themselves, so I'm not even going to offer any suggestions on that subject."
Spoken as a true non-parent. There is a time and place for thinking for one's self, but it doesn't start until well after the temptation to search for funny things like "giant bottoms" or "poopy butt".
Potty humor that is innocently funny can quickly turn into a nightmares on the internet.
Let me break this into (as I see it) the following groups:
1) internet access (time windows, content filters, etc) - I *love* pfSense... built on m0n0wall, but includs package support for additional components... I'd also consider DansGuardian for content filtering (not sure if it's available as a pfSense package or not)
2) desktop policies (time windows, account lockout) - look into a domain model... besides being able to restrict local administrative access (if controlling the installation of games is relevant), it supports time windows for logins, and can disable accounts.... this *may* be possible with Samba.
3) system monitoring (system temp, etc) - consider SNMP, or in Windows you can use Performance Monitors and WMI.
Certainly if you want this to be run from a single system, consider a *nix box with routing rules, Samba, and something like Nagios.
And as always, keep in mind that children have more time to fiddle than you do (they likely see no harm in hard resetting such a server, if it means their access might be restored).
Ok, I completely disagree with what you're planning morally, but if you're really into doing this; here's my views.
Internet: Use Squid on a Linux machine. Set it up with a transparent proxy and use that as the gateway. Set the linux box as a router, and have your Internet Gateway on a private network. You can easily use Squid to block at specific times, for blocking websites (including webproxies), and disabling internet per machine. It also logs everything done. If you need help with the config, Webmin is excellent.
If you're using Windows, just use the RPC calls to find out if the machine is on, you can easily get access to what's being used with various applications, or even just VNC, depending how involved you want to get. I don't know of any applications off-hand that log application usage, but shutdown/restart can be done with proper RPC; and that needent mean having a Windows Server; it can purely be done with remote user/pass set up.
There are many many apps to do remote security stuff, especially for XP; even down to spotting keypressing and scanning for text and taking screenshots automatically.
Most Linux distros make Squid easy to set up, and setting up as a router should be easy too. Transparent proxying might need some investgation; but saves doing configuration on every machine later. Locking down Windows is fairly well documented. Obviously with Windows Server, stuff like Antivirus is more expensive but easier; but most of this is possible without resorting to having a Windows machine at all, and just having a small Linux box with enough power for Squid and log files.
Obviously secure the machines down to stop proxies being used, and to stop VPNs; and it should be easy.
Dug
If you really want to run an active directory server you can but that seems a bit too ambitous for 3 clients. You can set user accounts for your children on these machines and log in remotely via "mstsc" You should be able to control internet access from your router. In windows you can also set times that users can use the internet. As for your linux server, I'm not sure what you plan on doing with that but check out FreeNAS. I think it may be a server solution that you will like, if you plan on having a machine for use only as a server. If not I would run Ubuntu and just install the SAMBA server package to make shares. But if that's all you plan on doing your Windows machines can all make files shares. Sounds like you just need to setup a workgroup with additional storage like a NAS. I wouldn't go off and spend tons of money investing in a server for 3 or 4 clients to use. That 10 year old desktop could make a good fileshare/printer share maybe add a large hard drive to it and remove all the crap except the anti-virus, then create your workgroup and your shares with file permissions. (I know it's not as cool as active directory on a domain controller but this is a home network with less than 10 clients.)
That's the problem with asking a question on the internet...of all its knowledge, you still get many who would rather give you their personal take on the world than simply providing the answer to the question. My 7 year old daughter does this...and I give her the same. Know one asked for your opinions of parental control, but rather a question of how best to set up a network. I must assume, he has already made the decisions in these other areas and that it is not in the scope or knowledge of anyone here try and imply anything otherwise. Please stick to the questions and shorten up these post tremendously!!
What they need is a parent and Cisco is a lousy one.
Nice quip, but completely wrong. You just made the argument that you should never put a lock on the cabinet under the sink with all the nasty chemicals because if you use a lock, then you are having that lock be the parent and that lock is a lousy parent. You don't abandon locks on dangerous chemicals because using a lock means you are a bad parent. I've taught my kids to not go under the sink. And they don't. And there's a lock on it anyway. I guess by your reasoning I'm a bad parent using a lock for a parent, but I'd rather have the lock than to find my 3 year old drank drain-o.
It's possible to use technology (like a lock on a cabinet) to assist you in being a parent.
And don't put the PC in their room. Putting the PCs in the family room is not limiting access. Putting down firewalls and time limits is limiting.
Great, so you are telling the person asking the question that they are doing wrong. "How do I fix my Toyota?" and your answer is "Screw Toyota, get a bicycle." It might be the better solution, but isn't an answer to the question asked. They want to get the PC out of the shared space. They want to get it in the rooms. So how do they do that best? Your answer? "Don't do it." I understand your answer, but it isn't an answer to the question asked, and I've been confining my comments to the question asked. If you have fundamental issues with the question itself, then everything you say is off topic.
Learn to love Alaska
One cannot solve social problems with technical solutions.
The only exception is shooting.
How is not filtering their internet access and instead actively communicating with them about what should and shouldn't be done online encouraging bad behavior?
For someone that whines about rhetorical tricks, you moved to the strawman pretty quickly. For one, I never addressed the issue of them looking for porn.
So you are ok with your kids being on AIM all day looking for older guys who make them feel special? Or surfing porn all day?
What's wrong with this picture?
Regardless, I see you can dish it out but you can't take it. Sucks when a troll user gets out-trolled by the legion of AC, but you lose nonetheless. Have a lovely day, and do try to lighten up.
