In most companies, managers don’t have the authority to give you new responsibilities or a pay increase.
They must go through the proper channels to get approval.“While it’s natural to feel antsy while waiting for the raise they asked for, it’s critical to find some more productive, tactful ways to prove their worth in the meantime,” says Vip Sandhir, CEO and founder of HighGround, an HR software company.To read this article in full or to leave a comment, please click here
The research revealed it would also theoretically be possible that such a vulnerability could present an entry point to the wider network, including the aircraft controls domain. “I’ve been afraid of flying for as long as I can remember,” said Santamarta. “It might sound like a sick cure to some but, as a hacker, learning everything I could about how planes work, from the aerodynamics to electronics, has reduced the fear significantly. On a 2014 flight from Warsaw to Dubai, I discovered I could access debug codes directly from a Panasonic inflight display.
A subsequent internet search allowed me to discover hundreds of publicly available firmware updates for multiple major airlines, which was quite alarming. Upon analysing backend source code for these airlines and reverse engineering the main binary, I’ve found several interesting functionalities and exploits.” IFE system vulnerabilities identified by Santamarta might most straightforwardly be exploited to gain control of what passengers see and hear from their in-flight screen, he claimed.
For example, an attacker might spoof flight information values such as altitude or speed, or show a bogus route on the interactive map.
An attacker might also compromise the "CrewApp" unit, which controls PA systems, lighting, or even the recliners on first class seating.
If all of these attacks are applied at the same time, a malicious actor may create a baffling and disconcerting situation for passengers.
Furthermore, the capture of personal information, including credit card details, is also technically possible due to backend systems that sometimes provide access to specific airlines’ frequent-flyer/VIP membership data, said the researcher. Aircraft's data networks are divided into four domains, depending on the kind of data they process: passenger entertainment, passenger-owned devices, airline information services, and finally aircraft control.
Avionics is usually located in the Aircraft Control domain, which should be physically isolated from the passenger domains; however, this doesn’t always happen.
This means that as long as there is a physical path that connects both domains, there is potential for attack.
The specific devices, software and configuration deployed on the target aircraft would dictate whether an attack is possible or not.
Santamarta urged airlines to steer towards a cautious course. “I don’t believe these systems can resist solid attacks from skilled malicious actors,” he said. “As such, airlines must be incredibly vigilant when it comes to their IFE systems, ensuring that these and other systems are properly segregated and each aircraft's security posture is carefully analysed case by case.” IOActive reported these findings to Panasonic Avionics in March 2015.
It only went public this week after giving the firm “enough time to produce and deploy patches, at least for the most prominent vulnerabilities”. Panasonic Avionic’s technology is used by a several major airlines including Virgin, American and Emirates airlines. El Reg asked Panasonic Avionic to comment on IOActive's research but we’ve yet to hear back. We’ll update this story as and when we learn more. The avionics research has some parallels with IOActive’s remote hack of the Jeep Cherokee in 2014, in which hackers took control of the vehicle’s dashboard functions, including steering, brakes, and transmission, through vulnerabilities existing in the automobile’s entertainment system. Once again, it appears entertainment systems have created a potential route into sensitive systems that hackers might be able to exploit. Stephen Gates, chief research intelligence analyst at NSFOCUS, commented: “In the light of this research, physical separation between in-flight entertainment systems and aircraft control systems could never be more important.
As airlines continue to add new customer-based entertainment and information technologies, airlines need to ensure that an impenetrable barrier is in place protecting aircraft control systems. “This research demonstrates that hackers could cause all sorts of issues that could impact a customer’s 'experience' while flying, but have yet to prove they could impact flight control systems,” he added. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub
Modern kids have never known a time when they couldn't connect to the whole world using the Internet. They're probably more at home online than you are. The problem is, there are things on the Internet that you'd rather they didn't encounter. Sites promoting violence. Sites full of hate. Pornographic sites that promote a skewed notion of human sexuality. You can't supervise every moment that they're surfing the Web on a PC, much less on a smartphone or tablet. That's where parental control software comes in, with the ability to filter out unwanted content, limit screen time, and in some cases monitor social media interactions.
Note that these applications can't substitute for good communication. If you don't want your kids to visit certain kinds of sites, talk to them about your concerns. And do take time to convince older kids that you'll respect their privacy while monitoring their online actions. Otherwise, you can be sure they'll find ways to evade even the most sophisticated system.
