A Tricky Parental Control Setup needed

[Tadersalad]

hi There

Hope you are are well today ?

I need some advice on a possible solution for my boss ,he approached me with something he wants setup at his house.
His setup at the moment is he has a Telkom Pace router for a VDSL line.
Then he has 2x Unify Wifi AP's that he connects mobile and tablets too.

He is complaining that his children are playing online games allot and they are still in school.
So he wants to be able to switch their connections off from a app on his cell phone and switch it back on again ,as he pleases.As well as setup schedules for their connections.
Now the boy sits next to the router and uses the Lan cable ,and when he is in his room he uses the wifi.
So i need something that will for example disable network access to a certain device rather than just the wifi

Of course this should not influence his connection at any stage.

What we have looked at is to setup 2x SSID's on the wifi and have the kids connect to the one and himself to the other one.then he can log in to the Unify admin page and disable the wifi Network the kids connect too.
But then the boy playing on the LAN cable will still be able to connect.

So basically what i am asking is just if you guys might know of any router + software that can do this kind of thing ?
I was wondering if perhaps a Netgear router with the genie app might be a option ? ,not sure on all its capabilities though.

or any other methods you can suggest ?
would really appreciate the input .

Thanks

 

[The_Ogre]

Not sure about any apps (haven't used any myself), but you could look at a MicroTik or a router which supports DD-WRT. Though I'm sure Ubiquity must have something similar.

He then adds a whitelist of devices (by MAC) address and only those devices will have carte blanche access - this is so the little bugger cannot download some MAC address spoof jobbie to allow him access. If he were to use a blacklist, its pretty easy to figure out whether only your MAC has been blocked, and kids are clever.

Next set up access restrictions:
Allow whitelist to any destination during any time
Deny all other devices to any destination during 22:00 up to 06:00 from Monday to Friday (or an extension to this would be to just block the ports in question during this time period)

 

[Scary_Turtle]

A Wi-Fi switch https://www.amazon.com/Switch-enabled-control-lights-Amazon/dp/B00DGEGJ02 has everything you need but kids are smart and could just unplug the router, so you probably going to have to install everything in the roof. You also gonna need an electrician to install it all safely.

You could also go a cheap route and connect the router to a cheap timer from builders, so the router is only on from 4-6 at night or something.

The on and off will probably break the router in 6 months but at least its an option

 

[krustyrsa]

Not sure about any apps (haven't used any myself), but you could look at a MicroTik or a router which supports DD-WRT. Though I'm sure Ubiquity must have something similar.

He then adds a whitelist of devices (by MAC) address and only those devices will have carte blanche access - this is so the little bugger cannot download some MAC address spoof jobbie to allow him access. If he were to use a blacklist, its pretty easy to figure out whether only your MAC has been blocked, and kids are clever.

Next set up access restrictions:
Allow whitelist to any destination during any time
Deny all other devices to any destination during 22:00 up to 06:00 from Monday to Friday (or an extension to this would be to just block the ports in question during this time period)

This will be the best cheapest solution, MAC filtering is really effective on both WIFI and LAN, What I also recommend is setting up firewall rules that would block all ports to know services (this would mean digging up all known port to games like dota, BF4, LoL, COD etc and adding websites like FB to a blacklist and configure scheduling to the mix as mentioned above (this means you have to do extensive research on the router you wish to use, as the pace router is a bunch of crap). Also change the default password on the router to a 6 digit passphrase with a combo of letters, numbers and symbols. Maybe setup Static IP addressing as oppose to DHCP and force all hosts to use a static IP address (its easier to manage all the hosts that way) , Create a new user account on all computers the kids have access to, make a local account and limit their accessibility, like changing settings or uninstalling apps. Its the parents responsibility to check these devices on a weekly basis to ensure none of them have been tampered with. You can also subscribe to a cyber nanny service for web protection. Disable all unnecessary ports E.G. port 23 for telnet, 3389 for RDP etc, install a proper anti-virus that immediately blocks all malware, spyware without requesting user permission. I recommend Kaspersky Internet security for this. Hope this helps

 

[SlinkyMike]

This man needs to learn to discipline his kids.

He doesn't need to do sysadmin for his home, he needs to do parenting to his kids.