Jon AbbottEffective Home Internet Protection with Cloudflare
It is fairly obvious for any parent that giving your child unrestricted access to the internet is not safe.
As a parent, protecting my children online has become a top priority. The digital world offers incredible opportunities but also poses significant risks, especially for young minds. My journey to safeguard our home internet has been enlightening and, at times, frustrating.
In this blog, I share my experiences and insights on effectively restricting internet access to protect our children. From securing the network to using specific device apps.
What Are You Trying to Restrict?
When I started thinking about protecting my children online, I initially focused on devices like mobiles, tablets, and laptops. However, I quickly realised that I also needed to consider smart TVs, as they have access to YouTube and other apps.
A multi-faceted approach is essential to properly lock down everything. First, secure the network itself, which covers all devices while connected to the WiFi. Then, use specific device apps for when they are outside the network or connected via mobile data.
There are plenty of device lockdown apps avaliable on the market, but I found that locking them down sufficiently isn't easy. However, choosing one of the popular options can make a difference. They provide support and can guide you through the process. Be prepared to dedicate 30-60 minutes to the first device you want to lock down, and then probably 20 minutes for each subsequent device.
Restricting Network Access
Given my children's age and the fact that they don’t have mobile phones yet, I focused on restricting network access. To achieve this, I needed a network-based filtering solution that focused on DNS and could also perform reverse IP lookups.
In my quest, I tried nearly every home internet filtering service on the market and most corporate ones, hoping to find a solution that could restrict internet access effectively and efficiently.
I quickly ruled out several corporate options due to their minimum user counts or costs being too high for home use. Next, I tried every home user option, only to find that they were either ineffective or so slow that they essentially broke the internet.
I was on the brink of giving up when I discovered Cloudflare. Cloudflare is a true enterprise-grade cybersecurity company. They started by hosting DNS and protecting websites via a Web Application Firewall. Over the years, they have expanded their capabilities and now fully protect entire networks as well as web apps.
What impressed me most about Cloudflare is their incredible offer for small businesses and home users. They provide their advanced solution completely free for anyone with 50 users or less.
The end result is you can have highly reliable and lightning-fast internet protection, for free.
1. Create your free Cloudflare account
2. Enter in a new email address and password for the Cloudflare account.
3. Click on Explore all products
4. Select Zero Trust
5. Enter a unique name for your CloudFlare portal
6. Select the free plan.
7. Enter your credit card details, there is no cost. Click on Proceed to payment
8. To get started, select Add a location
9. Click on ← Back to Edit a Location
10. Type a name for the location such as Home
11. Click on Save
12. Click on your default location.
13. Write down the the two IPv4 address, these will be your new DNS servers.
14. Click on Add IP, it should automatically find your home external IP.
15. Click on Save
16. Click on Home or whatever you have called your default location.
17. Click on Firewall Policies
18. Click on Add DNS policy
19. Type Block Inappropriate Content
This is going to be the first policy that will include all the content you wish to block.
20. Under Traffic, select + Add condition
21. On the Selector choose Content Categories
22. On the Operator select in
23. Select all the categories you want blocked.
24. Double check the categories you wish to block.
25. Lastly, under Action, select Block
26. Select Filter traffic by resolved IP category
This will ensure that if someone puts in the IP address as opposed to the DNS name, it will still get blocked.
27. Lastly, click on Create policy
28. Now click Add a policy to create another.
This is to add an override policy for some domains that are in a category that you want to allow.
29. Type Allowed Domains
30. Give it a description such as Domains that are overridden by the block policy
31. Click on + Add condition
32. Type and select Domain
33. Change the Operator to is
34. Type the domain name you wish to allow.
In this example, I was blocking video streaming but allowing BBC iPlayer.
35. Repeat the process by using "or" to add more allowed domains.
36. Click on Allow
37. Click on Create policy
38. Drag "Allowed Domains" to the top of the priority order.
39. The final step, is you update your router to point to the new DNS in this example it was 172.64.36.1 and 172.64.36.2 which were found in step 13.
Ready to protect all your assets?
Leveraging its proprietary timeline-matching technology, ThreatAware ensures you have a complete, accurate, and non-duplicated asset inventory in real-time. No more guesswork – spot and fix deficiencies across your entire IT estate instantly.
Onboard in less than 30 minutes.
Request a Trial