Parental Control Basics
Most parental control tools include content filtering—the ability to block access to websites matching unwanted categories such as porn, violence, and hate. This type of filtering only really works if it's browser-independent, and full coverage requires filtering secure (HTTPS) traffic. With no HTTPS filtering, a smart teen could bypass the system using a secure anonymizing proxy website like MegaProxy or Hide My Ass.
Access scheduling is another very common feature. Some applications let parents set a weekly schedule for Internet access, some control computer use in general, and some offer both as choices. A daily or weekly cap on Internet usage can also be handy.
Devices, Devices, Devices
Long gone are the days when a single parental control utility on the singular Family PC sufficed. Modern kids use all kinds of Internet-connected devices, and modern parental control systems must keep up.
Before settling on a particular parental control utility, you'll want to make sure that it supports all of the device types found in your household. While all the products in the chart above support Windows, support for Mac OS, Android, and iOS varies. Check, too, that any limits on the number of child profiles or devices won't be a problem. And if your kids are strictly mobile, take a look at our roundup of mobile-centric parental control apps.
If getting parental control coverage installed on each of your family's devices starts to seem too difficult, consider a whole-network solution. These systems perform content filtering at the router level, so your settings affect every device on the network. Naturally you don't get the same fine level of control and detailed monitoring that you get with a local agent on each device, but wow, is it ever simple!
Social Media Tracking
As the kids get older, content filtering may start to seem pointless. Hey, you let them watch Game of Thrones, right? At some point you start to worry more about their interaction with the wide, wide world. Sure, if their friends come over to play Street Fighter V or Guilty Gear Xrd in person, you can at least meet them. But what about friends on social media? Who are they, really, and what are your kids discussing with them?
That's where social media trackers come in. Typically you have the option to limit your view to posts and interactions that contain words or phrases that might indicate something inappropriate. Also typically, if you really want to you can dig in and see everything.
In most cases, installation of social media tracking requires that you know your child's login credentials, or that you convince the child to log in and install the tracker's app. Disabling this kind of data collection is a snap for the child, so here, more than ever, you need to get agreement from your child.
Remote Notification and Management
With most parental control systems, you can opt to receive notification via text or email when your child tries to visit a blocked site, makes a post using iffy language, or otherwise bends the rules. Some of these tools let kids remotely request parental override to unblock a particular site, or get extra time online to finish homework.
In most cases, you manage your parental control system by logging in to an online console. From the console, you can tweak settings, review activity reports, or respond to a child's override request. And any changes you make propagate to your children's devices when they connect to the Internet.
When you get beyond the basics, parental control systems start to diverge, with many advanced features to help them stand out from the crowd. Some limit access to games, TV shows, and movies based on ratings. Some let parents control just who the kids can chat with via various instant messaging systems. Blocking specific applications is another advanced feature, as is forcing Safe Search on popular search portals.
You'll also find advanced versions of standard features. For example, the best content filters don't just use a database of categories. They analyze page content in real time so that, for example, they can allow access to a short-story site but block the erotica. To learn about these advanced features, and to make an informed choice for your own family, you'll need to read our full reviews.
FEATURED IN THIS ROUNDUP
With configuration and reporting moved to the Web, ContentWatch Net Nanny 7 is fully at home in the modern multi-device world of parental control, and it still has the best content filtering around. Net Nanny 7 is a parental control Editors' Choice. Read the full review ››
With Qustodio Parental Control 2015, you can keep track of your children's online activity on PC, Mac, iOS, Android, or Kindle devices. Its rich feature set and clever social media tracking make it a new Editors' Choice for parental control. Read the full review ››
Symantec Norton Family Premier lets parents track and manage their children's use of Windows, Android, and iOS devices. Its completely Web-based configuration and wealth of features make it a great choice for parental control. Read the full review ››
Kaspersky Safe Kids offers well-rounded, very affordable parental control and monitoring, and it doesn't limit the number of child profiles or devices you can cover. It's an excellent choice. Read the full review ››
You configure Mobicip's parental control options online, and a local agent enforces the rules on your children's devices. In testing, we hit a few communication problems, but overall it's a good choice for the modern multi-device family. Read the full review ››
OpenDNS Home VIP applies parental control and monitoring at the network level, for all your devices, and its essential features are available for free. Consider using it in conjunction with a more conventional parental monitoring tool. Read the full review ››
When you configure your router to use SafeDNS, you can filter out dangerous or objectionable content for every device that connects using your home network. Just don't expect a full range of parental control features. Read the full review ››
They entrusted our campaign with this information,” Honda campaign lawyer Gautam Dutta told Ars. "We consider it a cyberattack. You basically have your political opponent obtaining and using your confidential information, obtained through the Internet in an illegal manner.” Even after the contract with Arum Group ended in December 2014, the Honda campaign didn't notice that anything was amiss until May 2016.
According to Dutta, that’s when Dropbox sent an e-mail notification about file access that the current fundraiser could not understand. “He went to our former fundraiser about this, and she made the discovery that Mr. Parvizshahi still had access to that account, and she immediately revoked it,” Dutta said. CFAA strikes again In addition to Parvizshahi, Khanna and the “Ro for Congress” campaign were named in the suit as defendants. Khanna and his campaign were officially served with the lawsuit Thursday night at a campaign event in Fremont, California. Parvizshahi resigned from his position on Thursday evening and has yet to be served with the lawsuit. He has not responded to Ars’ requests for comment. The Khanna campaign did not immediately respond to Ars’ requests for comment, but Khanna spokesman Hari Sevugan provided a statement to the Los Angeles Times. He wrote: By filing this lawsuit with six weeks to go and down in the polls, [Parvizshahi] believes Mike Honda is trying to distract voters from the ongoing ethics investigation into how he sold special governmental access to his VIP donors after accepting $3 million in PAC contributions.
And Brian will not let Mike Honda use him to distract voters from the need for real change. The criminal portions of the Computer Fraud and Abuse Act have drawn scrutiny in recent years, as they have been the vehicle for numerous high-profile prosecutions, including that of Matthew Keys. The CFAA is the same law that was used to prosecute activist Aaron Swartz, which ultimately resulted in his suicide.
It is the same law that President Barack Obama has said he would like Congress to expand to encompass broader reach and longer prison sentences.
After Swartz’s death, some lawmakers proposed Aaron’s Law, a Congressional bill that would aim to rein in some of the expansions of the CFAA, but it has languished in Congress. The CFAA also has a civil portion, which is nearly identical to the criminal section.
It allows anyone to bring a lawsuit. Ahmed Ghappour, a law professor at San Francisco’s University of California, Hastings, said that the Honda campaign has a strong case. He told Ars: Under 9th Circuit law, Parvizshahi’s access to the files was arguably “unauthorized” for two reasons.
First, Honda’s termination of Arum Group effectively rescinded any previous grant of permission to Arum Group employees to access the dropbox files.
Second, Arum Group’s termination of Parvizshahi (or his voluntary departure, as may be the case) likely had the effect of rescinding permission to access Arum Group’s client files, past or present. Professor Ghappour pointed to a notable civil CFAA decision at the 9th Circuit Court of Appeals from 2009, LVRC Holdings v.
Brekka. In Brekka, the 9th Circuit held that a person uses a computer without authorization “when the employer has rescinded permission to access the computer and the defendant uses the computer anyway.” This opens up liability in the post-employment context.
Courts in the Northern District of California have found that the employer doesn’t need to revoke the employee’s access credentials for there to be unauthorized access post termination. Under this interpretation, termination is sufficient to provide notice. Beyond the civil liability, Parvizshahi could still face criminal prosecution. “This is a very serious matter, and we would urge the federal authorities to look into it,” Dutta added.
The later destruction of the e-mails during the continuing investigation was apparently, as Combetta told investigators, an "oh-shit moment." On July 24, 2014, a reddit user with the screen name "stonetear" posted to r/exchangeserver looking for advice on a vexing problem: Hello all- I may be facing a very interesting situation where I need to strip out a VIP's (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file.
Basically, they don't want the VIP's email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out. I am not sure if something like this is possible with PowerShell, or exporting all of the emails to MSG and doing find/replaces with a batch processing program of some sort. Does anyone have experience with something like this, and/or suggestions on how this might be accomplished? ...The issue is that these emails involve the private email address of someone you'd recognize, and we're trying to replace it with a placeholder address as to not expose it. Based on other social media profiles and a Google e-mail address, "stonetear" appears to have been Paul Combetta, according to the work of members of Reddit's r/conspiracy.