If you get any useful information out of this thread, I'd be interested in it as well. My 6 and 8 year old boys have been directed to some inappropriate Web sites by one of the older boys' friends. I've switched our home network to OpenDNS, but that's not the same thing as true content filtering. The computers are already in a public place, and we've spoken about the sites to avoid. Heck, it was my 8 year old who first brought up the word "inappropriate" in context. But having said all of that, an extra layer of content filtering would make me happier.
and turn the things off when you don't want them to use it.
That project you stated looks fare to complex for a single home user to manage. Yes you could get OS X/Windows 7/Linux to have schedules to shut things down, block sites etc... but really it is easier and cheaper to have a lockable cupboard and lock the computer/s up when you don't want them to be use and just make rules for your kids to follow about usage hours/grounding etc...
Don't rely on technology to parent for you (from a family of 4) you need to do it yourself. If you don't trust your kids with what they look up when you are not there then only bring out the computers when you are there.
One thing to note; children will _ALWAYS_ find a way around any security/punishment you give them (even the physical one I am talking about). The best solution to this is active parenting and trying to be an unobtrusive part of their lives
It said "windows 98 or better" so I installed Linux
Apparently you didn't read well enough, but *he* is going to be managing it for *his* kids, so you don't have to worry about "the parent...never us[ing] it."
Non sequitur. For one, the person I responded to said nothing about "communicating" with the children. For another, what do you do if you *know* they are doing something wrong? Let them do it anyway and live with the consequences? Or work to protect them if they refuse to protect themselves?
And it's encouraging bad behavior by setting no limits for them and giving them the access to act out on the bad behavior with no restraint, monitoring, or controls at all.
Learn to love Alaska
Run Windows 7 Pro on the client machines joined to a Server 2008 R2 domain. Enforce Group Policies. Use TrendMicro. Run an IPCop (linux distro) firewall with BOT and URL Filter add-ons. Finally, use NAGIOS to monitor it all. Enough said. Oh, hopefully you have a BIG budget.
everything looks like a nail.
The complexity and ongoing maintenance (nevermind teaching how to actually use these things) of setting up a full group policy domain.... for 3 PCs.... to be administered by a non tech savvy, time-limited single parent...
Seriously you're so much better off teaching them a few PC basics and installing a few filters etc. on their PCs. And meatspace solutions (e.g. physically locking away PCs or kb/mice). I'm not going to get into the censorship/freedom thing, its not my (or your) kids....
Worked fine for me growing up, parents would say 'no more nintendo' and enforce it with a stick lol.
I've got to agree, especially now that you can get OSX Server in a Mac Mini relatively cheaply. I tried Windows and Linux, but (as a parent) OSX was the easiest to set up and just get on with life. The caveat is that it's only easy if everything in your house is a Mac - you may or may not want to go down that route.
You must be one of those kids who never knew that their parent's called your friend's parents and checked if you were actually there. Before the advent of the telephone, parents just talked to each other, "Hey, little Timmy said he was with you and your kid playing baseball last week, how did the game go?" Kids might not get caught misbehaving as quickly, but they still would get caught.
New technology, new times, new ways of keeping an eye on your kids. By your animosity, either your parents were quite over the line of reasonable, or you feel you were raised fine with no parental involvement so someone else's kids should be too. Both are very weak arguments.
My family fixed this by keeping all the computers in the Living room. This meant that we never had to worry about late night computer us and it would just be a quick glance over a shoulder to see what they are up to.
I believe SafeEyes will do most if not all of that. Yes, they will have to pay 50 bucks a year but you won't need to admin a box on their home network.
Yeah. You can communicate with your children. You can believe that you raised the most trustworthy and honest children around but at the end of the day...they are still children. This means that they are likely to do something stupid somewhere along the line. When I was younger most of my friends were good students whose parents trusted them a lot. 95% of the time, they were doing stuff that they were supposed to do. The other 5% of the time some serious debauchery ensued. Looking back I realize "Hey! We could have been maimed, arrested, or killed! What the fuck were we thinking?"
As a parent and as also an admin who has to worry that co-workers will act like kids, I have both some experience and some tips in this area. The most important tip is to know your kids and care about them. Train them to be safe and teach them morals. With my kids, I use the motto: Trust but verify.
All this comes with a cost of your time and effort. The tools built into the typical router can do a lot of the work for you, but you give up some control. Also, consider your target audience, if your kids are bright teenagers, then they will look at ways around the system. They will almost certainly try to browse by IP or through proxies. If this is a potential issue, then you should also look at setting up a transparent squid proxy and blocking 443 and other ports for addresses not explicitly allowed.
VNC: I didn't list VNC because I don't personally use it at the moment, but I have in the past and it can be a very useful tool. If you use it, I recommend you don't set it to run automatically, but rather start the service when you want to use it with remote commands. In a few cases I've done this so that I could monitor activity without any obvious indication.
B) Eliminate all the stupid users. This is frowned upon by society.
The majority of what you want to do can be done with little more powerful linux based home router/firewall/proxy running a third-party OS like OpenWRT, DD-WRT, or others. If you get a router with a powerful enough CPU and enough RAM, you should be able to have no problems running squid (a proxy service) to restrict access to the internet during your specified time-frames, or to revoke internet access completely (as in your example as a punishment/grounding): http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid
I would first setup each of your three systems to use MAC Address based DHCP connections to force the specific computer to get a specific IP address. This is easily done using the web-gui on most of the third party linux router OS's out there, or simply by command line using dnsmasq and editing the dnsmasq.conf file (add the following line for each host, "dhcp-host=00:00:00:00:00:00,192.168.1.10,infinite", replacing the "00:00:00:00:00:00" with the MAC address of the specific system, and replace the "192.168.1.10" with the IP address you wish the machine to use). You can also associate a hostname to that IP address, typically by editing a "hosts.dnsmasq" file and putting the IP address followed by a space or tab, and then the name you wish to use, like computer1, or server, or whatever you want to call it so you don't have to remember what the IP address to the host is, just the hostname that you gave it.
For antivirus, that gets a little more complicated when run at the router level, since you need pretty good router hardware for it to work (since it has to inspect each packet, not just read the header and pass it on to the correct system). PacketProtector is an addon/custom version of OpenWRT which does have antivirus integrated into it. However, you would be better doing this at the client level, not the network or server (well run it on the server as well, but just not as remove scans).
Your final question as to remote shutdowns, monitoring, well, you can do that pretty simply yourself just using "ping" to see if it has an IP address and if it responds, well you know it is up and running. And since you have already setup hostnames instead of just using IP addresses, it is a lot easier to just do a "ping kid1" than "ping 192.168.1.10" and know which computer that really is so that you yell at the correct offender...
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Gee, with an intelligent, rational, calm, and compassionate response like that, I'm sure you must be an amazing parent! Not only does your adolescent insult show how in-touch you are with today's youth, you've managed to come up a solution to an eons-old problem with one word. Talk! Yes, it's so simple! You just... Talk!
We won't bother worrying about trivial details like "what to talk about" or "when" or unnecessary, complicated details like "what does this child's psyche respond to best". As long as you just talk, it's aaaaall going to be ooookay.
You could market a book on this. Of course, it would only be one word on a single page, so you might have trouble getting a copyright, but hey, as long as you're helping to mold today's youth into tomorrow's perfect leaders, who cares, right?
So you are ok with your kids being on AIM all day looking for older guys who make them feel special?
It's good to feel special. It's good for self esteem.
Or, even doing what you want and accidentally running across goatse guy?
Hey, my daughter wants to be a doctor anyway. She'll just need to switch from cardiology to proctology, that's all.
... sorry, but kids circumvented parents attempts to control reading material. Kids can and will circumvent any techy attempts by a parent to control things unless they are dolts and their parents are geeks. And lets face it geeks breed true. The OP says they are not computer savvy so the idea they can win this arms race is silly.
To think parenting via proxy (ho ho) works is just kidding yourself.
Build responsiblity and trust, and take their computer away for a while if they break this by failing in reasonable responsibilities you set them... like getting bad grades.
Micromanagement just means they have to develop responsibility later. They will run a system off a CD, hack the server, hack a local WLAN, take photos of themselves on their phones and MMS them, etc. etc. etc..
Why don't you try trusting your kids instead of treating them like inmates?
"So you are ok with your kids being on AIM all day looking for older guys who make them feel special? Or surfing porn all day?"
I'll go out on a limb and assume that OP would want to communicate that these are bad things.
Wow, way to miss the joke douche. How's the sense of humour bypass working out for you.
But your douchebaggery aside, children will get a better understanding of how things work if they get to mess around with it. It is actually a good idea to give a child a semi-working machine and let them solve the problems. It depends on whether you want to raise a drone who does what everyone else does or a person who can actually use their head to get around problems.
Calling someone a "hater" only means you can not rationally rebut their argument.
As has been mentioned many times by at least unity100 and BigDish in terms of effort but in the vein of houstonbofh: a system can be made to do this in a variety of ways. And maybe for younger kids some of the censorship is ok and off-the-shelf routers provide this easily. But the reality is, be a parent. If they are grounded and that is part of the grounding then take the power cords if they've proven they will use it when grounded. It is your roof they are living under, if they don't like it then suggest they find more amenable living conditions. Sorry, but I have 3 daughters the youngest 18 now and they will respect you more when you do that. I understand we want to use technology to ease our lives but raising children is not an area to do this in. At least not in this manner. If they circumvented anything I did I'd have to smile at that because could respect that. Would you rather have them discover something unseemly on the internet under your roof or would you rather have that first discovery be when they are on their own. Seems like a good learning experience with you present.
Look at IPCop Firewall You can add a content filter and deny by MAC or IP It should do most of what you want to do as far as filtering and monitoring goes
Yeah, but if you teach your kids not to allow strangers to touch their peepers and that pron is a mindless waste of time, they will have the foundational skills to learn on their own through small mistakes. If you simply ban it, they will rebel and make big mistakes. If you have a 14 or 15 year old kid, they are looking at porn already at their friend's house with the less restrictive parents or finding some other way or hell, actually having sex. And kids are smart enough not to be exploited. That is so rare, it is like getting struck by lightning. And you probably aren't chasing your kids around during thunderstorms to make sure they stay away from trees and don't hold long metal rods in the sky....lighten up! They are smarter than you think. Respect is something that is built on trust--YOUR trust in them. Teenage kids today are in a lot of ways much more mature than 20-30 years ago (as far as social interactions and such), and in a lot of ways much less (sheltering overbearing parents, dangerous levels of self-esteem, medicated minds).
I'll go out on a limb and assume that OP would want to communicate that these are bad things.
