Wednesday, August 08, 2012

OpenDNS to prevent Malware, Phishing, and Porn

A parent I know was wondering last week what she could do to block her kids from going to websites of questionable educational value for children of a young age if Chrome was installed on their computer.

Previously she'd been using the Windows Live parental filters built into recent Internet Explorer versions. I suggested she look at OpenDNS as you can set filters and any computer using the OpenDNS DNS servers, regardless of browser or even operating system, would be blocked from going to sites in your blacklisted categories. Thus, this solution, if implemented right in the house's internet router, would also work for the kids' iPods, and any other devices they had that could connect to the internet.

Personally, I have OpenDNS enabled on my home network with only Malware and Phishing sites blocked. This allows an extra layer of protection from accidentally browsing to a malware infected site over the Google blacklist that many browsers use.

You set up an account and set whatever settings you want for web filtering, and give them your external (internet) IP address to tie those filtering rules to, then set OpenDNS's DNS servers in your router or computer's IP settings. Don't worry, if you don't know how to do that they offer plenty of helpful instructions.

What if you are with an Internet Service Provider that gives you a different address each time you connect, or you want that protection on a laptop that moves from network to network getting new IP addresses all the time? They have an app for that. (sorry Apple)

OpenDNS Updater is a tiny app that sits in the system tray by your clock and periodically updates the IP address they have on file for your account.

Make Your Gmail Harder to Break Into

If you have a phone (not even a cell phone is necessary) or access to paper and a pencil, you could be using 2 factor authentication with Gmail and other Google services... well, if you only have paper and pencil it's not strictly speaking going to be 2 factor, but 2 part, one-time use passwords, which is almost as good.

I could go into a step by step of how to do it, but Google has already done that for me, with videos and screenshots and everything, just follow the link below.

I just set my account up, added my cell phone as an SMS phone I could receive codes at, my home phone # as a backup voice phone I could receive codes at, copied the one-time use passwords for emergencies into a keypass file, and set up Google Authenticator on my blackberry. It took all of 10-15 minutes to do and I have 2 factor auth with several backup options in case I lose my Blackberry phone. I can feel even more sure somone will not be able to easily hack my Google account from the Ukraine or somewhere else where hackers are plentiful, but also confident that I am not going to lose access to it myself.

Friday, August 03, 2012

VoIP at home

So, I've been playing with VoIP for years. I have set up an asterisk machine, (both as a service on my existing Linux box, and as a VM... many different iterations of the VM), I've had a commercial VoIP phone line from Primus, and later took the Sipura SIP ATA that I had been using with Asterisk and used it with various VoIP wholesalers directly, and in the end this is the solution I have come up with that works best for me:

Service Provider:
SIP ATA: Cisco SPA122 (This is the box that all your old fashioned analog phones plug into)
Desk Phone: Grandstream GXP2000 (used for business line and house line)
Spare SIP ATA: (because it's a little buggy and I don't have time to figure out why, so I plan to use it for travel) Sipura SPA-3000, which is no longer made, but it is the predecessor to the newer Cisco/Linksys SPA-3102

Originally the Sipura SPA-3000 provided a way for me to take my hard wired phone line (hooked up to the FXO port) and feed it into asterisk, then come out of the asterisk box as an extension (connected to the FXS port) connected to all the phones in the house, using the asterisk box as a way to route some calls over the internet, and to provide interesting IVR/answering machine features on incoming calls. (for example, I found I got almost no telemarketer calls if I simply had it send all unrecognized phone numbers to a menu that simply said "press 1 to ring the phone, or stay on the line to leave a message"

Nowadays I have no hard wired voice line. I have my phone number set up as a DID at and then each of my SIP devices register as a separate sub-account (extension) there. The DID rings to a Ring Group made up of all of the extensions, so all of the phones will ring when the house phone number is dialed. I filter any telemarketers through CallerID Filtering, sending most to either a "this number is no longer in service" message or just a straight hangup. Charities are treated a little bit better, they are sent to a message saying that their number has been recognized as a charity and that I don't give money over the phone, but if they want to get a message to me they can send an e-mail. ...and that I get a lot more calls from clothing drives than I have clothes to give, so if they are calling on behalf of a clothing drive I have nothing available. That basically takes care of most of the telemarketers and other annoyances. Filters for obvious fake phone numbers also help. By that, I mean numbers that are too short to be actual phone numbers...telemarketers use VoIP too, and sometimes either by mistake or on purpose, they fill out the "outgoing number for caller ID" field wrong.

So, if you are looking at the specs of the Cisco ATA, you will notice that there are 2 phone ports (FXS ports). My idea for that is to hook some of the phones in the house up to one port and some up to the other and have each port register as a separate extension. Not only will this allow 2 simultaneous calls from the same house at no extra cost (except per minute usage fees) it also adds a bit of redundancy in that if one extension fails to register properly with the servers, the other may still work. They all still ring when the phone number is called due to the ring group setup explained earlier. That is, unless someone is currently talking on the phone. In that situation other phones on that same extension will not ring.

What does all of this cost? aside from the purchase cost of equipment (which was not terribly expensive) I pay $0.99/month for the DID, and per minute usage for both incoming and outgoing calls. In the month of May the usage added up to $19.16, in June the usage was $15.26, in July it was $1.31 yes that is one dollar and thirty one cents. I guess we didn't make as many long distance calls in July. Yes, you pay for local calls too, but the rate is so ridiculously low that it doesn't matter.

I have also found it useful to set up an IVR for incoming calls from my cell phone that lets me press 1 to ring the house phones or 2 to leave myself a voice mail (which automatically gets saved as a .WAV file and e-mailed to me, so it is useful if I just want to take a quick note of something) or 3 to dial out, in case I want to make a long distance international call and not have it billed to my cell phone.