Friday, July 12, 2013

Protecting Your Children on the Internet with Linux or How to be a Sneaky Parent Part 1

Recently a friend mentioned to me that he didn't have a computer.  He needed one, but couldn't afford it.  My wife had an old Pentium-4 laptop which wasn't being used.  It still had XP on it, which isn't very safe on the web, with only a 60 gb hard disk.  I blew XP away and put Bodhi Linux (after trying a half dozen lite distros) on it. Bodhi is a lite Linux Distro that is based on Ubuntu that actually looks pretty good. Bohdi runs the Enlightenment Window Manager, it will run Firefox web browser, LibreOffice (Formerly OpenOffice) and e-mail clients like Thunderbird. I came to the realization that pc's like these would make a good child's computer.  There performance is adequate, but not exceptional.  It got me thinking about what it would take to keep a child safe on the internet using Linux based computers.

To totally lock down Windows Computers, takes an expert, which is what Corporate America does..  The more recent and more secure Windows Operating Systems also require fairly fast and robust computers. If you use older Windows 98 laptops for your child's computer, you will find that they are virus magnets.  Therefore, to go the Windows route, you will need to be spending $350 - $500 per laptop, while if you install Linux on older laptops the price range will be in the $100 - $150 range.  And the sad fact is that these computers will perform about the same.  Why is this, Windows 7 and 8 require a lot horsepower just to run the Graphic User Interface, while Bohdi and a number of other Light Linux Distros have Graphic User Interfaces that use very little horsepower.Also, be aware that if you buy your child a Windows laptop and install one of those child protection apps, your child can boot a live distro and go around all of your security measures.  No system is perfect and your children and their friends will be exchanging info.

Basically, you as the parent can use a Multi-tiered protection scheme to keep your children safe on the internet.  On the outer level, OpenDNS will keep most of the bad sites away.  The second line of defense is your router. The Third line of defense is limiting the applications your child has access to.  And the last line of defense is you watching what your child is doing.

1. Most Router's today can filter out Phishing and Porn sites from getting onto your network.  This can be turned on for just certain computers or for the entire network.

2. There is a family friendly DNS Server that is free to use.  A DNS Server is a computer out on the internet where other computers go to look up Human Readable addresses and convert them into Computer Readable addresses (known as IP Addresses.)

3. By running a basic Linux Distro with only a few programs installed, we can limit your child's exposure to dangerous places.  If chat is dangerous, we don't have to install a chat Client.  And Bohdi Linux comes with nothing installed.

4. Good old fashioned spying.  Which is what I intend to spend most of this article talking about.

Using Linux technology, you the parent can monitor what web sites your child is visiting and what email they are receiving and sending and your child need not know and if they do find out, you can say I am the parent and I have the right and a duty to know.  If they are still giving you a hard time, give them the M3 rule: My Home, My Network, My Rules!!!

This is what you will need

1. Desktop preferably an i5 (an i3 would work) with at least a terabyte hard disk and wireless networking.  Cost $500 - $1000.  You could also get one of the AMD Desktops for as little as $350, but they don't perform quite as well.

2. One up to date wireless router. Cost $50 - $200.  

3. One low end laptop for each child. At least a Pentium-4, wireless networking, 512 Megabytes of RAM. Cost $50 - $100 on ebay.  If you can afford it get each child a little faster computer, that way they would be less likely to notice when you are poking around on them.  You can get Intel Core  2's on pricewatch.com for around $150, these probably would make a better laptop then old P4's.  I have found that the P4 was a little bit underpowered even for Bohdi and they are starting to become hard to get a hold of.

4. A single printer could be shared by the whole family.  Most printers now are wireless,  so the printer could be setup so that each computer send jobs to the printer independently or they could all go through the desktop.  I don't know of any real advantage to doing it either way.  You the System Administrator will have to set it up either way.

