This layer includes Internet modems, firewalls, network devices as well as televisions, game consoles, and streaming devices. It may seem more complex, but the solutions here fall into two categories: device settings and external hardware.

This zone will discuss adding additional hardware to the network edge but will also detail the need of proper controls for every device on the network, including game consoles (which often can be configured with their own web browsers or YouTube apps). SmartTVs may represent a large vulnerability if included to on the network, as they often offer few internal controls.

The following links revolve around the individual devices that are commonly attached to home networks. Some have sufficient controls, some have next to none. The inclusion of these devices should not be viewed as an endorsement or a comment on various types of entertainment, whether positive or negative.

• [https://support.google.com/googletv/answer/10070481?hl=en|GoogleTV Parental Controls]] - Older Chromecast dongles would only only stream from a phone or computer. They would do nothing by themselves. The new version appears to attach to GoogleTV as well. This allows many different “television” channels to stream in for free, as well as any subscription to live (network) television through YouTubeTV. Once, this device solved a lot of problems, as the possibly parents' telephone would be the only device with Netflix loaded. Now it brings in it's own channels. GoogleTV (and therefore Chromecasts) have some form of Parental Controls. To lock it entirely, simply create a single profile (rather than having one for each person) and put a PIN code on it. Or create two profiles, one with allowable content and no PIN code. Use an external hardware device to control the daily access schedule (or pause its access completely).
• AppleTV - The AppleTV has some parental controls, but they primarily revolve around installing new apps. While this is good, any apps installed will work without requiring additional codes. The VidAngel app can install natively to AppleTV and may serve as an intermediary between the viewer and apps like Netflix, Amazon, or Apple TV+. Control the daily access schedule to the AppleTV (or disable its access altogether) with an external hardware device.
• Amazon Fire TV - Turn on the parental controls and follow additional guides with current dates (such as this one). With the Fire TV, there is some functionality that intends to put a PIN on individual app launches, but your mileage may vary. Use an external hardware device to manage schedules or disable the Internet access to the Fire TV entirely.
• Roku - Remove all channels that are unwanted. Set a PIN, then hide the Roku channel as well as the movie and TV store. Use an external hardware device to manage schedules or disable Internet access to the Roku entirely.

• Nintendo - Probably the best parental controls. Smartphone app based. Of all the manufacturers, Nintendo seems to respect the parents the most.
• Xbox - Xbox has some family controls, similar to the Microsoft Family Safety. Remember that most consoles have the ability to add a web browser and/or a YouTube app.
• Playstation - As with the Xbox, many of the Playstation parental controls restrict games based upon age recommendations. Remember that most consoles have the ability to add a web browser and/or a YouTube app.

• Built-in (Static) Apps - Many televisions today come with the ability to connect to WiFi (or network via an Ethernet cable). Some of these units sometimes have the Roku functionality built in, but others use their own system and include direct apps for Netflix, Amazon Video, Hulu, HBO and other providers. While this might appear convenient at first, these built in apps have little if any control features and can provide unmonitored access to these entertainment services - particularly if a separate streaming box in front “hides” them. I recommend disabling network access on the television if possible and using a separate box that can be better controlled, if nothing else than to cut down on access points.
  1. Consider attaching the television BRIEFLY to the network so that the firewall or Circle can capture the MAC address. A MAC address is the unique hardware “serial number” of the device.
  2. Use the Firewall or Circle to disable the Internet access for the television or move it into permanent network quarantine.
  3. Disconnect the television and delete the networking configuration (so that it cannot reconnect without the WiFi password.
  4. This disconnects the television and should it, for whatever reason, get reconnected, the Internet is already disabled by the external hardware device.
• Downloadable (Dynamic) Apps - Some smart televisions have the ability to add “apps” or channels to their homescreen. These types might be more usable from a control perspective if paired with an external hardware device. In general, pick ONE way to access these data streams - either use the television exclusively or use a streaming device exclusively. Switching between the two will cause confusion and potentially a “gap.”

Due to the lack of sufficient Parental Controls in most commercial devices, adding access control and access scheduling capabilities will require an additional device. These external hardware devices plug into the network and should be placed in a hard to access location, such as the Master Bedroom Closet. In fact, it is a good idea to physically control all network devices so that they cannot be temporarily disabled.

• Firewalla - Firewalla offers several levels of firewall devices at different price points. Generally, they all include the basic functionality needed to control access to the Internet. Groups of devices may be created that have different rules, schedules, and access types. All new devices that appear on the network will be added to the “quarantine” group without any Internet access. This provides quite a bit of peace-of-mind, knowing that no misplaced old device will be used secretly. The filtering is moderately good, but the Firewalla devices have the ability to place groups or single devices into a paused state or a white-list only state. Smartphone app controlled with a fairly easy interface.

• Circle - Easy to add and inexpensive, the Circle does some filtering (but not comprehensively). It shines on it's ability to enforce schedules on network access and “pause” the Internet for devices, groups, or everything. Easy to use parental app. It even has a battery backup to continue working if unplugged or in a power failure. Does not need a wired connection, so it may be hidden out of reach of children. May be paired with VPN / Aura tools for enforcement outside of the bounds of the network. Please note: Some of logging capability is limited through the VPN. Maybe discontinued, but still available as refurbished devices on Walmart.com
• Bark Home - The Bark Home device does NOT require a subscription to Bark for a one-time cost. This device may very well be the replacement for the Circle. If so, it likely should be paired with the Bark security platform on the devices as well (subscription service). I have not personally used this product yet, but will order one when possible.

2023 - Cornerstone Baptist Church - Findlay, Ohio

• 2: Practice
• 3: Personal
• Presentation 4 - The Perimeter
• 5: Pathways