The date of the post is interesting because it is the day after the State Department and the House Select Committee on Benghazi reached an agreement on producing records related to the Benghazi investigation—but months before the State Department actually requested private e-mails related to work from Clinton and former Secretaries of State Colin Powell and Madeline Albright. That is also the timeframe during which Clinton's chief of staff Cheryl Mills told Platte River Networks to export all of the e-mails sent by Clinton to ".gov" e-mail addresses to a separate .PST mailbox file in preparation for the investigation, according to FBI interviews (PDF) with Mills and a redacted Platte River Networks employee—Combetta.
The report does not say whether Mills requested Combetta do anything else with the e-mails before turning them over—such as scrubbing the incriminating personal domain name from the e-mails before they were passed to Congress to avoid revealing Clinton was using a personal domain for her e-mail, or allowing her e-mail address to become public record. In any case, it turned out that Combetta could not easily erase that information without directly editing the contents of the e-mail files.
A number of tools were suggested by reddit posters as a way to perform some fixes or to correct the problem in the future, but none of the suggestions would have easily stripped e-mail addresses from within a .PST file of the size he was dealing with. In the end, the .PST archive file was passed to Clinton's lawyers.
Clinton's use of a private e-mail domain was exposed before by the New York Times in March of 2015—though it had previously been exposed by the Romanian hacker Marcel Lazar Lehel (aka "Guccifer") two years earlier, without being widely investigated. Captain BleachBit In December of 2014, after the e-mails were provided, Mills apparently requested a change to the retention policy for e-mails on the private server, telling Combetta that Clinton didn't want any of her e-mails going forward to be retained for more than 60 days.
But as had happened with many requests from Clinton's staff—including the request to encrypt the contents of the mail repositories to protect them—the Platte River Networks technicians never implemented the policy. Combetta gave conflicting information several times about Clinton's e-mails on the server.
But in a final follow-up interview this May, Combetta came clean to the FBI and "indicated he believed he had an 'oh shit' moment" when he realized he had not implemented the 60-day policy for Clinton's post-State Department e-mails. Instead of purging e-mails in her current mailbox, "sometime between March 25-31, 2014 [Combetta] deleted the Clinton archive mailbox from the [Platte River Networks] server and used BleachBit to delete the exported .PST files he created on the server system containing Clinton's e-mails," the FBI report on the investigation recounted. He then realized that he had deleted e-mails he was supposed to retain because of the investigation's preservation request, even though he was aware that "he should not disturb Clinton’s email data," the FBI noted.
This shady marketplace has done everything a legitimate “digital” business should do. Hitherto, what are euphemistically called “booter” services have been pretty obscure.
But if anything deserves an as-a-service “-aaS” (“software as a service, SaaS; platform as a service, PaaS) created in its honour, it’s the 'DDoSaaS' or perhaps 'DoSaaS' industry: Denial-of-service-as-a-service. We now know much more about the marketplace because its leading business, vDOS, was hacked this year, and security expert Brian Krebs has been joining the dots. Krebs has documented the DaaS business for some years, a thankless job resulting in regular attacks on Krebs' own website.
The key business and technical architects also helpfully described it in an academic paper. Two Israelis allegedly behind vDOS, both 18, were arrested after an FBI investigation.
The site had been operating for four years. vDOS offered four retail tiers: from a $19.99 “bronze” plan to a $199/month “VIP plan”. Just as blogs and social media “democratised” the media, by making the tools of production and distribution cheap and readily available, so too did booter services. To take a site you didn’t like offline you used to have to have a network of contacts and great technical expertise.
But the booter services put a DDoS attack into anyone’s hands, and all it took was a quick retail transaction -as low as $20.
Booter services were the Uber of DDoS. How’s that for disruption? “To say that vDOS has been responsible for a majority of the DDoS attacks clogging up the Internet over the past few years would be an understatement.
The various subscription packages to the service are sold based in part on how many seconds the denial-of-service attack will last,” Krebs noted, adding: And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years worth of attack traffic. Like many “booter” services, vDOS had been hiding behind CloudFlare’s CDN.
The CloudFlare CDN acts as a cloaking service, and has been criticised for keeping pro-ISIS sites online.
CloudFlare has also been under fire for doxing; a sample of CloudFlare’s clients can be found here.) In a January post entitled Spreading the disease and selling the cure, Krebs observed: “The booter services are proliferating thanks mainly to free services offered by CloudFlare, a content distribution network that offers gratis DDoS protection for virtually all of the booter services currently online.” As well as providing protection for the DoS [denial of service] industry, CloudFlare operates a DoS-protection service for clients worried about DoS attacks. Krebs added: “If CloudFlare adopted a policy of not enabling booter services, it could eliminate a huge conflict of interest for the company and – more importantly – help eradicate the booter industry.” CloudFlare says it responds to individual law enforcement requests and will not proactively police its network for DDoS-ers. What made vDOS particularly interesting was that it operated in both “retail” and “wholesale” markets. “PoodleStresser, as well as a large number of other booter services, appears to rely exclusively on firepower generated by vDOS,” Krebs notes. This isn’t unusual in legitimate sectors.
A food manufacturer may sell white label versions of its goods to supermarkets, and mobile networks have for years made better use of their capacity by wholesaling to MVNOs, mobile virtual network operators). The vDOS pair maintained a network of PayPal accounts but many of the participants are US based. Damon McCoy, cited at Krebs' blog, notes that vDOS blocked clients from disabling Israeli sites, most likely to avoid unwanted attention from authorities at home: “The main reason was they didn’t want to make trouble in their local jurisdiction in the hopes that no one in their country would be a victim and have standing to bring a case against them.” The cover story offered by booter operations is that the software has a legitimate use: for sites to stress test their own web servers.
In reality, the “democratization of DDoS” – with kits available on the dark web for a fiver – means that buying DDoS protection offered by CloudFlare is almost mandatory. ®
The audio and visuals are undeniably impressive.
The tech features an eight-core processor, a Qualcomm Snapdragon 810. Sirin Labs’ hardware features Koolspan’s TrustChip processor.
The phone operates in two modes: a regular high-end Android phone where users can download apps and an encrypted mode isolated from the operating system and connected devices. A switch on the back of the device enables "shielded mode" for encrypted texts and calls.
This enclave comes with a walled garden.
Sirin Labs is a Swiss firm but its R&D team is based in Israel and its marketing and sales team is based in London.
The device is pitched at business users, tech lovers and high net worth individuals. Chief executive officer Tal Cohen, whose background is in internet advertising startups rather than mobile or security, said his firm had identified a niche market comparable to the high-end watch market but for smartphones.
Its potential customers wanted ease of use, a general purpose phone and security in one device.
The device is pitched at investment bankers, lawyers, accountants and investment houses. The smartphone features mobile security from Zimperium and support for Qualcomm’s TrustZone technology.
Cohen described the devices as Mobile Device Management “friendly” but wasn’t immediately able to provide details even when pressed on this point. MDM technology allows corporate IT managers to support the BYOD trend, aspects of which involve people using personal devices instead of relying on company-issued kit. Such execs looking for the last word in security can already use the Blackphone, which comes from crypto wars hero Phil Zimmermann and former Navy SEALs, a formidable combination. Much is known about the security aspects offered by the Blackphone, whereas the Solarin handset’s security bona fides are yet to be substantiated or even specified.
Cohen told El Reg that smartphone featured anti-tampering on the ROM as well as app protection from anything below “agency-level attacks”. Post Enron and after the LIBOR rate-fixing scandal, the use of the technology in investment banking or other heavily regulated industry seems problematic. Yet that’s not really the market the Solarin is aimed at, even though the marketing blurb may say otherwise.
The Solarin handset is a gold-plated iPhone for those who prefer Android. “It’s the most advanced technology for those where cost is not an issue,” according to Cohen.
Asked by El Reg what car the Solarin would be if it was an automobile, Cohen said it would be a “Lamborghini, McLaren or Bugatti.” Initial sales outlets include a store in Mayfair and the Heathrow VIP area. Independent security experts remain unconvinced about Sirin Labs' proposition – especially in the absence of details.
Security through obscurity isn't going to win hearts and minds among mobile security experts. “The anti-virus will be essentially a waste of time, and expecting a plug-in card to secure Android's microphone and speaker is fundamentally flawed logic,” a mobile security expert who asked not to be named told El Reg. “There might be some value in some of it, but Blackphone is a much more sound approach overall.” ® Sponsored: Rise of the machines
It would be a bit of an effort, but you'd get fine-grained control and monitoring.