Setup the router.  This is usually done via a web browser.  Turn on all of security features, if you arn't real computer literate seek help from someone who is.  Set the DNS Addresses to the OpenDNS Servers, currently 208.67.222.123  and 208.67.220.123. OpenDNS is a family safe DNS Server and will return only safe sites to your childs computer.

On each laptop, install Bodhi Linux. Set the Laptop's hostname to the name of the child who will be using it, believe me, it will make everything easier. So if your son John is going to be using the laptop, set it's hostname to “johnslaptop” or just “john”, this is setup durring the Bohdi install as the computer's name. Create a user for yourself with full sudo rights, this is the normal way and you won't have to do anything special.  Set each laptop's Parent's User ID the same and give them all the same password, but don't make this password easy to guess.  A good password scheme for the Parent's Password would be to chose an obscure hobby like Astronomy.  And in Astronomy's case download a list of Common Star Names and choose one at random and then replace any “B”s with 8's, I's or L's with Ones and O's with zeros and E's with 3's.  So the word Denebola would become D3n3b01a. If you are a Macho Male leading a family chose a feminine hobby.  Or a Single Mother, chose a masculine hobby, like hunting or fishing.  Basically choose a hobby your kids won't expect.  If you have to write it down, lock it away in a safe.  

 Then create a user id for the child by typing in a terminal “sudo adduser ”. Of course remove the double quotes and replace with the actual child's name.  The child's name needs to be all lower case and you will be prompted for your password.  You will be prompted for about 6 fields, the only important one is the password. Next we need to install LxTerminal because it doesn't come preinstalled.  Click on Accessories->Applications->Preferences and then start “Synaptic Package Manager.” After entering your password search for lxterminal and then have Synaptic install it. From this point I will refer to LxTerminal as just Terminal. 

Finally we need to install some utilities on each laptop by issuing the following commands from a terminal:
   
    sudo apt-get update
    sudo apt-get bum
    sudo apt-get install openssh-server openssh-client
    sudo apt-get install sqlite sqlite3
    sudo apt-get install sqliteman
    sudo apt-get remove midori
    sudo apt-get install cifs-utils
    sudo apt-get install pcmanfm

Have more then one laptop to setup???
It may be a easier to prepare a script on a memory stick which then can be run on each laptop.  Open a text editor and save the following text to a file on a memory stick:

#!/bin/bash
apt-get update
apt-get install libreoffice
apt-get install firefox
apt-get install thunderbird
apt-get install openssh-server openssh-client
apt-get install sqlite sqlite3
apt-get install sqliteman
apt-get install bum
apt-get install cifs-utils
apt-get install pcmanfm

apt-get remove midori

You will have to copy this script file to each laptop and then run a
sudo chmod +x
Where [filename] is the file you saved it to.

Then type a:
    sudo ./ [filename]

For young children, I would defiantly not install a Chat Client.  If they want to chat, let them use Facebook.  Facebook allows you as the parent or guardian to go in after the fact and read the chat contents.

We are removing Midori Web Browser because it would complicate the monitoring of your children's computers. Also, I have noticed that new software doesn't show up in the menus until a reboot has occurred.

As soon as the installs here are done issue the following command from the terminal:

sudo bum

And then click on ssh-server so that it runs at boot up.

Now to set up the Desktop, I would recommend using Linux Mint Cinnamon or Mate spins. With minor modifications any other flavor of Linux on the desktop would also work.  For ease of explanation, we are doing everything on Debian descendant versions of Linux.  I am not doing this because I dislike rpm (Fedora/RedHat) systems, it just is easier to explain if it is consistent across the board.  On Linux Mint LxTerminal isn't installed, but Xterm or “Terminal” are, they are all pretty similar and I would recommend using what ever comes installed.  Now run the following commands in whatever terminal app you have on the desktop:

    sudo apt-get install openssh-server openssh-client
    sudo apt-get install fping

Via the router give the Desktop a Static IP Address on the network, the process of doing this will vary based on the router.  I would set the static address to something like 192.168.0.100.

No comments: