Tech Guides

How to Secure Wifi For Kids

Tags: , , ,

There are so many hazards on the web for young children, and with kids more and more frequently having access to their own tablets or computers making the internet safe becomes really important.

The obvious answer is to not give kids ‘a device’ and then you don’t have a problem, however not only does this make parenting harder when you need some time to catch-up on housework, this disadvantages and limits your child’s learning. You could watch over their shoulder when using a device however this isn’t practical all the time, when both parents are working. Sometimes the tablet can be a useful parenting tool to buy you some time. The internet just needs to be safe or as safe as you can make it regardless.

My kids appear to find some games that I swear negatively impact their brain cells, however having access to the internet has enhanced their learning at school being able to research topics they were interested in, and also accessing apps like dualingo to learn a different language.

This post is only going to cover your home wifi using specific equipment, filtering on mobile internet or on hotel wifi is a whole different topic.

This post also isn’t completely bulletproof, I may expand on its shortcomings on another post, but at the moment for my 7 and 9 year old, this is good enough.

Equipment

You can achieve the same result in different ways but this is my equipment for this post:

Alternatives that will work in the unifi range:

Intro Web Filtering

Before I cover off how i setup the filtering, here’s a brief explanation of the key aspects of filtering.

  • Safe Search
  • DNS Filtering
  • Firewall Blocking

This is where internet search engines have built in controls to stop users (kids) searching for explicit content. It is possible to enable safesearch in most browsers and search engines, however savvy users (kids) eventually can get round it or sometimes it just seems to stop working, maybe an update, or someone logs out of the browser etc, I’ve found it’s not bulletproof when set manually.

SafeSearch can be enabled within unifi to force all devices to use it, that way it cannot be disabled within the browser or search engine settings.

DNS Filtering

DNS stands for Domain Name Service, all websites are hosted on servers of some kind, and these servers have internet addresses known as IP addresses. When someone hosts a website by default the address to access their server might be something like https://80.5.156.4

Seeing 80.5.156.4 isn’t very user friendly, nor is it easy to remember and type or does it give you any indication what the website might be for.

DNS is used to provide a name that translates to the IP address, for example:

  • google.com = 172.217.16.238

There are tools out there like AdGuard which allow you to filter DNS requests, these tools often have built in databases or access to lists online which help them filter out different categories of sites, like Adult or gambling sites. These tools rely on sources which can be paid or free to keep the filtering up to date.

Ubiquiti have adguard built in as the DNS filtering capability, you can also run it stand alone if you want, but this is a bit more fiddly.

Firewall Blocking

This is where rules can be defined on the router to block certain traffic, this is the most aggressive form of blocking you can do on the router.

Unifi provide a list of apps out of the box that can be blocked as well as having the ability to block certain IP addresses altogether if necessary.

Putting this in context:

  • Safe Search tries to make the search results clean,
  • DNS filtering blocks access to different website addresses by filtering them out according to lists or categories. If a savvy Kid worked out you were doing this they could get the IP address of the website and potentially bypass the filtering.
  • Firewall Blocking will block any IP addresses associated with the application, So this extra level of defence can be used to block certain applications on top of DNS filtering.

The Setup Steps

All Steps were performed using the cloud based web portal: https://unifi.ui.com

Kids Wifi (Optional)

You don’t need to do this, but if you don’t then all devices on the network will get filtering applied, I didn’t want the full filtering on my devices as this impacted my ability to work from home.

This step also enables the Web Filtering.

  • Navigate to Network Settings > Networks
  • Create a new Network
  • Key items from the screenshot above
    • Zone: Internal
    • VLAN ID: 2
    • Allow Internet Access: Yes
    • Content Filtering: Family
  • Navigate to the Network settings and Select Wifi
  • Create a new Wifi Network
  • Key Items from the screenshot above
    • VLAN: 2 (Matches the network)
    • Broadcasting Aps (All, Lazy option could be more specific depending on how big your house is and how many access points you have)
Forced Safe Search

It gets forced on with the Web Filtering below

Web Filtering (DNS Filtering)
  • Navigate to the Network Settings > Security > Protection
  • Key Items from Screenshot
    • Content Filtering: Configured in Network Settings (i think this is because i have more than one network defined)
    • Ad Blocking: Kids Network
    • Intrusion Prevention: ON (Not strictly for the kids filtering but an extra layer of protection
Firewall Filtering

In the version of unifi network I am running there is an option for Simple App Blocking under Security > Protection shown in the previous step

Simple App Blocking has a very comprehensive list of apps to block you can block on a schedule if you want to as well. I blocked TikTok permanently in the screenshot:

Screenshots of it in action

  • Forced Safe Search:
  • Safe Search Results
  • Blocked TikTok, Appears in search results but never loads, you can see loading bar is stuck at the bottom
Post Views: 2

Posted

in

by

MagicalTrev89

Tags:

, , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *