Forums/OpenDNS Community/Getting Started with OpenDNS

Web Content Filtering and Security

Chris Frost
posted this on Jan 31 15:51

INTRODUCTION TO WEB CONTENT FILTERING AND SECURITY

The advanced features of OpenDNS, such as Web content filtering and security, are set and managed online by a user with OpenDNS administrative privileges (an OpenDNS Administrator).

It is important to understand that OpenDNS advanced-feature settings are applied to a network and those settings are subsequently inherited by all of the computers and devices that connect to that network.

Some OpenDNS security features become effective as soon as OpenDNS is configured as the DNS server for a network. For example, all OpenDNS solutions block end-users from navigating to known phishing and Conficker botnet websites.

OpenDNS solutions such as FamilyShield use additional filtering features managed by OpenDNS, which makes FamilyShield the fastest and easiest way to protect children from adult content on the Internet.

OpenDNS Administrators can specify Web content filtering and set custom security features in OpenDNS Basic, VIP, School, and Enterprise solutions. Adjusting these features is enabled only within an OpenDNS account, which are used to create and manage networks.

Once Web content filtering and security settings are saved, they are applied to devices and computers when they connect to a configured network.

Example of OpenDNS Filtering

OpenDNS has been configured as the DNS server for your network and comprehensive filtering and security features have been set in your OpenDNS account. Now, the following actions occur:

  1. Someone on your network begins navigating the Internet with their computer.
  2. They enter the name of a website (e.g. www.opendns.com) into their Internet browser.
  3. The browser makes a DNS request for the IP address of the machine that serves up this website.
  4. The DNS request is received by an OpenDNS server.
  5. OpenDNS identifies the DNS request by looking where it came from.
  6. OpenDNS looks up the matching filtering and security settings.
  7. If the settings indicate that the website is allowed, OpenDNS returns the IP address for that website (e.g. 208.69.38.160) and the browser goes there.
  8. If the settings indicate that the website is blocked, OpenDNS returns the IP address of an OpenDNS server that serves a block page to the browser.

How OpenDNS Knows When and What to Filter

OpenDNS works by first identifying the DNS request and then applying the appropriate filtering settings. There are 3 ways OpenDNS identifies DNS requests as described in the following table.

Screen_Shot_2014-02-01_at_11.59.10_AM.png

 

ADJUSTING WEB CONTENT FILTERING

Some OpenDNS solutions, such as Basic, VIP and Enterprise, allow OpenDNS Administrators to configure comprehensive Web content filtering, which limits the Internet to only Web content that is not filtered for that network.

Other OpenDNS solutions, such as FamilyShield, use preconfigured Web content filtering to block specific categories of websites. These settings are managed by OpenDNS and combine our proprietary algorithms with direct input from OpenDNS Community members.

To adjust Web content filtering on a network, OpenDNS Administrators must log in to the OpenDNS Dashboard. Under Settings for: select the network to be adjusted (you must have appropriate permissions for that network) and click on the Web Content Filtering link. Choose the filtering levels or specific categories and click Apply.

Settings made to one network can be applied to all networks if multiple networks exist. Once you apply the new settings, it may take up to 3 minutes before they are in effect on all OpenDNS global servers.

After you make Web content filtering changes, OpenDNS recommends that you clear the local DNS cache to ensure that new settings are made effective. To do this, see Clearing the DNS Cache.

Web content filtering can be applied to networks in several ways, each of which are explained in the following topics:

Preconfigured Web Content Filtering (Non-Adjustable)

OpenDNS solutions such as FamilyShield use preconfigured Web content filtering and blocking that is not adjustable. OpenDNS’s preconfigured solutions provide easy-to-implement protection for networks where manual configuration is not desired. To use a preconfigured OpenDNS solution, set your DNS parameters to the appropriate IP address.

For example, FamilyShield uses the IP addresses 208.67.222.123 and 208.67.220.123. Configuring these DNS servers on your network automatically protects end-users from websites that contain adult material and blocks websites that support phishing attacks or spread the Conficker botnet.

Predefined Filtering Tiers (Adjustable: Low, Moderate, High)

OpenDNS solutions such as Basic, VIP and Enterprise allow custom Web content filtering. OpenDNS simplifies the configuration by providing 3 predefined tiers of commonly blocked Web content categories. Each category filters hundreds to tens of thousands of websites.

