So what do I block

On May 30, 2009, in Security, by

After this morning’s presentation on “Stupid users and Attackers” I’ve been asked what categories and sites I block using OpenDNS.  One nice thing about OpenDNS is that I can manage several networks just from one console.  So the sites I block on one network can be different from another.

For example at the office I found that I had to reopen the “proxy-anonymizer” as there was a site we used (I forget now which one) that was being blocked. I also have uploaded a custom logo so that when people know they’ve been blocked, they know we mean it to be blocked.

But you may need to play around with the settings and not use the high and choose custom settings based on the needs of the firms.

I’ve also added some specific urls and blocked domains that I feel don’t add anything but risk.  This is where my choice to block doubleclick comes in. Does is slightly make give off a weird message when you check out?  Yes it does, but if you tell people what to expect, it’s not an issue.

And if the top things blocked are stuff like this?  I don’t think it needs to be in my networks in the first place.


3 Responses to So what do I block

  1. Daniel Mundy says:

    I’ve toyed with the idea of using OpenDNS for my clients but was always concerned with speed. Have you found it slows down browsing?

  2. Joe Raby says:

    The thing I hate about OpenDNS is that it takes over failed domain searching and sends you to a search results page, powered by Yahoo, instead of your default search engine as dictated by your browser. My ISP (Rogers Canada) does this also, at least they did, up until they dropped their major Yahoo branding partnership. People would have to use their alternate DNS server to get around the Yahoo redirection, and Rogers even hijacked IE Address Bar searches by looking for the IEAddress parameter in a search URL.

    I swear that this is one of the only major partnerships that Yahoo has left, and once the partnership evaporates, Yahoo is dead.

  3. GReg says:

    Maybe those “Bing” guys ought to talk with OpenDNS then…