It’s the other side of the Easter Holiday and we’re still likely to be home schooling. So some thoughts on the home network.
So at home I have a KS1 and a KS2 to cater for (age 6 and 9), as well as a Work VPN link.
For the KS2 – they get a managed iPad to use with their school, as part of my local network setup, all DNS is routed through a local instance of pi-hole. Pi-hole blocks any DNS traffic that matches a blocklist which you can write yourself, or import from a public list (every month there seems to be a new discussion on the “best” block list). Any permitted traffic is then forwarded to a DNS server to be resolved – you can use a number of providers, I use Quad9.net. While being pretty easy to use, you do need a device to run it on, it’s designed to work well on a Raspberry Pi system. What you will need to do is change your network configuration to point to the Pi-hole instance as the DNS server. Normally your router is the first port of call for a device on your network. A device will connect to the Wifi/Router (if using wires), and then ask the DHCP server in the Router to get an address so it can use the network. Along with the address it gets the DNS server. Get into the router configuration for the DHCP server entries to get the DNS server pointing to your Pi-hole. So as a rough list:
- Install Pi-Hole on a machine/Pi
- Configure the machine/Pi to have a static IP address (important!).
- Configure DHCP to point to the machine in 2)
- Refresh the DHCP lease of all the devices.
For the KS1 – a different problem, they have an un-managed Android Samsung Tab2. This has lots of problems: out of the box you can’t really stop installs, or restrict times. My solution to this has been to use a free Mobile Device Management (MDM) solution from Relution which caters for small teams. Using this, I’ve set the device to Kiosk mode (replaces the launcher with a screen with a small list of apps) and also whitelisted only the apps that are used for the classroom. I can’t restrict the time like the iPad, but at least I can restrict the ability to install many many games.
Another note on Android – you will probably need a google account to use it, particularly play store, you can set up child accounts which depends on your comfort level with Google. It does offer Family Link which allows for some protection, not as comprehensive as an MDM, but more suitable for older children.
Lastly – wifi – consider where you want people to work and see if the wifi is any good, if you can – try and set the Wifi to use a less congested radio channel. You may need to move the Wifi router, or the work areas.
The work VPN is all over a wired connection (cable running around the house), so that makes the work part stable, albeit “fixed” location in the house, and also something I can worry less about. It uses the same DNS as the kids to get to work, and then using the VPN it’s the corp network so out of my hands.
A criticism of this post is that it’s a bit techie, without many of the details – the issue is that there are so many devices out there its impossible for me to describe how to set this up on a particular device other than ones I have. If you aren’t comfortable or simply don’t have the time (which is entirely valid – you are after all looking after children) then consider simply asking your ISP or Broadband Supplier what they recommend. Some have solutions they can apply. There are also third party companies that supply a “web safe” service.
- https://www.ncsc.gov.uk/section/information-for/individuals-families – UK Government advice for Cyber Security
- https://www.quad9.net/ – DNS people – you can use them instead of your ISP’s DNS