Ah, the responsibility of being a good IT literate parent. I have shepherded two college age sons in their computer growth and responsibility. Respect, ground rules, openness and consequences. Plus some absolute policies and a little hardware. As they have grown older, they have gotten more ability to do their own thing. 1. I assume that you and your spouse purchased the machine. (We bought it, *I* am the one who fixes and upgrades it, therefore I get: An administrator account on the machine. The right and priveledge for unannounced inspection of the machine. Approvals for all applications installed or downloaded. The right of take-away, time-out, access or user level restritions for "bad behaviour" 2. To do the administration on my SOHO net, and keep track of these things I use some standard software and procedures that are mandatory. I use Network Magic Pro - Best easy to use SOHO network package I have ever found. Multiple User Packs of Avenquest-VCOM System Suite, Gives you AV, AntiSpyware, Firewall plus some of the better flavors of repair and recovery, optimization and tuning software packages. Firefox, Irfanview, SysInternals, Nirsoft, Copernic DT Search and other appropriate open source or free packages. We use MS Office 2K3 Teacher and Student edition, because most of the schoolwork to be turned in electronically needed to be in that format. 3. For monitoring and blocking I administer the master account and all email passwords for the accounts provided by our ISP. I use Logviewer on my Linksys Routers and send multiple reports schedule to DShield. I also review those logs several times a week. I use site blocking techniques, graded appropriately by age. Intrusion reporting runs on one of the retired desktops, and alerting is set up wherever possible. I use one of the VNC packages for remote monitoring if required. 4. For filtering and access control I use or have used Net Nanny back in the W95 days, but gave it up because of the spotty support. For restrictions I've used DLink's Secure Spot Web Protection Device. (Has the best filtering for the SOHO user, approaches Websense in functionality.) OpenDNS with custom filtering has replaced the D-Link because it wont keep up with my turbo rate. Time restrictions can be applied on the Router (and are) Son who is at college, on campus net also has an Alpha-Shield stateless filter device. I put that on his setup after the first family day, when "Dad. my machine is acting funny" came up. I did a quick analysis of the situation, he was hosed with all kinds of nasties. I then pulled out my traveling kit (honking USB thumb drive) and a good number of downloads and patches, then fixed everything. (Did miss the first half of the homecoming game though....) At supper after the game, he had to listen while I politely ripped him a new one in front of the whole family, without even raising my voice. I gave him all they whys and wherefores, then we went to the computer store, I gave him the $$$ and made him buy the Alpha-Shield, and install it before we left campus. He is now a true believer. 5. Sanctions for bad behavior depend on the severity of the offense. Additional blocks on the web content Increased scrutiny of logs with counseling on visits to bad places. Specific site or type blocking. Demotion of user level Moving of machine from family room to the passage alcove next to the kitchen (High traffic area) White/blacklist applications or uninstalling them if really bad. Removal or disablement of features. e.g. take out the good display adaptor and leave the poor built in vga. Seizing the computer, backing it up or using one of the forensics linux distros on it, Then reinstalling the factory image. The miscreant then has to reinstall everything under my supervision. 6. "Emergency" Situations are handled on an ad-hoc basis. Screen and Keyboard/Mouse recording when a son was being harassed in social networking, movies sent to providers and harasser's ISP, as well as saved for law enforcement. Stopped the little ~!@#$%^&*() pretty much cold. Changing the wireless password on my seldom on router (we ususally run wired at 1 GB, even the wireless laptops) Visiting the neighbors with unsecured AP's or wireless routers to help them lock *my* guys out of their networks. No wireless poaching allowed! The Internet "Off" Switch. (I have an A/B switch logically the next device after the cable modem. A for Access the net, B for Block/Bitbucket.) 6a. Not only does the A/B switch stop that net game or chat or flash movie that needs to be stopped because it is time to go to school, eat, go out or whatever, but has other emergency use also. 6b. When something bad gets loose inside the firewall, I can disconnect from the net by reaching to the back of my desk and throwing the toggle over to "B". This was really handy, BTW, when my worst offender got an IRC 'bot as the bot herder tried to set up a DDOS against someone. When my alarms went off, I threw the switch and isolated the home from the net. Good thing too, since the +_)(*&^%$#@ bot then attacked the rest of our desktops using the standard $IPC attack tactics. We shut and locked down pronto. Came back up on Linux and USB keys and killed that sucker where it lived in our machines. Lastly, you have to hold on to your trust as well as your temper. Anger and sanctions have their place, to get the kid's attention. But sitting down carefully and explaining why a certain behavior is bad and why is much better than being arbitrary. It is reason son who was being harassed felt that he could appeal to the old man when he was being beaten up electronically. I helped him install the recording software and suggested what he should say as he dealt with the miscreant, to keep my kid out of trouble and point out the bad things the other guy was doing that I never wanted to see or hear about my son doing. Let them grow from the walled back garden of home computing in safety to being ready to enter the workforce and greater community with guidance, expectations and encouragement. We'll all be better off for it. -F.B.I.G.