Block Porn on home network

Toggle sidebar Toggle sidebar
bjornl

bjornl

Honorable
Mar 16, 2016
2,962
2
10,965
Hi all,

I'm looking for a gateway that has half decent content filtering. Something like iBoss, Websense, etc but for a home environment.

I'm aware of OpenDNS and the limited free Sofos software. But I would prefer a simple appliance as I have limited space for this item to sit in and buying, configuring and maintaining yet another PC seems tedious.

I would prefer a wired only device as I have good wireless APs already and would like to just plug this inbetween the current APs/switches/etc and the internet.
 
Solution
USAFRet


They do small appliances as well.
https://www.untangle.com/shop/u25-appliance/
Sort by date Sort by votes


Thanks for the suggestion. Still trying to avoid another PC in the house. I got no real space for anything bigger than a home router or small gateway where I need to put this.
 
Upvote 0 Downvote
If it is a option the best place to place this is on the end client. Things like k9 are free for home use and use the same lists as the extremely expensive bluecoat appliance.

The main problem is even the porn sites have moved to HTTPS. This means you do not see URL at all anymore. Maybe you see DNS requests but that is about it. The actual traffic is encrypted https traffic to ip addresses. Any device you place in the middle would have to have massive lists of banned IP addresses. The problem is many sites have multiple purposes the same IP address so you may end up blocking much more traffic than intended. On of the obvious examples is google search results with safe search turned off. You would have to block huge chucks of google to prevent someone. There are many porn sites that are hosted in data centers that host many more common server functions.

Even if you were to attempt to block by IP address you would need a subscription service. Pretty much you get what you pay for with these lists.

It was somewhat simpler when you could actually see the URL that were being requested. The only way to see it now is to get it before the encryption takes place which is on the client machine.
 
Upvote 0 Downvote


They do small appliances as well.
https://www.untangle.com/shop/u25-appliance/
 
Upvote 0 Downvote
Solution

That combined with their SSL inspection and web filter look like it will do the trick.
https://www.untangle.com/shop/web-filter/
https://www.untangle.com/shop/ssl-inspector/

 
Upvote 0 Downvote
I use an old netbook for this, dropped an SSD (16gb) into it, works perfect and is tiny enough but has it's own screen which can be convenient. sits underneath my three DSL modems.

Just posting in case someone in the future is looking for ideas.
 
Upvote 0 Downvote


To do this it requires a man in the middle attack be installed on the end clients. You would have to have control of the clients to prevent other browsers from being installed or this certificate they install bypassed.

I do not know what risks this particular install has but you are intentionally putting a hole in the security. You always run the risk at the minimum it cause issues for some applications. There are web pages that will detect and flag this and likely the virus/malware software will flag it as a problem.

 
Upvote 0 Downvote

No.

You are assuming it decrypts it and then re-encrypts it. It decrypts it and then blocks or allows the original.

 
Upvote 0 Downvote

It actually does decrypt the traffic an re--encrypt it.

This is from their website. There really is no other way to do this because of how HTTPS is designed.

"SSL Inspector creates a specialized certificate on each client. This certificate communicates directly with the gateway which is then able to decrypt HTTPS and SMTP traffic, process, and re-encrypt it on the fly all from within NG Firewall—without ever exposing the decrypted traffic to the network. "
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom