The many shades of parental controls: techniques for restricting web and game access

Today we’ll explore what tools parents have to restrict their children’s access online. Specifically, parental control typically breaks into three categories:

  1. Preventing your child from accessing certain types of websites or a category of websites
  2. Preventing your child from playing a game or playing too much of a game
  3. Lastly, preventing your child from changing system settings, especially when it might override other parental controls.

We are not going to look into #3, since this is system specific. However, #3 boils down to revoking administrator privileges from your child, and making sure your administrator passwords are secure. Depending on whether your parental controls are done at the computer level or at the router level, you will want to control administrator privileges on either the router/computer or both.

For #1 and #2, we’re going to break them down into further categories:

  1. Restricting Website Access (Or flash/javascript games)
    1. Blocking websites from being accessed on ONE computer
    2. Blocking websites from being accessed on any computer behind a router
    3. Blocking websites that fit a category, such as inappropriate content
  2. Restricting Game Access (After they have already been installed)
    1. Blocking single-player games (requiring no internet access) or completely preventing a multi-player game from running
    2. Blocking multi-player games, such as those on Steam
    3. Making games less playable, so that they will still run, but the quality will decrease
  3. We will also explore a little bit of scheduling restrictions, e.g. by time of day

The tools at our disposal

You may need one or multiple tools to set up the right parental controls. These are the ones we will be using today:

  • Firewall applications: Netlimiter (Windows – $30), Zonealarm (Windows – FREE), Little Snitch (Mac OSX – $35), Hands Off ($25)
  • The Windows and Mac OSX “hosts” file
  • Router Configurations (varies by router) and DD-WRT (Router firmware for various routers)
  • Windows and Mac “Parental Controls”
  • Task Scheduling (Operating System Specific. Windows 7 uses “Task Scheduler”. Recent MacOSX versions use “Automator”)

A technical breakdown of how website blocking works

When you browse to a website, a bunch of things occur. If any of these steps are interrupted, then the computer might be unable to load a page. Thus, parental controls work by preventing one of these steps, or acting as a middle man between any two steps:

  • A web browser application is started on the computer
  • The user types in an address, such as www.addictinggames.com , and the browser performs a “DNS Lookup”
  • The DNS Request: The browser asks the Router for the IP Address of “www.addictinggames.com”.
  • The DNS Request: If the browser doesn’t know, it asks the ISP (your internet provider) for an IP address
  • The IP address, such as 23.63.226.145 is returned to the router and then to the Browser.
  • The Browser communicates with 23.63.226.145 and asks for the HTML and other content on the page.
  • Also, If there is content that requires a plugin, such as Flash for flash games, then the browser starts that plugin.

Web Technique 1:Modify the Hosts File. Cost: free

The Windows/Mac/Linux “hosts” file is to override the “DNS Lookup” process. Typically, when you type a URL, the computer asks a router for an IP address. However, you may specify the IP address associated with the URL in the hosts file. Thus, instead of www.addictinggames.com going to 23.63.226.145, you can have it go to 127.0.0.1 . Since this address is incorrect, the browser will be unable to access the page.

How to do it:

  • In Windows, start notepad from the Start Menu in Administrator Mode (right click and run as administrator)
  • From notepad, open C:WindowsSystem32driversetchosts
  • Add a new line, such as: 127.0.0.1       www.addictinggames.com
  • Note, this may take a while to take effect. To speed things up run “ipconfig /flushdns” from the start menu, and restart your browser
  • You should not no longer be able to go to www.addictinggames.com
  • On MacOSX or Linux, log in as an account with administrator priveleges
  • Open up the terminal app by searching in Spotlight or going to Applications -> Utilities -> Terminal
  • Open the host file by typing “sudo nano /private/etc/hosts”. You will probably need to type the administrator password. Note, the password will not appear as you type it, and type enter when you are done.
  • Add a new line, such as: 127.0.0.1       www.addictinggames.com
  • Save the file by pressing control-o
  • Type control-x to quit nano.
  • Note, this may take a while to take effect. To speed things up run “dscacheutil -flushcache” from the terminal, and restart your browser
  • You should not no longer be able to go to www.addictinggames.com

Web Technique 2: Block the Website from a Firewall: Cost depends on firewall software

  • Note. This is the most effective strategy, but it is the most expensive as well.
  • The windows and mac built in firewalls are very basic. You will need to install a separate firewall application, and this process will vary between applications
  • First, install the firewall.
  • Configure the firewall to allow applications you typically use. There are several ways to do this. One way, often the default, is to manually run programs and “allow” them to access the internet. The second way is to configure the firewall to automatically allow traffic through in all cases. This process especially various a lot between firewall applications.
  • Next, configure your firewall to block outgoing connections TO the website you are trying to block. If you want to block only web browser access, but allow other programs to access the website, then block port 80. For example, if you would not want your child browsing to AIM.com, but would be fine with them using AIM, then block AIM.com at port 80.
  • This should work instantaneously, and your browser should no longer be able to access the website.