The tiers comprise the Web content categories as detailed in the following table.

Screen_Shot_2014-01-31_at_3.47.23_PM.png

Custom Categories

OpenDNS provides a dynamic list of Web content filtering categories that you can apply to your Internet network. The Web domains that compose a category are determined, in part, through our Domain Tagging service and through proprietary OpenDNS technology. These domain identification methodologies ensure that the categories contain relevant websites and are always current.

The custom setting allows filtering from over 55 Web content categories. Each category filters hundreds to several tens of thousands of websites, providing significant control of your Internet experience through a user-friendly interface.

Individual Domains

OpenDNS provides Web content filtering at the individual domain level, which enables administrators to Always Block (adds domain to the blacklist) or Never Block (adds domain to the whitelist) the Internet domains that you specify. When you manage domains directly, these settings override any specified through category filtering.

For example, if you are filtering the Social Networking category but specify to Never Block the domain facebook.com (adds to whitelist), then end-users of your network are able to navigate to Facebook.

To manage individual domains, log in to your OpenDNS account, select the network and navigate to Web Content Filtering. Select the action you want to apply for a domain and enter that domain in the blank text box. Select Add Domain and repeat as necessary.

OpenDNS Basic supports management of up to 25 individual domains. 
OpenDNS VIP supports management of up to 50 individual domains. 
OpenDNS Enterprise supports management of up to 500 individual domains.

Tip: OpenDNS recommends to specify the root of a domain and always omit the “www”, e.g. “example.com” not “www.example.com”. This will block all sub-domains of example.com including www.example.com, mail.example.com, and so on.

OpenDNS can block all Top-Level-Domains (TLDs) except .com. Entering a TLD such as .net, .cn, .ru, and so on, will block all sub-domains that end with that TLD name.

 

SETTING SECURITY FEATURES

OpenDNS Basic, VIP and Enterprise allow administrators to manage the security features applied to their network. Specific security features vary across the OpenDNS solutions, for example, OpenDNS Enterprise provides more features than OpenDNS Basic or VIP.

By selecting the setting and clicking Apply, administrators can activate the security features detailed in the following table.

Screen_Shot_2014-02-01_at_12.39.04_PM.png

 

 

Comments

User photo
finestera

You are trying to view inappropriate content.  Please do not try again!

Contact your administrator (mom or dad).

February 15, 2014 08:45
User photo
rotblitz

Excellent, as you can see, it works!

February 16, 2014 09:39
User photo
trezona

Hello,

 

I have just signed up with opendns as a home user. Please can you tell me where i can find the Web content and filtering settings?

 

Clive.

February 21, 2014 04:25
User photo
rotblitz

It's at your dashboard if you click the IP address of your network. If it is not there, you signed up for Premium DNS which does not come with content filtering. You'll want to open a support ticket to get it changed.

February 21, 2014 04:32
User photo
trezona

Thanks very much. What is the correct package that i needed to select that will give me contect filtering?

 

Clive.

February 21, 2014 04:37
User photo
rotblitz
February 21, 2014 04:49
User photo
trezona

Thanks very much, ill open a support ticket.

February 21, 2014 04:54
User photo
dami599299

How can I block all websites except one site ?

April 08, 2014 18:33
User photo
rotblitz

You purchase OpenDNS Home VIP and activate whitelist-only mode.

Alternatively, point the DNS to nirvana (e.g. 0.0.0.0) and add this one site to your local hosts file.

Be aware that this stops updates with software patches and updates for AV and more as well.  Blocking everything but one site may not really be what you want.

April 09, 2014 01:34
User photo
haeger

I have an education account type, and I can't see where I can see web content filtering. Is this because I have a free account?

April 16, 2014 13:32
User photo
rotblitz

You registered for "Premium DNS" which does not come with content filtering. And OpenDNS Home with content filtering is free for home use only.

April 17, 2014 04:08
User photo
Chris Frost
OpenDNS

Looks like you're currently signed up for our Premium DNS service. The Home Basic service (which offers content filtering) is intended for home users. I would encourage you to contact our Sales Department through the contact form at (http://www.opendns.com/enterprise-security/packages-and-pricing/) if you're interested in content filtering.

April 18, 2014 14:39