-
Russell Mickler, Principal Consultant, has over 17 years of professional experience leading and managing IT organizations.
Filter Out the Bad Websites with OpenDNS
Written on January 7, 2010
Leave a Comment
|
I’m frequently asked for advice on controlling malware: spyware, adware, and potentially harmful viruses that can infect your computer. I’ve written a couple of blog entries on this:
1. How to Troubleshoot Suspected Malware
Fundamentally, though, one of the strategies that I like to employ is absolute avoidance through filtering. If I can arrange the network of a small business (or a residential personal computer) to totally avoid going to places they shouldn’t be on the Internet, then I shouldn’t have to worry about what people might download to their machines. You might think this capability of restricting access to websites of ill-repute kind of a common-sense idea, especially if you’re dealing with employees or even with children. It’s easier than you might think, and, it’s free.
The service that I often configure and recommend is called OpenDNS. This is an entirely free service. There’s also a number of SMB and enterprise plans, too, for more powerful features.
Here’s how it works. You create an account. Then, you replace your Domain Name Servers (DNS) on your router or your PC to reflect their servers at OpenDNS. This is a little technical, but basically, every time that your computer wants to look up a URL (like www.sportsillustrated.com, for example), it has to consult a name server. Under this situation, your PC or all of the devices on your network may attempt to access an Internet URL by consulting OpenDNS to resolve the URL to an IP address.
Now, here’s the fun part. On the OpenDNS dashboard, you can then manage certain public IP’s – the IP address of your company’s router, or, the router in your home – and apply some pre-fab content filters to that IP address. You can be lightly restrictive, moderately restrictive, highly, severely, or even customize the severity of restriction. Essentially, you’re selecting the kinds of content you don’t want available on your computers/network; there are over 40 categories of content that you can choose to filter, including: adult, tasteless, bikini’s, movies, news, drugs, sexuality, porn, photo sharing, instant messaging, phishing and known spyware sites, and so on. The configuration is simple, web-driven, and takes just minutes to put into effect.
When you implement this and somebody on your network tries to go to a restricted site, they’re presented with a message from OpenDNS that says the site is restricted, and to contact you for technical assistance. In my line of work, I’ll get the call from a user – if the user has a legitimate need to get somewhere they’re restricted to see – and then I can ask the head-honcho whether or not releasing that domain is a good idea for their employees. Further, from the technical tools available on their website, I can monitor what kinds of traffic we’re seeing, run reports off trends, and even what machines may be likely infected with viruses and malware because of their network access behaviors.
You can read more about OpenDNS’s features here.
Using a Managed DNS Solution is a great low-cost filtering approach that totally avoids taking the user to the problematic website to begin with. I help my clients implement the version of OpenDNS’s solutions that would work well for them. The product works great for kids and home-use, too! Sure it helps with productivity and keeping everybody on the straight and narrow, but from a technical perspective, it’s a brainless precaution that serves as a front-line defense from attacks and intrusion. That’s an awesome proactive strategy that reduces the threat profile of your network resource, and something you should encourage your technology professionals to help you with if you don’t already have this capability.
If you’ve got questions and want to know more, feel free to comment to this post, and I’d be happy to give you some suggestions for implementation.
R