Forum Thread

dns server setup for a newb

Deal?Where? 632 64 December 6, 2015 at 04:22 PM
I bought my daughter A new laptop for Christmas and asked my cousin what would be a good method for virus protection.....
He tried to explain it like this:
Set up a DNS server and use your IP address.... Use the blacklist and white list...

Could someone explain to me what the heck he was talking about ? He works for nsa so I assume he knows what he's doing and wouldn't steer me wrong. Where's a good place to check this out?
Thanks!!!

12 Comments

1

Sign up for a Slickdeals account to remove this ad.

Joined Nov 2010
L1: Coupon Noob
2,487 Posts
1,533 Reputation
#2
that's more than you need. to allow and block sites, is something you don't need for personal use.
Just install an antivirus, ad block, and create a user account without administrative permissions for your daughter. all should be set. your cousin didn't really want to help. i do IT for work and it's annoying to help with little things when people ask.
Reply Helpful Comment? 1 0
Joined Jan 2006
L10: Grand Master
11,220 Posts
1,465 Reputation
#3
You really don't want to set up your own DNS server. Are you sure he didn't mean to use something like OpenDNS?

Not sure what was meant by 'use your IP address' though
Reply Helpful Comment? 0 0
Heifer whines could be human cries
Closer comes the screaming knife
Joined Apr 2006
Cheap Ass
632 Posts
64 Reputation
Original Poster
#4
I'm talking completely out of my ass here. (at least I admit I don't know what I am doing) but he said I could search for a dns server. It looks up your IP address? and then it checks to see if the sites visited are on the whitelist or blacklist? I really need to research it some more before Santa delivers her laptop to her!! I appreciate your help very much. I think I will just do the spyware, etc as recommended. malware bites is supposed to be good right?
Reply Helpful Comment? 0 0
#5
Quote from Deal?Where? View Post :
I'm talking completely out of my ass here. (at least I admit I don't know what I am doing) but he said I could search for a dns server. It looks up your IP address? and then it checks to see if the sites visited are on the whitelist or blacklist? I really need to research it some more before Santa delivers her laptop to her!! I appreciate your help very much. I think I will just do the spyware, etc as recommended. malware bites is supposed to be good right?
I think he is talking about opendns where it will blacklist known bad sites. That and what others said, keep up-to-date av, setup a standard account for your daughter (so she cant change settings or install stuff) and you should be good to go.
Reply Helpful Comment? 0 0
....


...
#7
DNS servers turn requests to access domain names like google.com into ip addresses that your computer uses to actually communicate. There are DNS services that try to block malicious sites and sometimes filter content, OpenDNS is one of the biggest.

Using a different DNS server like this is a supplement to other security measures. It's true more and more exploits are making it past antivirus software, but antivirus software is still useful. If you really want to go over the top on security, you could run your own proxy/firewall and full HIDS and NIDS on every device. This is overkill for most people.

You can set DNS settings on each computer and on your router. If you only do it on the router, it will only work at your house. If you want to use OpenDNS family shield set your DNS to:
208.67.222.123 & 208.67.220.123
https://store.opendns.com/setup/#/familyshield

If you want more control, there's OpenDNS home:
https://store.opendns.com/get/home-free

1. Keep software updated, remove java or disable in in the browser.
2. Set flash content so it doesn't load until you click on it
4. Use a an alternative PDF reader to Adobe Acrobat like Foxit or Sumatra and/or disable javascript in PDFs
3. Use Anti-Virus software like Avira Free: http://www.avira.com/en/avira-free-antivirus
4. Use a DNS service that provides extra security
5. Make intelligent decisions when browsing the web and using the computer
6. Keep your office software up to date
7. Maintain a backup of your data.
Reply Helpful Comment? 0 0
Last edited by jkee December 7, 2015 at 02:54 PM
#8
I would also recommend spending a few minutes learning about VooDooShield [voodooshield.com] It is a supplemental white list lock that protects the PC by preventing any new apps from launching without permission, VooDooShield is free for non commercial use.

