I wear many hats when it comes to networking: helicopter father, policy enforcer, hallway monitor and many others. I could dedicate many pages to the challenge of setting what constitutes "appropriate internet use" but for today, I'd like to focus on ways to make your network router the bad guy. That's right, let a nameless piece of hardware be the bearer of bad news when individuals wander outside of the allowed category, or if they are hogging the bandwidth or even just overtime on how long they are online.
STEP 1: CREATE GROUPS OF USERS
Not all users have the same needs or limitations. Home-based businesses typically have five groups: 1) business, 2) adults, 3) teenagers, 4) youngsters and 5) clientless devices. An example of a clientless device would be an AppleTV, an IP camera or other device that is internet connected but is more of an appliance than a user. In larger organizations, work at creating the least number of categories while still allowing for enough granular control of who gets to see what.
STEP 2: SET A POLICY FOR EACH GROUP
Once you have your groups, create a simple ruleset to a priority on network access and where that group is allowed to go on the network. Be reasonable in what you are blocking or limiting and have a good reason as to why you are saying no. It helps for a home-based business to be able to say "work wins over anything else because that's what pays for the streaming service AND the popcorn."
STEP 3: SETUP YOUR ROUTER AS THE BAD GUY
If you are lucky enough to have both a good secure router and a techy helper, this is as easy as supplying this person with the list of the users along with their devices, and which group they belong to. In the absence of good hardware and someone to set it up, you will need to do some homework. The best solution is a UTM or unified threat management router that does everything from content filtering to blocking malware. One of the lowest priced ones I've discovered is Sophos XG. If your budget doesn't allow for it, you can try other solutions like OpenDNS or Sophos Home Edition, both free solutions. You will have to work a bit harder to get these going but no one said free would be easy.
STEP 4: MONITOR, MEASURE AND ADJUST
As a standard tech type, you need to track your solutions to see if they are working as intended. I generally find that over time, the policies evolve once we see what the issues are, and then tune them to be sure everyone can do what they need to do without being too much of a barrier. Include discussions with your users, whether it is your family or your coworkers. Be sure what you think is happening is happening. Never underestimate the people accessing your network: if the rules are overly burdensome, they will find a way around them or make your life as miserable as you are making theirs.
Once you have your router as the bad guy, things get simpler fast. I have this setup to ensure my business traffic is unthrottled while keeping my kids internet use appropriately managed. I don't need to worry about my young son picking up his iPad and seeing age-inappropriate content. My teenagers also know they have a limited amount of time and bandwidth each week so they self-manage their Neflix habits. The effort you put in upfront will more than pay off down the line. If you are having trouble getting this done, don't be afraid to ask someone for help. You can imagine this type of setup is common as it works from the most basic home user to a larger business.
So the next time you are getting the hairy-eyeball for having to talk to someone about their network habits, try these four steps.