Web Technique 3: Block the Website from the Router (Free if you already have a router with the appropriate controls)

  • While the previous two techniques have to be applied to every computer the child uses, you may choose to block websites directly at the router. Depending on your router manufacturer, this process has varying levels of success.
  • For example, users with the open source router firmware “DD-WRT” may use this guide: http://www.dd-wrt.com/wiki/index.php/Access_Restrictions
  • You usually access your router by going to the address: http://192.168.0.1 , or http://192.168.1.1  . In some cases it will be neither of these, and you can find the address by typing “ipconfig” in windows cmd.exe or “ifconfig” in Mac/Linux terminals. Look for the “Gateway”, which should end in a 1
  • In DD-WRT, for example, you may then be allowed to block website by address, by IP, or by “keyword”. Often you will also have to specify which computers (or ALL) to apply a filter to

 Web Technique 4: Blocking using Windows / Mac / Other Parental Controls applications. (Free if you already have the OS)

  • Neither the built in windows nor mac parental controls are all-encompassing. However, you may wish to give them a try since they come with your computer:
  • Read more about windows parental controls: http://windows.microsoft.com/en-US/windows7/products/features/parental-controls
  • https://support.apple.com/kb/HT2900

Web Technique 5: Block ALL websites (Free)

  • The above techniques were for blocking specific websites, but for all websites you may want to:
  • Block the browser entirely or uninstall the browser entirely. We will discuss application blocking more in the Games section.
  • Use firewalls or router configuration to block all internet access from the computer
  • Disconnect the computer physically from the internet

 

A technical breakdown of how game blocking works

When you start a single or multi-player game, many things occur that allow you to play the game. This differs based on the game, but let’s go through the typical rundown:

  • The game application is started by the user
  • If the game is protected by some kind of DRM, the game may start a second application (such as in the case of Steam games).
  • DRM games will then verify that the application was not pirated. This requires the DRM software to connect to the internet, and blocking this is similar to web blocking.
  • The game itself loads fully, presenting a nice graphical interface to the player
  • Many games at this stage will begin using lots of resources such as CPU, Memory, and the graphics card. Restricting these in some way can significantly impact gaming.
  • Multiplayer games will typically also connect to the internet at this point. Blocking this is similar to web blocking.
  • Because some games need fast internet connectivity, slowing down the internet at this point can also make the game unplayable.

 

Game Technique 1: Block the application from running

  • This may not work if your child is allowed to install applications.
  • Using Windows / MacOSX parental controls, block an application from running.
  • Additionally, you may try uninstalling the application.
  • Finally, you may try deleting files in the application directory of the game. This will corrupt the game installation, making the game unplayable in many situations. However, it will often not require uninstalling the game entirely.

Game Technique 2: Block the application or the DRM container from accessing the web

  • Using a firewall application, you may prevent all outgoing communications by the game, or its DRM container (such as steam). Consult the Web Technique 2
  • For some games, it may be easy to identify which server the game is accessing. Use TCPView on windows or “lsof -n -i4TCP” on MacOSX/Linux . These IP’s may then be blocked by a firewall or the router
  • For some games, the application may communicate on a fixed TCP/IP port. You may block this via a firewall or the router

Game Technique 3: Reduce CPU / Memory / Graphics Resources

  • Downgrading the Graphics Card, Memory Cards, or CPU will reduce gaming performance, and sometimes make games unplayable

Game Technique 4: Selectively reduce CPU / Memory / Bandwidth Resources using Kapparate Systems Test Application

  • The Kapparate Systems Test application allows administrators to selectively utilize CPU, Memory, and Bandwidth on a machine or network
  • This testing can be triggered by the presence of an application. Thus, the tester can reduce computer speeds only when another application is found.
  • Contact inquiry [at] ktbyte [dot] com for more information

Game Technique 5: Other bandwidth limiting techniques:

  • Some firewalls, such as Netlimiter, also offer bandwidth limit techniques.
  • Additionally, on MacOSX and Linux, you may try “sudo ipfw pipe 1 config bw 15KByte/s” to create a pipe that only allows up to 15KB/s to go through. Then, execute “sudo ipfw add 1 pipe 1 src-port 80”, and all outgoing traffic on port 80 will be limited to 15KB/s. This is all traffic that goes to a website, although you may add a different port besides 80 to filter specific games. Finally, “sudo ipfw delete 1” will remove the pipe from the port.

For further questions, contact inquiry [at] ktbyte [dot] com

 

 

 

 

 

 

 

 

 

 

 

2 Replies to “The many shades of parental controls: techniques for restricting web and game access”

  1. Hello just wanted to give you a quick heads up. The text in your content seem to
    be running off the screen in Firefox. I’m not sure if this
    is a formatting issue or something to do with web browser compatibility but I figured I’d
    post to let you know. The layout look great though!
    Hope you get the problem fixed soon. Kudos

Leave a Reply

Your email address will not be published. Required fields are marked *