dski 0 Posted January 18, 2021 Share Posted January 18, 2021 I've got parental controls setup on 4 Mac books. I'm having really inconsistent results, and it doesn't block HTTPS. In fact, I see a post saying this back in 2016. Is there really any point to this feature at all!? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted January 18, 2021 Administrators Share Posted January 18, 2021 SSL filtering is not supported on Mac yet. However, blocking https sites either by the url blacklist or parental control categories work for domains as long as you have port 443 listed in the list of ports to scan. Link to comment Share on other sites More sharing options...
dski 0 Posted January 19, 2021 Author Share Posted January 19, 2021 Great alternative Marcos. Thanks. Link to comment Share on other sites More sharing options...
DawnMarie 0 Posted February 19, 2021 Share Posted February 19, 2021 My son said he disabled the software by doing something with the VPN. Is there a way to prevent this? Otherwise, I can see no point in trying to use this software. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 19, 2021 Administrators Share Posted February 19, 2021 Please collect logs as per https://support.eset.com/en/kb3404 and open a support ticket with your local ESET distributor. In order for website categorization by Parental Control to work, ESET must be able to communicate with certain ESET's servers on UDP port 53535 in order to retrieve categorization. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 19, 2021 Administrators Share Posted February 19, 2021 7 hours ago, DawnMarie said: My son said he disabled the software by doing something with the VPN. Is there a way to prevent this? Otherwise, I can see no point in trying to use this software. Please collect logs as per https://support.eset.com/en/kb3404 and open a support ticket with your local ESET distributor. In order for website categorization by Parental Control to work, ESET must be able to communicate with certain ESET's servers on UDP port 53535 in order to retrieve categorization. Link to comment Share on other sites More sharing options...
bEeReE 4 Posted February 19, 2021 Share Posted February 19, 2021 On 1/18/2021 at 5:55 PM, Marcos said: SSL filtering is not supported on Mac yet. However, blocking https sites either by the url blacklist or parental control categories work for domains as long as you have port 443 listed in the list of ports to scan. This isn‘t the case any longer, isn‘t it? Referring to other posts, port 443 should not be listet....are we thus loosing the capabilities of blocking https phishing sites? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 19, 2021 Administrators Share Posted February 19, 2021 4 minutes ago, bEeReE said: This isn‘t the case any longer, isn‘t it? Referring to other posts, port 443 should not be listet....are we thus loosing the capabilities of blocking https phishing sites? Port 443 can be listed if you have Big Sur 11.2. It used to cause issues in v11.0 and 11.1. Link to comment Share on other sites More sharing options...
bEeReE 4 Posted February 19, 2021 Share Posted February 19, 2021 31 minutes ago, Marcos said: Port 443 can be listed if you have Big Sur 11.2. It used to cause issues in v11.0 and 11.1. Thanks a lot! Added to the web protection and now much more phishing sites are detected.... great. Link to comment Share on other sites More sharing options...
itman 1,751 Posted February 19, 2021 Share Posted February 19, 2021 As far as bypassing parental controls, there are numerous apps to do so. Here's one for Chrome; https://chrome.google.com/webstore/detail/gom-vpn-app-to-bypass-blo/eelphgpfmjhndihoopgadghfonahifel . Any device a child has access to needs to be locked down. That includes installation of browser extensions. Link to comment Share on other sites More sharing options...
bEeReE 4 Posted February 19, 2021 Share Posted February 19, 2021 (edited) 13 hours ago, DawnMarie said: My son said he disabled the software by doing something with the VPN. Is there a way to prevent this? Otherwise, I can see no point in trying to use this software. I don't use parental control. But depending on what you mean with "something with the vpn" I guess he deactivated the Eset Proxy in macOS's network settings or he installed a vpn service etc. If you want to fully control his machine, you should probably create an administrator account and downgrade his account to a standard account. Then, you can ensure that administrative tasks require administrator password (e.g. macOS settings/security/additional options"). Changing the network settings or installation of applications etc. could be restricted this way. Further, Eset can be configured to restrict "performing changes" only to administrator users (Eset settings related to privileges). Edited February 19, 2021 by bEeReE Link to comment Share on other sites More sharing options...
itman 1,751 Posted February 19, 2021 Share Posted February 19, 2021 (edited) I guess someone will have to run a test to determine if these browser based VPN's; here's another one; https://chrome.google.com/webstore/detail/stay-secure-with-cybergho/ffbkglfijbcbgblgflchnbphjdllaogb , can bypass Eset parental control blocking. Technically speaking, Eset's SSL/TLS protocol scanning is being performed on all ports. I guess it would depend on what VPN protocol is being used in these browser based VPN's. Appears Eset is only filtering TCP traffic. Edited February 19, 2021 by itman Link to comment Share on other sites More sharing options...
bEeReE 4 Posted February 19, 2021 Share Posted February 19, 2021 Can‘t eset block a related category? E.g. proxies, vpns or uncategorized sites? Depends on categorization, not? Link to comment Share on other sites More sharing options...
itman 1,751 Posted February 19, 2021 Share Posted February 19, 2021 2 hours ago, bEeReE said: Can‘t eset block a related category? E.g. proxies, vpns or uncategorized sites? Depends on categorization, not? No. Those categories don't exist in Parental Control. Only content related categories; e.g. 12+, can be selected. Link to comment Share on other sites More sharing options...
