OpenDNS is a great tool for free (kinda’), community managed web content filtration. We see this used more in education customers than corporate customers, but essentially you point your DNS at them (or your DNS servers as the case may be) and they filter out different kinds of content.
As is often the case with free apps, you’re not going to get all the features you might get with some other applications, but OpenDNS is a great start, especially if you’re not currently doing any kind of filtering.
To integrate it is very straight forward: sign up for a free account and define the address for your network in their dashboard. Then, point your DNS settings on clients (or DNS servers that server your clients as is often the case given directory services and other needs) to the 208.67.222.222 and 208.67.220.220 IP addresses and configure the level of filtration. Most of the complaints we hear about OpenDNS is that the filter doesn’t catch anything, which typically means the level of the filter isn’t set properly.
By default, the filter is only set to block Phishing attacks (sites) and you need to increase it to block anything else. The various settings (low, moderate and high) can be customized to block more and more types of content, eventually including even politics and social networking if you so choose. Beyond strict category based blocking you can choose to white-list or black-list sites as well. You can also choose to filter by type of network, although this is typically going to use a WAN IP to display the various types of networks.
Overall, it is usually possible to setup an entire web content filtering solution with no cost and be up and running within a couple of hours. I also usually like to whip up a graphic with the organizations logo explaining that a site was blocked and whom to call to get it unblocked (if it should be unblocked).
In the future, I would expect OpenDNS to have an API that will be integrated into consumer and prosumer firewalls, but for now it’s a great tool to have in your IT toolbelt if you don’t have the budget to spring for WebSense or another more costly alternative.
