A more secure and/or private internet

For a Danish machine translated version of this post click here: https://www.microsofttranslator.com/bv.aspx?from=&to=da&a=https://beamex.wordpress.com/2018/04/25/a-more-Secure-and-or-private-Internet/

I’m a father of three kids. I’m using Microsoft Family Safety https://fss.live.com/ to secure my kids internet browsing experience and control how long they use their computer and when. This all works great for Windows devices including our Xbox(s) with approving sites, apps and extending time when needed and Windows’s Edge browser includes great protection from phishing and malware sites.

But as an extra security measure I have started using the personal DNS service from OpenDNS as it adds an extra dimension of limiting/approving sites that are inappropriate or harmful based on predefined categories and custom settings.

You can signup here at no cost here: https://signup.opendns.com/homefree/ and follow the guide there to configure it.

It uses the same DNS database as is being used in the commercial/professional offerings (Umbrella) from OpenDNS/Cisco (Cisco bought OpenDNs years ago) so you get an enterprise class filter at no cost. Actually you can login through the Umbrella website for controlling the solution after having set it up. https://login.umbrella.com/ or just on https://login.opendns.com

OpenDNS works in the way that it changes the way machines on your network resolves the IP address of harmful/inappropriate sites as the machines are directed to OpenDNS’ DNS servers by either changing the DNS server addresses locally on each machine or on your router.

In my case I have changed it on my router and as no one in the household runs with local admin privileges no other than me and my wife can change the DNS servers on the machines, so there is no way of circumventing the solution (almost).
All devices which get their IP information from the router is protected.
When having configured your machines or your router with OpenDNS’ DNS servers you can on the OpenDNS (Umbrella) portal control how restrictive the service needs to be and follow which domains have been blocked.

Btw. If you only want the protection from harmful sites and not limiting specific categories then you can just use OpenDNS’ DNS servers on you machines or routers without signing up with them.
The OpenDNS nameservers are 208.67.222.222 and 208.67.220.220.

BUT, what happens if you really need some machine to circumvent the solution and don’t want anyone (your ISP as an example) recording which addresses you visit. In theory they still can, but then you need to use the more advanced offerings as their DNS over HTTP or TLS options instead
The solution is simple: Configure the DNS servers to Cloudflares DNS servers instead of the OpenDNS’
From the device you want to use this on go to https://1.1.1.1 and follow the guide presented there when pressing the install button for setting it up.
The Cloudflare nameservers are 1.1.1.1 and 1.0.0.1

Cloudflare provides the fastest DNS service on the internet and guarantees complete privacy on what you browse. Nice to be stopping giving Google and the ISP’s that knowledge of you (Google as MANY have their DNS pointing to the famed 8.8.8.8 and 8.8.4.4 addresses)

Btw. If you use Chrome as you browser now you have the possibility to get a more secure browsing experience, as in Edge, by adding this new Windows Defender Browser Protection extension to your Chrome browser: https://chrome.google.com/webstore/detail/windows-defender-browser/bkbeeeffjjeopflfhgeknacdieedcoml

There are many other possibilities are out there, but I think this solution is one of the few that gives this kind of functionality at no cost.

By doing this you have a somewhat layered security model where you have protection in the form of DNS, protection within your browsers and finally if anything slips through an anti-virus/-malware product of some sort like for example Windows Defender.

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s