You'd think. But they he said he wouldn't stop them from doing anything bad with things like filters, so he'd say "that's bad" and let them do it. But he didn't address what to do if he communicated with them and they didn't listen. We either assume that they'll always listen to their parents. It's never happened, but he could be the first. Or, we could assume that he's an idiot that doesn't know how to be a good parent, but has some quips that he thinks will make him look smart on the Internet. Apparently, if you talk to your kids occasionally, you can trust them 100% and any attempt to verify that trust means you are a bad parent.
Learn to love Alaska
Disclaimer: I don't have kids, and I grew up as the computer expert in my house (I paid for internet access out of my allowance). Take my opinion with whatever amount of salt you find appropriate.
I learned growing up that I could always get access to the internet at a place where my parents couldn't reach me (friend, public library, internet cafe). I assume this hasn't changed today.
Or, even doing what you want and accidentally running across goatse guy?
Well, you know who goatse is and what he looks like. Look at the horrible damages that knowledge caused you! Wait, it didn't? Oh well; I learned about him in my secondary education ("High School", except Danish), so at an age between sixteen and eighteen. Didn't do me much harm.
So you are ok with your kids being on AIM all day looking for older guys who make them feel special? Or surfing porn all day?
Wait, does your firewall come with a "drop conversations from older guys" filter? Does it come with a "allow a little porn but don't feed porn addiction" filter?
I think the way to have youngsters avoid the bad sides of the internet is to talk clearly (no-bullshit) about what they are, why they are bad, how they work, and then about how they can be avoided.
Don't just impose a rule on them---show them the goal the rule is meant to accomplish, get them to agree with the goal, then suggest the rule to them. Especially don't have a robot (router) impose the rule on them.
He's not looking to be the gestapo.
No, he's looking for the router to be the gestapo---a faceless machinery enforcing the rules of a dictatorship.
Talk to kids. Get them to understand what the dangers are and how to protect against them. Get them to agree, first of all. Because if they don't they'll break the rule, and if they do you didn't need a rule in the first place.
I would, even if you might not like it, recommend Windows Live Family Safety. It offers great parental control options like blocking websites, reporting, time limits, gaming restrictions etc. It needs Windows Live installed, but heck I don't care as long as I don't spend too much time setting this up.
Why bother? Get three corded computers, put them in a common area, if it breaks they have to deal with.
If you're awesome, set up a Windows box, Mac, and Linux machine to expose them to all three big worlds with multiuser accounts on each.
Accept the younger generation is smarter than you and will easily circumvent any idle attempts at restriction.
Unless your genuine intent is to spur the next generation of defcon attendees, just let them learn how to compute while they still live in your house.
Before a certain age? No. I couldn't even explain it to them adequately. Once they're teens? I think it's OK for them to learn that not every unknown link should be trusted. (To be fair, Rickrolling serves the same purpose in a milder manner. I sure wish I'd learned about strange links via Rickrolls, rather than the eyefuls of various "Dear god, why??" sorts of pictures.
On the other hand, I don't plan to let them on the internet without supervision. :)
go for Edubuntu and make thin clients, i manage a cluster of 10 outdated computers, connected to a single server that does the job for all the rest, everything is centralized, and cheap!
Teaching the kids how to spot a pedo on AIM is a valuable thing...
That being said:
How will the kid be damaged by the goatse guy? Having stumbled upon such things around the age of 14 I remember a mix of "what the -fuck- is that....." to "why would anyone...." to "kill it, kill it with fiiiire!" responses. :-p
Surfing porn all day? So what... There is a time and place for everything. A good fap wont kill the kid
Now, I'm neither an axe murderer or a rapist and have a healthy attitude towards most things...
When it comes to the simple act of cutting off access the simplest and most effective thing to do is just unplugging the cable at the distribution point. Very simple, no complexity.
Should the kid disobey and just replug it then deal with that. For example just take the computer for a week. Teach them the need to obey simple rules.
My parents are both teachers and personally I think that makes them more in touch with reality than most parents.
The parent who lets their 14 year old have access to unfiltered internet is not the problem. The parent that doesnt care or doesnt treat their kids right is.
Teachers get to see all the messed up kids... Some are messed up before they even get to kindergarden and the number of cases with child services involved is quite large.
None of these problems are because of the kid having a fap every now and then... or having seen the goatse man...
From how the original poster presented his issue I doubt he has anything to worry about regarding the kids. They seem to be in a fairly 'safe' home situation and giving them :-p
access to internet wont change that. Being open about what is out there is a good thing, blocking it so that they wont know what -is- out there is stupid and dangerous.
Kids will get access to unfiltered internet and having it in their own home is a hell of a lot better than finding out your 14-year old has been hanging out with that 16-year old
smoking misfit that has unfiltered internet at home
I'm getting ranty... time for work :-p
Methinks you are underestimating how the conversation would go. This looks an awfully lot like a strawman to me.
-- Linux user #369862
Something like a TZ 100/200 if you just want a box
http://www.sonicwall.com/us/products/TZ_Series.html
Would do much of what you require, though there is a yearly license cost for the security features. Even the forcing of a anti-virus client / scan.
You can even set the content filter to not apply to your port.. ;)
You should focus on _education_ rather than spend your time on methods of forcing restriction through access control
Lock the kids out of admin/root access on the mini.
Job done.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
So, just to be clear, you are arguing that it's safer for them to talk to strangers online in that mental state than to not talk to strangers online?
He is arguing that it is better for the kid to get some support from her parents, since just cutting the internet doesnt deminish the need for someone to talk too, cut off the internet and dont step in, and he/she will just find someone else in real life (which might end up good, i.e. a teacher/coach, or might end up bad, a pervy teacher/coach)
Technology is no substitute for actual parenting
People, what a bunch of bastards
Look into using pfSense .. there are addons that can help you achieve all that you need.
Methinks you are underestimating how the conversation would go.
He said he'd have a conversation but wouldn't do anything to actually protect them. How else do you think it will go?
This looks an awfully lot like a strawman to me.
Yes it does, I don't know why I got suckered in by it. He claims he'll talk to his children and that will make it so he'll never have to restrict them. What point did I get wrong?
Learn to love Alaska
Technology is no substitute for actual parenting
Ah, I got it. He was using the false dichotomy to invent a strawman to attack. No one has ever claimed that turning on a firewall means you never have to talk to your children again. But for your statement to be true, that would have to be a premise. Since it's obviously not, then I don't see what the problem is.
Why is a firewall plus talking worse than talking alone, assuming the talk is as effective in both circumstances?
Learn to love Alaska
Thanks for spending the time to actually paste in your rant. I hope you feel better now.
endian firewall http://www.endian.com/en/community/
From the website:
m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP
Remind me how this was mistaken for an advantage.
Sorry I can't read through all 417 previous comments so may be my answer is useless.
Anyway what you're looking for is pretty close to an educational suite, so I suggest you check out edubuntu.org.
Hope that helps.
Tof
What about Apple Remote Desktop? It has most of these features in an easy-to-fathom-for-the-occasional-tecky interface.
You're missing the point. If you want to restrict your kids 100% then yes filtering etc. is the way to go. I don't believe in this, as I was not raised this way. Internet use, just like other things like drinking, drugs etc. were taught by my parents through conversation. They told me, don't do those things they are bad. Some of them I tried anyway. I got drunk one night aged 14, came home, and went to bed. They scolded me, but said my incredible hangover was probably punishment enough, and left it alone. I didn't drink again until I was of age (except for the odd beer my dad would give me on special occasions at home).
I never did much in the form of drugs or smoking. My parents are proud of me for growing up and succeeding, according to their guidelines, which proves they were right. They never believed in censoring my internet. I was allowed to listen to any music I wanted even if it contained obscene words. The only thing they banned me from was war games, and violent games. Which at the time I thought was incredibly unfair, but now I see how sick the American culture is (violence is ok, bad words/tits is a big no).
You're missing the point. If you want to restrict your kids 100% then yes filtering etc. is the way to go. I don't believe in this, as I was not raised this way.
So, your point in response to the question of "I would like to set up rules and filters for my children, what's the best way?" is "That makes you a bad parent."
I don't think I'm missing the point. Why is it that when I ever disagree with someone, they assume I'm stupid. I get it. I disagree. I think that there's nothing wrong with putting a lock on the cabinet leading to the drain-o when I have small children living in the house. The technology of a lock isn't being the parent. And yes, it's restrictive. If you are really arguing that you think it's child abuse to keep your child out of the drain-o, go for it.
But whining about other people that want to prevent their children from learning that the stove is hot with a 3-week trip to the emergency room (yes, I know one that ended up that way) seems absurd. Sure, most children just get a little burn on their hand, but some manage to pull boiling liquid on themselves. Why not teach them it's hot *and* keep them away from the stove while cooking?
Learn to love Alaska
Buy a cheap router, DLink or any one else. that support scheduled filtering.. I know mine does.
In college they will be using Macs, and people of their generation overwhelmingly use Macs
If they want to get a job they'd better become familiar with Windows. Even better - all 3.
Your stove example works, but is not an apt simile. What TFA suggests in this case is putting up a barrier between the child and the stove, so that the child never sees or has access to the stove until he is old enough to cook on it; and then he has no idea about the nature of stoves.
I hate the concept of internet filtering (by parents or otherwise) as I believe it is another step toward turning people into drones.
I had an undroneful life even before the internet... you insensitive clod!
Locking the drain-o away is, indeed, necessary. I don't think anyone would argue that, unless the kid is 15...again it is down to age, whether they are old enough to judge. Also, drinking drain cleaner is almost always harmful, and very dangerous. Seeing goatse isn't. You do not die from seeing an anus stretched open.
Similar situation, but younger kids.
Online is a big part of what they do at school these days.
I can trust my kids, however I have no desire for them to wind up on the seamy side of the internet by happenstance, or their system to get malwared to death either.
For the windows (XP) PCs (you'll get lots of Server/Linux advice here...) we are setup as follows (note - these are all free options):
1 - DNS set to OpenDNS, and set to do some basic filtering
2 - loaded K9 (by Bluecoat) on the kids machines for granular filtering
3 - Firefox, NoScript, ABP
4 - Avast, AdAware
5 - logmein for remote access if needed
6 - systems in a public room (not in their bedrooms) so access times, overgaming, and withdrawel from family are less problematic
I find the above pretty hands-off. Once in a while (once a month...) they need to get somewhere that is blocked, but it isn't common and they just come ask one of us to open it up. I tried running them in user, and then power user, mode but that was a constant pain and I gave up on it (meh..)
as always with such advice, ymmv.
--- Mercutio was right.
Look, sooner or later your precious little angel will see that pic. He or she will also see many other disgusting things, both in real life, on television, and on the web. You can't prevent that, but hopefully you can give enough context to allow little Junior or Princess to assimilate it and get on with his or her life.
However, giving 'context' to a developing brain takes time. Just because a toddler can play on the Thomas the Tank Engine website - doesn't mean their ready to see footage of dismembered bodies
Little minds should not be subjected to the emotional trauma of visual images of crimes being perpetrated / people coming to grief etc.
