Introduction to Web Content Filtering and Security
The advanced features of OpenDNS, such as Web content filtering and security, are set and managed online by a user with OpenDNS administrative privileges (an OpenDNS Administrator).
It is important to understand that OpenDNS advanced-feature settings are applied to a network and those settings are subsequently inherited by all of the computers and devices that connect to that network.
Some OpenDNS security features become effective as soon as OpenDNS is configured as the DNS server for a network. For example, all OpenDNS solutions block end-users from navigating to known phishing and Conficker Command and Control Callback websites.
OpenDNS solutions such as FamilyShield use additional filtering features managed by OpenDNS, which makes FamilyShield the fastest and easiest way to protect children from adult content on the Internet.
OpenDNS Administrators can specify Web content filtering and set custom security features in OpenDNS Basic, VIP, School, and Enterprise solutions. Adjusting these features is enabled only within an OpenDNS account, which are used to create and manage networks.
Once Web content filtering and security settings are saved, they are applied to devices and computers when they connect to a configured network.
Example of OpenDNS Filtering
OpenDNS has been configured as the DNS server for your network and comprehensive filtering and security features have been set in your OpenDNS account. Now, the following actions occur:
- Someone on your network begins navigating the Internet with their computer.
- They enter the name of a website (e.g. www.opendns.com) into their Internet browser.
- The browser makes a DNS request for the IP address of the machine that serves up this website.
- The DNS request is received by an OpenDNS server.
- OpenDNS identifies the DNS request by looking where it came from.
- OpenDNS looks up the matching filtering and security settings.
- If the settings indicate that the website is allowed, OpenDNS returns the IP address for that website (e.g. 208.69.38.160) and the browser goes there.
- If the settings indicate that the website is blocked, OpenDNS returns the IP address of an OpenDNS server that serves a block page to the browser.
How OpenDNS Knows When and What to Filter
OpenDNS works by first identifying the DNS request and then applying the appropriate filtering settings. There are 3 ways OpenDNS identifies DNS requests as described in the following table.
ADJUSTING WEB CONTENT FILTERING
Some OpenDNS solutions, such as Basic, VIP and Enterprise, allow OpenDNS Administrators to configure comprehensive Web content filtering, which limits the Internet to only Web content that is not filtered for that network.
Other OpenDNS solutions, such as FamilyShield, use preconfigured Web content filtering to block specific categories of websites. These settings are managed by OpenDNS and combine our proprietary algorithms with direct input from OpenDNS Community members.
To adjust Web content filtering on a network, OpenDNS Administrators must log in to the OpenDNS Dashboard. Under Settings for: select the network to be adjusted (you must have appropriate permissions for that network) and click on the Web Content Filtering link. Choose the filtering levels or specific categories and click Apply.
Settings made to one network can be applied to all networks if multiple networks exist. Once you apply the new settings, it may take up to 3 minutes before they are in effect on all OpenDNS global servers.
After you make Web content filtering changes, OpenDNS recommends that you clear the local DNS cache to ensure that new settings are made effective. To do this, see Clearing the DNS Cache.
Web content filtering can be applied to networks in several ways, each of which are explained in the following topics:
Preconfigured Web Content Filtering (Non-Adjustable)
OpenDNS solutions such as FamilyShield use preconfigured Web content filtering and blocking that is not adjustable. OpenDNS’s preconfigured solutions provide easy-to-implement protection for networks where manual configuration is not desired. To use a preconfigured OpenDNS solution, set your DNS parameters to the appropriate IP address.
For example, FamilyShield uses the IP addresses 208.67.222.123 and 208.67.220.123. Configuring these DNS servers on your network automatically protects end-users from websites that contain adult material and blocks websites that support phishing attacks or spread the Conficker Command and Control Callback.
Predefined Filtering Tiers (Adjustable: Low, Moderate, High)
OpenDNS solutions such as Basic, VIP and Enterprise allow custom Web content filtering. OpenDNS simplifies the configuration by providing 3 predefined tiers of commonly blocked Web content categories. Each category filters hundreds to tens of thousands of websites.
The tiers comprise the Web content categories as detailed in the following table.
Custom: Choose your own set of Categories to Block
OpenDNS provides a dynamic list of Web content filtering categories that you can apply to your Internet network. The Web domains that compose a category are determined, in part, through our Domain Tagging service and through proprietary OpenDNS technology. These domain identification methodologies ensure that the categories contain relevant websites and are always current.
The custom setting allows filtering from over 55 Web content categories. Each category filters hundreds to several tens of thousands of websites, providing significant control of your Internet experience through a user-friendly interface.
Individual Domains
OpenDNS provides Web content filtering at the individual domain level, which enables administrators to Always Block (adds domain to the blacklist) or Never Block (adds domain to the whitelist) the Internet domains that you specify. When you manage domains directly, these settings override any specified through category filtering.
For example, if you are filtering the Social Networking category but specify to Never Block the domain facebook.com (adds to whitelist), then end-users of your network are able to navigate to Facebook.
To manage individual domains, log in to your OpenDNS account, select the network and navigate to Web Content Filtering. Select the action you want to apply for a domain and enter that domain in the blank text box. Select Add Domain and repeat as necessary. For more information and for an image-based guide, please see our How to add domains to a Whitelist or Blacklist.
OpenDNS Basic supports management of up to 25 individual domains.
OpenDNS VIP supports management of up to 100 individual domains.
OpenDNS recommends to specify the root of a domain and always omit the “www”, e.g. “example.com” not “www.example.com”. This will block all sub-domains of example.com including www.example.com, mail.example.com, and so on. All domain list entries imply a leading wildcard, for example "example.com" implies "*.example.com"
OpenDNS can block all Top-Level-Domains (TLDs) except .com. Entering a TLD such as .net, .cn, .ru, and so on, will block all sub-domains that end with that TLD name.
SETTING SECURITY FEATURES
OpenDNS Basic, VIP and Enterprise allow administrators to manage the security features applied to their network. Specific security features vary across the OpenDNS solutions, for example, OpenDNS Enterprise provides more features than OpenDNS Basic or VIP.
By selecting the setting and clicking Apply, administrators can activate the security features detailed in the following table.