But what if they get on the Web using a PlayStation 4 or some other connected device that's not covered by your parental control tool? That's where a product like the Peace Wireless Router ($99) comes in. When you replace (or supplement) your home router with it, you can filter Web traffic for every device that connects to its network. However, you need some serious technical skills to use it, you don't get control over what's filtered, and it doesn't use the very latest Wi-Fi technology.The Peace Router also goes by the unwieldy name pcWRT 802.11n 300Mbps Parental Control Router.
That's what you'll see if you go to purchase it on Amazon.
To make the connection clear, the company's website highlights letters in the name Peace Wireless Router. Our company contact explained, "The main theme of the product is to bring peace of mind to parents, and bring peace between parents and children." Like Circle with Disney, the Peace Router costs $99. Note, though, that in both cases it's a one-time fee, rather than a yearly subscription like with ContentWatch Net Nanny 7, Qustodio Parental Control 2015, Symantec Norton Family Premier, and most others. In addition, the Peace Router covers an unlimited number of devices and users, while most software-based systems set a limit on the number of children, number of devices, or both.
Depending on the subscription you choose, Net Nanny protects either five or 10 children on all the devices they use.
Familoop Safeguard protects either three or 10 devices used by an unlimited number of children.
Symantec Norton Family Premier is a rarity, with no limits on devices or children. Router FeaturesYou don't get the latest Wi-Fi technology with the Peace Router.
It's based on the MediaTek MT7620N chip, which contains a 580MHz MIPS processor and supports the 802.11n wireless protocol.
It is a single-band N300 router, which means its maximum theoretical throughput tops out at 300Mbps, as opposed to today's 802.11ac routers that start at 750Mbps and can reach theoretical speeds of up to 5.3Gbps. Moreover, it doesn't support 802.11ac technologies, such as Beamforming, which broadcasts wireless signals directly toward clients rather than over a wide spectrum, and Multi-User Multiple Input Multiple Output (MU-MIMO), which allows the router to service multiple clients simultaneously rather than sequentially. The Peace Router is compact, measuring just 5.7 by 8 by 1.2 inches (HWD).
It has a white finish with green trim, and features two antennas and eight small LED status indicators (one for each of the wired ports, power, Internet activity, wireless activity, and WAN connectivity).
Around back are four wired LAN ports, but they are Fast Ethernet (10/100Mbps) ports rather than the much faster Gigabit Ethernet (1/100/1000Mbps) ports.
There's also a USB port in the back, but it was not enabled at the time of our testing (a spokesperson confirmed that it will be enabled at a future date). In addition to the Parental Control button, the Web-based management console offers buttons for Internet, Wireless, Network, Dynamic DNS, UPnP, and system Settings. Use the Internet button to choose a protocol (Static, DHCP, PPP, PPPoE, PPPoATM, Unmanaged) and designate an override MAC Address, and use the Wireless button to name your SSID, select a channel, configure transmission power, and set up wireless security (WPA-PSK, WPA2-PSK, WPA-PSK/WPA2-PSK Mixed Mode). The Network settings menu is where you go to configure IP Address and Network Mask settings, set DHCP lease times, enable port forwarding, and add Static Routing.
The Dynamic DNS menu allows you to enable automatic DNS updating, and the UPnP settings let you to configure NAT-PMP and UPnP services and create rules to permit internal and external port access.
Finally, the System button takes you to a screen where you can do things like change the host name, configure the time settings, change passwords, and update the router's firmware. High-Tech SetupThe Peace Router doesn't give you anything like the colorful hand-holding setup instructions offered by Circle with Disney.
Installing it is exactly like installing any new router.
Fortunately, the documentation does offer clear step-by-step instructions. If you're replacing an existing router, you start by connecting the device to power and plugging in the Ethernet cable.
If your existing router has to remain, perhaps because it also handles your cable TV or other services, just plug the Peace Router into one of its ports and disable Wi-Fi on the existing router. You know how to disable Wi-Fi, right? The default IP address, administrator name, and password are printed on the bottom of the router.
As with the $149 Clean Router, the connection is initially unencrypted. You connect one of your devices, either by Wi-Fi or Ethernet, using the default credentials. Once you set your own password and time zone, you can configure Wi-Fi encryption, choosing WPA-PSK, WPA2-PSK, or WPA-PSK/WPA2-PSK Mixed Mode.