White listing isn't anything new but lately it has seen a resurgence of interest in protecting a computer from "the bad stuff". One antivirus company in particular is touting its effectiveness and they claim to have "invented" it, what they have actually done is copied the concept with new code so they could re-brand it.

Creating user accounts that do not have Administrative rights is probably the single most effective way to prevent virus' and malware from doing any damage.

Personally I use Microsoft Security Essentials and I only use an administrator account to install software or updates that I know are safe.
Reply Helpful Comment? 0 0
Earth 1st! We'll mine the other planets later. Biker

Did you know?

If it can't be grown its gotta be mined
EEK!

The best meal I ever ate was Spotted Owl fried in Exxon Oil! Yumshake head

Expand your horizons. Explore something new. Get a RasberryPi and learn something.

Sign up for a Slickdeals account to remove this ad.

#9
I forgot to add: Install Malware Bytes Anti-Exploit Free https://www.malwarebytes.org/antiexploit/ or Microsoft's EMET http://microsoft.com/emet

EMET is harder to setup but can protect more apps. These two programs don't work well with one another.
Reply Helpful Comment? 0 0
Joined Aug 2005
L10: Grand Master
12,661 Posts
4,824 Reputation
Pro
#10
Quote from jkee View Post :
DNS servers turn requests to access domain names like google.com into ip addresses that your computer uses to actually communicate. There are DNS services that try to block malicious sites and sometimes filter content, OpenDNS is one of the biggest.

Using a different DNS server like this is a supplement to other security measures. It's true more and more exploits are making it past antivirus software, but antivirus software is still useful. If you really want to go over the top on security, you could run your own proxy/firewall and full HIDS and NIDS on every device. This is overkill for most people.

You can set DNS settings on each computer and on your router. If you only do it on the router, it will only work at your house. If you want to use OpenDNS family shield set your DNS to:
208.67.222.123 & 208.67.220.123
https://store.opendns.com/setup/#/familyshield

If you want more control, there's OpenDNS home:
https://store.opendns.com/get/home-free

1. Keep software updated, remove java or disable in in the browser.
2. Set flash content so it doesn't load until you click on it
4. Use a an alternative PDF reader to Adobe Acrobat like Foxit or Sumatra and/or disable javascript in PDFs
3. Use Anti-Virus software like Avira Free: http://www.avira.com/en/avira-free-antivirus
4. Use a DNS service that provides extra security
5. Make intelligent decisions when browsing the web and using the computer
6. Maintain a backup of your data.
I would say #1 Don't run as an administrator as the daily driver account. This mitigates a huge number malware running. I would also add using an Adblock option like Ublock Origin is good to do too along with an alternative browser like Chrome or FF.

I agree Using something like OpenDNS as the only security measure won't work very well. Modern websites use so many connections somone could never manage a list by themselves. It's not like if you allowed just facebook.com that facebook would actually work. Way more complex than that.
Reply Helpful Comment? 0 0
Vague questions receive vague answers . . . . . .
Joined Mar 2004
L11: Monkey's Apprentice
17,185 Posts
2,785 Reputation
#11
Your cousin's an idiot. That advice is like asking a friend about buying a car and having them respond, "why buy when you can just build one from scratch".

Most anti-virus solutions will now block blacklisted sites along with malicious software they try to install.
Reply Helpful Comment? 0 0
Joined Apr 2006
Cheap Ass
632 Posts
64 Reputation
Original Poster
#12
haha! thanks guys! We were both drinking and it was the end of the night. I do remember him mentioning opendns. Duaghter is 12. I will setup an admin account for me and restrict content for her account. The computer is windows 10 but I will look into the malware bites also. She is pretty good about clicking on just anything and LISTENS when I say not to download mod packs for minecraft, etc from just anywhere. LOTS of good info here and I appreciate it very much. I'll read up when I get home from work tonight. sweet!!!
Reply Helpful Comment? 0 0
#13
Microsoft's Family Safety features work pretty well too. http://windows.microsoft.com/en-u...er-upgrade
Reply Helpful Comment? 0 0
Page 1 of 1
1
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard