If you could protect your whole network from malware, adware, porn and other web sites that should not ever be viewed by employees or children, wouldn’t you do it? What if I told you that you can, and you don’t even have to install any software anywhere in your network? I usually go by the old adage that if it sounds to good to be true, it probably is. This is one time where that’s not true.
My secret weapon is called OpenDNS. I use pfSense firewall at home and I also have installed this great freeBSD based firewall at three other customer’s sites. Although the ISP for each of these sites supply their own DNS server, I do not point the firewall to their DNS. I simply set the DNS server address on the General Setup page to point to
Using OpenDNS does not really slow things down in any way (not that anybody can truly notice anyway). Also, OpenDNS is introducing a free service to protect you from the Conficker worm. Read this post from The Register to see all of the details. Go on and create yourself an account on OpenDNS. You’ll be able to do filtering based on 27 categories. The service you get for free from these guys is top notch.
Update: Looks like has just published a very concise page about the Conficker worm and how to deal with it. Check it out at http://technet.microsoft.com/en-us/security/dd452420.aspx
Update (Feb. 10): Looks like OpenDNS official blog has more information about their new feature.