Access Control via DNS Applied to Parental Control

More and more contents targeting children and teenagers are available online on various media from social networks, websites, video streaming to gaming platforms. These contents are reachable via the many household devices and are rarely moderated from their providers making it complex for parents to regain control over what their children can access online. For service providers the problem is even worse as they face regulatory obligations enforcing them to offer a minimum level of protection of the content they expose their subscribers to, especially for children. They require a cost effective solution which is simple to deploy and operate. DNS offers a good option meeting all these requirements.

Challenges faced by Service Providers looking to offer Parental Control

For both service providers and parents, solutions exist. They range from dedicated software for specific devices as seen previously to dedicated bundles on portals offering contents for children.
For the Telcos and ISPs, these solutions are impractical to include as part of their service offers as they would potentially need to include them all to be able to service all their subscribers whichever devices and services they use. This is technically complex and commercially not sound.
So, on top of the complexity to set up and roll out such modular bundle offers factoring the high initial investment cost and set up fees, Service Providers must minimize the impact on the User Experience of those protected and moderated services while ensuring they can scale for up to millions of subscribers accessing potentially all of the online content and services available on the Internet. This is completely different from how users, applications and data are protected within organizations where categories of devices or applications can be banned and not supported as part of the Enterprise security policies. Telcos and ISPs are constrained to support a huge array of devices, operating systems and configurations sometimes completely outdated and without any capabilities to tune their configurations to maximize their protection as well as that of their users. And finally on the commercial side, to market and to sell those offers to average subscribers unaware of what their children might be exposed to on the web is as challenging as the infrastructure to set up.

ISPs already have a solution they can easily leverage: their DNS

When thinking about controlling access to non-legitimate content for children and teenagers, the most logical thing is to filter their DNS requests to such content and services. Whatever anyone wants to access, it always starts with a DNS request and Service Providers already offer DNS services as part of their subscriptions. So, responding to DNS queries based on who the clients is and what they have requested is a universal way to provide Parental Control, regardless of the device in use, its OS or its security configuration. In the case of Parental Control, this means that whatever the terminal (e.g. smartphone, tablet, PC dedicated to the children or borrowed from their parents, gaming console and IoTs such as smart TVs and Speakers), as long as they are identified as children or teenagers, it becomes possible to restrict access to the sites, applications or content (Internet categories) they request. Access can also be restricted to specific timeframes e.g. days or hours during the week.
For teenagers, if bound to mobile subscriptions, parents can control what their teens can and cannot access even when outside the home where this is handled by the domestic Internet access subscription.

The EfficientIP solution for parental control benefits from the capability of our DNS Guardian engine to perform real time data analysis between the cache and the recursion process, for both client behavior and the resolution requested. Each DNS transaction can be deeply inspected in order to take the right decision, whether it’s to follow the normal recursion process, apply a countermeasure upon specific behavior detection or to apply a security or control policy based on the client’s profile. More specifically, the DNS Client Query Filtering feature embedded in the DNS Guardian solution can manipulate data sets composed of both client identifiers and destinations to resolve, apply algebraic operations between a combination of lists and enforce a specific policy to it, such as normal recursion, blocking or advanced countermeasures.

Benefits for Service Providers

• Protect network & users, even when roaming
• Meet regulatory compliance
• Enable revenue-generating value-added services
• Easy to deploy solution
• Cost-effective, leveraging DNS already in place
• Highly scalable, resource efficient – light footprint
• No impact to performance or UX – ultra-low latency
• Enable protection policy per device
• Configurable by subscribers to match their requirements

An easy way to increase ARPU

Performed at full speed on the fastest DNS server on the market, EfficientIP Client Query Filtering applied to Parental Control brings many capabilities in terms of service architecture by leveraging an existing infrastructure component, able to scale easily when needed. So if you’re looking to bring additional revenue streams and potential for ARPU increase to your marketing and business teams, don’t hesitate to try it out!