itman 1,751 Posted February 19, 2021 Share Posted February 19, 2021 (edited) Seems the way around this issue is to use something that is router based such as Cicso's Family Shield: https://umbrella.cisco.com/blog/introducing-familyshield-parental-controls that works in conjunction with OpenDNS. Obviously, router access needs to be locked down. Edited February 19, 2021 by itman Link to comment Share on other sites More sharing options...
bEeReE 4 Posted February 19, 2021 Share Posted February 19, 2021 36 minutes ago, itman said: Seems the way around this issue is to use something that is router based such as Cicso's Family Shield: https://umbrella.cisco.com/blog/introducing-familyshield-parental-controls that works in conjunction with OpenDNS. Obviously, router access needs to be locked down. I use Untangle NG Firewall and I am quite happy. I can block applications like your posted cybergho based on dedicated application filter etc. However, router based doesn‘t work if you are on mobile network etc. Similarly, DNS filters will not work if you change the DNS settings on your client and being outside of your controlled LAN. For sure, you could force VPN connection to home via App etc., but not if there is a possibIlity to easily delete the app. Depending on the age, they can also install a rogue access point and build their own WLAN at home thus not being detected as the child’s device if you don‘t monitor onboarding of new devices and and and. I think you can‘t control much if the clients itself aren’t under control. And then the question is, if and up to which age you want to block everything or just focusing on monitoring and awareness/discussions. Link to comment Share on other sites More sharing options...
itman 1,751 Posted February 19, 2021 Share Posted February 19, 2021 I actually found a posting on this subject: https://security.stackexchange.com/questions/107105/what-do-browser-vpns-actually-do . The gist of it is: Quote Normally if you load http://www.example.com, your computer makes a connection to www.example.com and loads and displays the web page. If you're using a VPN, the request goes through the VPN provider's VPN server first, then on to www.example.com, back to the VPN server, and then to your computer. The link between your computer and a properly configured VPN server is encrypted, so your ISP and anyone on your network cannot see any details of what you're browsing. I believe Eset's Parental Control monitoring is IP address based as is most of Eset's web filtering. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 20, 2021 Administrators Share Posted February 20, 2021 10 hours ago, itman said: I actually found a posting on this subject: https://security.stackexchange.com/questions/107105/what-do-browser-vpns-actually-do . The gist of it is: I believe Eset's Parental Control monitoring is IP address based as is most of Eset's web filtering. Parental Control is based on URLs, not on IP addresses. As for web filtering, it works with both IP addresses and domains so we can blacklist either. Link to comment Share on other sites More sharing options...
bEeReE 4 Posted February 20, 2021 Share Posted February 20, 2021 4 hours ago, Marcos said: IP addresses and domains so we can blacklist either. But how to deal with such vpn an proxies? Isn‘t there a possibility of blocking a „proxy“ category? How is e.g. cyberghostvpn.com be categorized? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 20, 2021 Administrators Share Posted February 20, 2021 35 minutes ago, bEeReE said: But how to deal with such vpn an proxies? Isn‘t there a possibility of blocking a „proxy“ category? How is e.g. cyberghostvpn.com be categorized? hxxp://cyberghostvpn.com - Category:Technology Link to comment Share on other sites More sharing options...
bEeReE 4 Posted February 20, 2021 Share Posted February 20, 2021 1 hour ago, Marcos said: Category:Technology Would be beneficial to categorize such sites into a separate category so that users will be able to block those, in my point of view....I am not affected. But for others it may be great... Categorization of Brightcloud: Proxy Avoidance and Anonymizers. Link to comment Share on other sites More sharing options...
itman 1,751 Posted February 20, 2021 Share Posted February 20, 2021 (edited) Here's an interesting parental controls bypass; no proxy or VPN needed: Quote Google Translate Proxy This is another bypass method I would expect some children to be aware of. If a URL is blocked, they can use Google Translate as a makeshift proxy. It is as easy as setting a language you do not speak in the text input field, entering the URL you wish to access, and waiting for Google to automatically translate it. The "translated" URL will become a link. The site will open in full, albeit within Google Translate. This can be slightly slow, but it is unlikely to be slow enough to discourage a determined mind. https://www.makeuseof.com/tag/7-ways-children-might-bypass-parental-control-software/ Edited February 20, 2021 by itman Link to comment Share on other sites More sharing options...
itman 1,751 Posted February 20, 2021 Share Posted February 20, 2021 (edited) As far as Webroot's BrightCloud filtering: Quote 58 Proxy Avoidance and Anonymizers Proxy servers and other methods to gain access to URLs in any way that bypasses URL filtering or monitoring. Web-based translation sites that circumvent filtering.http://anonymouse.orghttp://surfen-op-school.com https://www.brightcloud.com/tools/change-request.php# BrightCloud use is not free with cost based on URL lookup use. Edited February 20, 2021 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 20, 2021 Administrators Share Posted February 20, 2021 I was unable to circumvent Parental block neither through anonymizers nor Google Translate (tested on Windows): Link to comment Share on other sites More sharing options...
Recommended Posts