For testing, we chose simple WPA-PSK, which stands for Wi-Fi Protected Access / Pre-Shared Key. If you know what you're doing, you can select from three encryption variants: Force CCMP; Force TKIP; or Force TKIP and CCMP. Most users should simply leave this in Auto. If your network already uses WPA-PSK, you can save yourself a lot of trouble by giving the new router the same SSID and password as the old router.
If not, you'll have to configure each device to use the new settings.
Don't worry; when the Wi-Fi stops working, the kids will come running to you for a fix! It's worth noting that the Clean Router handles setup using a helpful wizard.
After hooking it up, you log into the CleanRouterWizard hotspot and follow instructions to get the router configured. When you're done, that hotspot vanishes, and your new, encrypted connection appears.
Circle with Disney doesn't replace your router, instead relying on ARP Spoofing to control network access.
It, too, handles setup using a step-by-step wizard. Configure Parental ControlOnce you log into the router using the password you defined, you'll be confronted with seven large buttons to configure various features of the device. We'll focus first on Parental Control. To get started, click the Parental Control button and enable the parental control system; it's not enabled right out of the box.
At this point, the Internet connection for every device on the network is filtered using OpenDNS Family Shield.
This service blocks inappropriate content automatically.
It's similar to OpenDNS Home VIP, but without the ability to fine-tune just what content categories should be blocked. You can choose from a collection of other DNS (Domain Name System) replacements.
Google Public DNS doesn't perform any parental control filtering, nor does Norton ConnectSafe - Security. You might choose one of these for your own profile (more about profiles later).
Choosing Norton ConnectSafe - Security + Pornography or Norton ConnectSafe - Security + Pornography + Other adds content filtering. You can also choose to force Safe Search, run YouTube in restricted mode, block numeric IP addresses, and block the use of proxies, VPNs, and TOR.
All of these are enabled by default except for the YouTube restriction. In testing, we found that using OpenDNS worked well.
It blocked inappropriate sites, displaying the categories that triggered blocking. However, when we chose either of the Norton options, inappropriate sites simply did not load.
The browser's loading indicator spun and spun, and eventually resulted in an error message.
According to Symantec's FAQ for this service, "you will see a warning that includes information on why we rated the site as dangerous." We never did. Our Peace Router contact couldn't explain why the warning page didn't appear. You can't configure blocking categories with OpenDNS Family Shield or with the Norton choices. However, it's possible to connect an OpenDNS Home account with the Peace Router.
It took me quite a bit of effort, including some trial and error, as the instructions for this configuration were (as far as we could tell) incomplete.
The average user would not be able to manage this feat.
In truth, it would have been easier to just configure an existing router to use the OpenDNS Home account. Time SchedulingInternet time scheduling is handled through the calendars feature. You can have up to three calendars in each profile.
To create a calendar, you start by giving it a name and listing the websites that should be affected.
For example, you could create a social media calendar and add all the social sites your kids use.
If you leave the website list blank, the calendar affects all access to the Internet. Qustodio Parental Control 2015, Mobicip, and many other products let you schedule computer use, Internet use, or both using a weekly grid, in hour or half-hour intervals.
Typically, dragging across the grid lets you draw rectangular areas, for example, to block access between midnight and six in the morning on all days of the week. The Peace Router works a bit differently. You do get a grid, a very tall one that requires significant scrolling to see all the hours in the day.
Clicking with the mouse places a tiny access-allowed marker on the day and time you clicked.
The marker's edges have up and down arrows that you drag to define the desired time period, and you can add more than one marker on a given day. However, unless you're really precise with the mouse, you're likely to wind up, for example, allowing access from 6:03 p.m. until 8:56 p.m.
And the window doesn't auto-scroll when you drag, so setting a lengthy time period requires you to drag, scroll, drag, scroll, and so on.
Fortunately, you can switch to text mode, and edit the time spans to the precise values you want. We defined a social media calendar that didn't include any allowed time on the current day. When we tried to connect with Facebook and Twitter, instead of seeing a warning from the device saying, "Your connection is not private.
Attackers might be trying to steal your information from block.opendns.com," we got a browser error message saying, "Your connection is not private." Our company contact explained that this happens any time the Peace Router tries to block a secure (HTTPS) site.