...you really have trust issues with your kidlets. However, Here's something I would try.
Set up a NIS server master which also has the router/firewall/ACL/etc on it. All the kids' computers are Linux NIS clients reporting to the master server. The master server can lock accounts so they can't log in anywhere when being punished for being a kid. The server will control access times (and who can access what), plus it can act as a central storage location (in addition to the NIS profiles) for files or what have you. And since each profile is roaming, anyone can log on anywhere and still access their accounts/data/stuff. With a good and secure root password on each workstation, the kids can't install anything you don't want them to have (like torrent programs), and there are several antivirus/antimalware solutions (free) for Linux use that will serve your purpose nicely.
ClearOS (I used the earlier ClarkConnect 3.x and 4.x) was ok but a bit more than I needed (web shares and pages were more than I
needed).
I've added most of what I need on top of IPCOP. Filtering, time based controls are available.
I put in my own dhcp and dns to allow me to redirect the gateway to a non-existant IP so I can have a time period when my kid can use the network based printer and computer for homework -- but not get to the outside world to screw around with Social Networking or games... I ssh in and run a script to restart dhcp to allow access to the outside when the work's done.
Having openvpn so I can get to the home network securely was a plus.
Instead I would place the computer in one room (not their bedrooms) so you can control it, secondly I would only buy one computer, as it is not cheap these days, and I would buy one of these thin client units...from tigerdirect...
http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=15398&sku=N316-1014
which allows you to set up as many people (up to 4 per unit) per one computer.
Thirdly, I would hire a geek squad dude (or put an add in the paper saying you need an admin to help quickly set up accounts on a machine for 40$) to come to my house and configure the 3 kid accounts and do all the AV install etc...
for usually about 30 or 40$ per hour, as this is child's play for a learned admin, he will set up limited accounts, and tell you how to use your system....also keep his number handy. What he will do in 15 minutes will take you all day to figure out....also
he may even be able to set up the rest of the kids consoles (if you have a wireless router) such as playstation xbox etc...
to allow your kids to access internet from their other consoles....keeping the pc time to a minimum....unless they have no consoles.
Make sure to also ask for a backup of the router configs, in case he has to come in afterwards to reset it, as it is very easy to do from a backup when someone fiddled by accident or on purpose with your router. Also backup of the pc would be nice too, into
a separate drive or partition that way if you ever get a virus and need to reinstall, you dont lose personal files because everyone KNOWS to keep their personal stuff in their personal folders on tat separate driver or partition.
not the latest betas of vmware player that let you do full 3d acceleration. the future is awesome.
total bill $1,650 with keyboard docks.
Lay down the rules and trust your kids to do the right thing then spy on them and cut them off for infractions.
Use OpenDNS Deluxe (9.95/year) for security, content filtering, etc. and work on your parenting skills for the rest.
If you control the network, you control everything. Many router firmware lets you control access, but you'll want a full proxy server to manage/limit everything on their systems.
Keep the PCs in public places, no laptops. Take snapshots of the desktop every 5-30 min or so. Save them to a central server that you have access, but they don't. ...
Use a filtering DNS service on the proxy server. Set the network/DHCP DNS to your internal DNS running on the proxy and block all other DNS requests not from the proxy server.
Block all external access except from the proxy using MAC filtering on the router. It isn't foolproof, but
Perform content filtering at the proxy - you must have a proxy. Nothing that doesn't go thru the proxy should be allowed out or in. Nothing. That means you have an "deny service" standard by default. Tell your kids. You can proxy most things, but probably not Skype or screen sharing apps.
Controlling hours of access will get old, especially when there are deadlines, but I guess you have to do it. Review the proxy logs and don't tell them ... until there is something that is an issue. Then tell 1.
You can setup a bypass for your work laptop so IPSec works, but I'd avoid doing that. Your PCs should be as limited as theirs so it doesn't become the new target to "get out."
Test with bootable CDs to ensure your setup can't be bypassed. Actively test by forcing direct IP addresses and different DNS servers, slightly different adult content words, etc. Much of the heavy lifting should be stopped by the DNS content filtering.
Monowall and similar should be checked out too.
In the end, the only way around your settings should be going to a friends home. You can't stop that, but going through the effort you are planning sets a clear example and that means more for your children in the long run. I hate that my parents forced their morals onto me. It sucks - it really sucks and I'm almost 45 yrs old.
There's been lots of good advice posted here, but (as my son taught me) it can all be circumvented if your child(ren) simply plug their laptops directly into your broadband router, thus bypassing the server you want to use to limit/monitor their online activity. Your first step should be to secure physical access to your broadband router and any direct connections to it (if your kid unplugs the ethernet cable from your server and plugs that into his laptop, he's connected directly to the broadband router...).
The kids from tfs are a little old to be worrying about drinking drain-o. I think you make sense if you change the age to like 6. Also, no access to drain-o isn't a big deal. In many places no access to internet is becoming almost a human rights issue.
Make sure your neighbors have their wireless locked down otherwise your kids will just connect to any open wireless network and bypass all your hard work.
It's pathetic that so many of you haven't even attempted to help this person instead of judging them on their parenting skills.
Single Parent,
If money is not to much of an issue, try looking into the "Barracuda" line of Webfilters. This will do a lot of what your looking to do. Pricey but VERY worth it.
>>I agree but one should still be able to review logs of places the kids (or their friends) have been. I'm their parent, not just their friend.
>So I'm assuming you're one of the power obsessed parents who uses Verizon's "family stalker" app to make sure you know when your kid is peeing and if they stopped to get ice cream or not?
No, I don't think I was a Nazi for wanting to review what sites my then eleven-year-old daughter visited on the Internet over her unfiltered connection from a computer in her bedroom.
You know what the first thing I learned by this practice? That a whole lot of people wanted to sell things to my daughter over this shiny new Internet thingy. And they were capable of doing it with unblockable pop-ups of cute animated kittens. They also wanted to infiltrate my daughter's computer with all sorts of software so they could pop up little reminders with cute animated kittens or track her browsing patterns whenever they needed to. In the end their little plans came to a halt in this household because I'm a geeky parent who uses Linux and knew how to set up a transparent web proxy. Some of these early attempts at surveillance by marketers were poorly written and caused problems with her (then XP) computer. When this happened I was able to consult the logs, see where this crap came from, and block it. Reviewing these logs really helped me understand how to begin dealing with the enormous amount of exploitative junk on the Internet that's targeted at our children.
You'll notice none of my concerns have to do with porn or predation or any of the usual subjects that come up whenever we discuss parental filtering on Slashdot. I had no qualms trusting my daughter to make the right choices for herself on the Internet because I had trusted her to do many other responsible things in her young life. I had no choice in this matter; I was a single father with a young child. That didn't mean I was going to abandon all parental responsibility for her use of the Internet. I logged her traffic for a while, reviewed the logs a few times over the first year or so, then stopped logging. She knew I was logging and knew I could block her access if I wished. She watched me review the log to help diagnose what was wrong with her computer and was happy I could use it to block some of the places that were giving her trouble.
I'm as disgusted as you are by the exploitation of fear represented by products like "family tracking" services. Unfortunately, in the current climate, fear sells. I gave my daughter a cell phone when she entered middle school to help her become more liberated not to be tracked like a lab rat. But I chose to buy her a prepaid phone from Virgin so I could control how much time she spent on the phone. Like my decision to allow unrestricted, but monitored, access to the Internet, I tried to find the right solution that maximized her freedom while not abandoning my responsibilities as her parent to help her make the right decisions.
That's called being a parent, not a storm trooper. "Trust, but verify" as Ronnie said.
As to the OP, I think you're creating a monster for yourself to manage. Parenting is hard, but you've got a lot more experience managing your kids than you have managing a complex network configuration. From what you wrote, I'd suggest the following:
1) See if you can control time-of-day access using the administrative interface of your router. That's probably the easiest method to solve that problem. My Linksys router includes this feature.
2) Take a look at Dan's Guardian as a filtering mechanism if you must have one. It'll run fine on that ten-year-old computer the kids are using now.
3) Use Firefox with AdBlock Plus and perhaps Flashblock as well.
4) Use Linux on the client computers. Yes, yes, I know, gaming, blah, blah, blah. You'll save yourselves a lot of hassle if you don't run Windows, and your kids will get acc
Forgot the computer crap and be a parent.
You don't need fancy high-tech solutions to simple low-tech problems. You want to know if your kid's computer is turned on or off? Walk into the family room and see if the kid is sitting on the computer. You want to make sure your kid isn't on the PC after 11pm? Turn off the computer.
Having a fancy software based solution for the generic single Mom isn't going to work.
Beyond that, kids aren't stupid. If you give the kid a PC that some central server monitors to see if it's turned on, particularly if it's being administered by a n0ob Mom; they are going to realize they can disable the software that provides that info to the server. Or, that by disconnecting the network cable/wireless adapter, the server views the machine as off.
Same deal with the internet. Odds are, there are unsecured wireless connections your kid can use to get on your neighbors connection and they can surf anything they want without your detection. Aside from that, unless you are going to completely cripple the usefulness of the internet; they'll always be able to connect to some proxy and get content that way.
And, whatever material you don't want them seeing on the internet - their buddy Tom, he's got a portable hard-drive filled with 400 gigs of that stuff. And he'll gladly let your kid copy it to his PC.
When I was in junior high, my and my loser friends would install Linux partitions on my family computers. With a boot disk, we could load up into Linux and access the content we didn't want our family to know about (IE - porn).
Bottom line is - this won't work. The amount of effort that would go into setting up and monitoring this system would be huge for a non-techie AND it wouldn't be effective. The better solution is to be a good parent, spend time with your kids, and realize you can't stop them from ever doing or seeing anything bad or scary on the internet.
If the parent is too lazy to do that; you are better off just installing spyware on the kid's PCs. Then Mom can get weekly e-mail of what nasty stuff her snowflakes were doing on the internet. But in either case, the kids will get around the security measures.
You do not need any servers or any additional infrastructure. Use what your kids are already used to in school, a classroom management tool, just make sure you pick up a family pack as those things are not cheap if buying for home use. Check out Insight home edition, it is around $100 and controls up to three nodes. In addition to the features you are looking for, you can monitor their screens in real time.
You either dont have kids, they have not reached that age, or you are completely oblivious. And even if none of that was the case, kids can still have the best intentions and go wrong due to trickery, predatory behavior, and many other things.
Filter ads and to protect from accidents, trust kids, but verify by logging or checking PC's occasionally. Don't make a big deal about it until you see something objectionable.
Limiting night time access is probably good if your kids have a bedtime, if they are free rangers who pass out in the hallway like my neighbors 3 year old, let them have all night access since you obviously can't invest the time to parent.
Talk to your kids, teach your kids, but parenting also requires setting rules and dishing out consequences.
Nobody has mentioned thin client yet, for shame. I use NoMachine on my home server. You could limit external browsing to that machine only. Give them a published firefox session. Their PC's won't get malware and they can save file to their network drive and transfer them to their pc if need be. Teach them to save on the network, please god, teach them to save on the network...
Cheap storage VM.
but how we wish we did...
Cheap storage VM.
Buying your kids a mac is like forcing them to be left handed. It's borderline child abuse, IMHO.
Cheap storage VM.
I found I already owned a router that allowed me to control we access hours I just set static IP's on the target machines and gave them restricted access to the web...
I use OPENDNS.com for the parental controls... I direct the router to OpenDNS for its dns lookups...
and I have installed a opensource program called iTalc to monitor the users on the machines... iTalc requires a small client on the users machine and an admin install on the teachers machine... you can then view what is going on, take control of a user or shut them down...
Remember to have the kids login as users not admins... take away those admin rights!
Easy to install, very inexpensive and remarkably effective... Especially with the users knowing I can monitor what they are doing at any time, even from work... Remember you don't always have to go so far as to cut access off, often all the user needs is to know and see you have all the tools to do it.
I've watched enough kids to know that a 3 year old must be a mentally retarded, or just had really poor parenting to drink drain-o. By 2 years, my kids and the other kids I've known would never drink dran-o, because parents know enough to teach them that was poison and not to touch it. We never really needed childlocks, but did use them during the 6 month period when they first started to move around on their own.
Lanschool does most of the management side of what you are talking about. For the antivirus you'd need to look at a centrally managed AV solution like ESET.
You may also look at a product like NComputing to turn one computer into multiple computers. Save you on hardware and space.
So enforcing a bedtime of 11 p.m. by turning off the router is a human rights issue?
Learn to love Alaska
You must be one of those kids who never knew that their parent's called your friend's parents and checked if you were actually there.
No, I know for a fact that they didn't. Hell, even from being as young as 5 or 6 years old I was allowed to go where I wanted in the summer - I didn't have to file any plans, I didn't have a radio tag on me, I was allowed to go where I wanted and do what I want with the only rule being "Be home by dark". My parents trusted me to not do something I shouldn't and not to do something stupid and get myself killed. That's what happens when parents treat kids like human beings - they become capable of making intelligent decisions and looking out for themselves from an early age. They used to do it that way for all of history up until the last 30-40 years, and it worked well for raising responsible people who could take care of themselves. I've have a job since I was 10 because I was already responsible enough for it - no complaining, never missed a day either.
By your animosity, either your parents were quite over the line of reasonable, or you feel you were raised fine with no parental involvement so someone else's kids should be too.
Neither - my parents did a great job of having rules and teaching us right from wrong, but they also treated us like human beings and let us make out own decisions - if we made a bad one, we had to suffer the consequences. That's part of being a good parent - teaching kids personal responsibility and teaching them to be independent.
Both are very weak arguments.
Amusingly, you provided no argument to support your position of ruling with an iron fist and treating children as inhuman creatures that are incapable of thought.
"The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." ~Thomas Jefferson
check out eBox.com
i'm using it as a proxy server. took me 20min to set up.
FWIW...
My brother put his children on Ubuntu, set up and configured a CentOS machine so he could SSH in and manually enable/disable mac addresses access to the internet, scheduled that access as well. Watches his logs, etc. Does the monitoring as needed. The kids also had troubles bypassing his rules when using Windows machines as well because they did not have the pword to the server. Admittedly, this took more work than a simple web page, and he has had some experience working on a hotel software helpdesk doing similar admin for multiple chains, but once it was set up (only took a little time, and familiarity with ipchains/iptables and scripting...), very little maintenance was required. He also runs his own mail server to help keep spam and other unwanted email under control. His kids computers are also beside his so he can keep that watchful eye on them. All their Windows games run just fine under Wine...
It can definitely be done, but if you want a web interface to all that, you may be forced to write the pages yourself... Might even be better that way. And, of course, YMMV.
Win7 does all this pretty well. IN a surprisingly forward thinking move, MS has been planning and working towards have people with limited computer knowledge running home networks.
It's a lot easier then any Linux distro I have used for home management.
The Kruger Dunning explains most post on
I think that the best way of grounding the kid would be disconnecting the damn tower and stashing it away. A software block would be an extra security on the kid since it's not hard to set up a tower again. Also, find out the ports of the games and other apps that you allow them to use. S/he has a fairly decent security policy so I would say have at it.
I want to set up three kids, 12, 14, and 15, with newer computers so they will stop fighting for time on the one ten-year-old Dell they share now. I can get the individual computers and a server put together without any problems, but the computer-handicapped single parent needs to be able to do the following via an simple application/web page: View client computer status, On/off, sleeping etc.; Deny Internet access, not LAN, just the web; Schedule time usage of computer, ex. 7 am to 10 pm on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes; and Apply some kind of firewall filter for blocking undesired web content. And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task; Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms. Given the lists above I am thinking about a Linux-based router/server machine and running Windows on the clients for game compatibility. I also know that a server and network boot client is possible but not sure where to start on that one.
If games are not an option, I would get 1 good terminal server and let them connect with linux based HP thin clients as users, not admins. Filter Internet Access: OpenDNS, Deny Internet Access: Group Policy to redirect traffic to a false proxy, You could do a local allowance group on the server to allow connectivity to log into terminal services, for grounding purposes. Install Symantec SEP on it, use that firewall for possible whitelisting or blacklisting. Expensive initial server and limited game functionality however.