To be fair, Circle by Disney has a similar problem, as its ARP Spoofing looks like an attack when HTTPS is involved. Don't Block Me!So far, we've described a situation where time-scheduling and content-filtering rules apply to every device on your network.
Chances are good, though, that you don't want to be cut off from the Internet just because it's your child's bedtime.
It's also essential to exempt any Internet of Things devices, such as connected doorbells or Wi-Fi security cameras from parental control.
If your children's ages differ greatly, you may also want different settings for different kids.
To handle these tasks, you need to define one or more new profiles. For each profile, you have the option to choose a DNS server other than the system default.
As noted, earlier, the Google Public and basic Norton ConnectSafe options provide secure DNS without parental control filtering. You can also just disable parental control for the profile.
Calendars are profile-specific, so if you don't define any, you won't have any time limitations.
Conversely, maybe you'd actually like to disable Wi-Fi when it's your own bedtime, to suppress interruptions. Once you've defined a profile, you need to associate your devices with it.
Clicking the Add button brings up a list of devices you can add.
If you're lucky, the device names will be clear, making your choice easier.
If not, you have a bit of work to do. At the top-right corner of the router-management screen there's a button to switch from settings to status; click that.
Among other things, the status screen lists all devices connected through the router, along with the IP address and MAC address for each.
Go to the device you want to add, and check its MAC address; the technique for getting this information varies by platform. Now find the device's MAC address in the Peace Router's list, click it, and give it a friendly name. Once you've named all the devices that need naming, you can go back and add the right ones to your various profiles. But what if you and your kids share a Windows or Mac PC under different user accounts? Well, it gets a bit more complicated.
For each user who should not be managed by the default profile, you define a Proxy User name and password, and add that Proxy User account to one of the profiles. When you log into your account on the shared device, you must also configure the device to use the proxy IP address and port defined by the router.
The browser will prompt you for the proxy username and password; then you're free of restrictions. LimitationsLike the Clean Router, Circle with Disney, and other router-based parental control solutions, the Peace Router can only control devices that are connected to its network.
The same is true of OpenDNS, SafeDNS, and any other solution that works by reconfiguring your router's DNS settings. If your kids are away from the house, the Peace Router can't do a thing.
If they mooch the neighbor's wireless, it's powerless.
And if they have smartphones, they may not even notice time limitations—the phone will just switch to cellular data.
Conceivably, a tech-savvy kid could install a different router; the Clean Router gets around this last worry by offering a $50 Lock Box that puts the cables out of reach. The other router- and DNS-based solutions we've mentioned let you fine-tune what content categories get blocked, and they log online activity.
The DNS services that the Peace Router offers don't allow this kind of tuning. You also don't get a log of online activity the way you do with the Clean Router. Jumping through hoops to get OpenDNS Home working in this device gives you both of those features.
But at that point, you might as well just connect your existing router to OpenDNS Home. Router PerformanceThe Peace Router's performance was slightly faster than that of the Tenda Wireless N300 Easy Setup Router F3, another single-band 300Mbps device we were also testing.
Its score of 64.5Mbps on our close-proximity (same-room) throughput test bested the Tenda F3's score of 48.5Mbps, and it's score of 41.3Mbps on the 30-foot test also beat the Tenda F3 (40.6Mbps), but just barely. To illustrate how these scores compare with routers using the latest wireless technologies, our Editors' Choice for midrange routers, the Linksys EA7500 Max-Stream AC1900 MU-MIMO Gigabit Router, scored 97.3Mbps on the 2.4GHz close-proximity test and 52.1Mbps on the 30-foot test.
That said, the Linksys EA7500 is a dual-band router AC1900 that is capable of maximum theoretical speeds of 600Mbps on the 2.4GHz band and 1,300Mbps on the 5GHz band.
It scored a speedy 495Mbps on the 5GHz close-proximity test and 298Mbps on the 30-foot test.
It should be noted that it costs around $100 more than the Peace Router. Only Techie Parents Need ApplyIf the prospect of installing and configuring a new router sounds like fun, the Peace Wireless Router might be just the thing for you. Most parents, however, will find it easier to set up the Clean Router, or Circle with Disney. For more traditional parental control tools, our top picks are ContentWatch Net Nanny 7, Qustodio Parental Control 2015, and Symantec Norton Family Premier.