WI-FI Passwords

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#11

Post by jdlessley »

MerrillDL wrote:If a different SSID is used, then the authentication information should be managed by the ward/person who setup the device. However, the password/encryption information should be given to the STS because he is the steward for MHI.
I would expect that if anyone other than the STS or FM representative is installing or configuring any Internet or networking equipment they are doing so under the STS direction and guidance. Doing otherwise is not in accordance with Church policies and guidelines.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
SheffieldTR
Community Moderators
Posts: 145
Joined: Wed Apr 04, 2007 12:44 pm
Location: Utah, USA

#12

Post by SheffieldTR »

MerrillDL wrote:If you have a Cisco PIX 501 or Cisco ASA 5505 and are using either the Aironet 1200 or the newer 1041 Access Points, you can call the GSC to change the LDS Access password for that location.

If you have the 881w firewall, you are restricted to the default LDSAccess password. The password policy is set globally for the 881's.
.

I am not sure why you would want to do this. The whole point of having LDSAccess is so that those who do travel from location to location will "always" have the ability to get online through this connection. If you have LDSAccess IMO you should leave it alone. If you or your stake president wants to change passwords on your wireless connection then have your own SSID in the building that you can control. When the LDS Account authentication comes out then that worry should go away as well. But from my perspective, don't be changing LDSAccess or why even have that SSID? It just teases those who might need it.
Troy
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#13

Post by jdlessley »

SheffieldTR wrote:I am not sure why you would want to do this.
There are many threads discussing the issues of too many users hogging bandwidth, but most importantly using up available IP addresses. For those with DSL, especially lover speed connections, bandwidth in addition to unavailable IP addresses is a major headache. Limiting access ensures access for administrative computers and leaders who need it and who should have priority. For units using wireless to connect administrative computers to the Internet, the availability, or lack thereof, is more than just an inconvenience.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#14

Post by russellhltn »

SheffieldTR wrote:If you or your stake president wants to change passwords on your wireless connection then have your own SSID in the building that you can control.
How do we do that?
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
lajackson
Community Moderators
Posts: 11460
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

#15

Post by lajackson »

RussellHltn wrote:How do we do that?
I think to do that you would also need your own equipment. Which would invite a whole different slew of problems and policy difficulties.
KeithWilson
Member
Posts: 94
Joined: Tue Jun 08, 2010 10:01 pm
Location: Utah County, USA

#16

Post by KeithWilson »

We ended up keeping the SSID (which is not LDSAccess) and I just changed the password, as we always do at General Conference weekend.

My original post was asking if I should change the SSID to LDSAccess and the standard password all modern buildings use. My intent was only to make it easier when the change to modern updated hardware happens. Currently all our buildings have the Cisco ASA, and off the shelf Linksys wireless access points. Because I am the STS, I can change the SSID and Password at the Stake Presidents discretion.

It's clear our stake won't be moving to the new hardware until it's needed, so I will continue with the setup as is, until our FM group makes the change. If a visiting authority comes, I will just give him the SSID and Password. It's not that hard.
CollinsMG
New Member
Posts: 5
Joined: Sun Dec 27, 2009 11:03 am
Location: Orem, Utah, USA

Re: WI-FI Passwords

#17

Post by CollinsMG »

I had an interesting experience this weekend.

When I turned on my mobile phone I saw a message stating that someone on the LDSAccess WiFi had tried to attack my phone and it dropped my access to LDSAccess.

As you know LDSAccess is available at almost all LDS chapels and other locations.

Many members set their phones id tablets up to access the internet through LDSAccess.

It is a big convenience having the password is the same in all buildings so that members can use the network no matter what building they are in.

But, as I discovered over the weekend, this is a HUGE security hole.

The password is well shared online. Anyone that even tries to look will find it. For example: [link removed]

But this is not the biggest security risk.

This weekend someone was moving slowly through my neighborhood with a WiFi router that was set to use LDSAccess and the default password. My cell phone connected to that router and the person then attempted to attack my phone. I WAS LUCKY. My phone stopped the attack and remove LDSAccess from my valid WiFi connections. But anyone that has set up their phone, table or even a Laptop that is set to use the Church’s network is at risk of getting attacked.

Somehow the Church needs to protect against this type of attack. And I don’t know how they can do it. One way is to change the password and not let everyone know it, but that is not a real solution.

The problem comes from having a SSID and password that is known to anyone that cares to look. And this is a very dangerous situation for every member with a mobile device.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: WI-FI Passwords

#18

Post by russellhltn »

CollinsMG wrote:The problem comes from having a SSID and password that is known to anyone that cares to look. And this is a very dangerous situation for every member with a mobile device.
Which means it's NOT the church's problem. It could just as easily be Starbucks, twc, the local school or any other public system. It's going to be up to the OS and handset makers to figure out a solution.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
Mikerowaved
Community Moderators
Posts: 4734
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Re: WI-FI Passwords

#19

Post by Mikerowaved »

This type of bogus access point is often called an Evil Twin and like Russell pointed out has been a problem for a LONG time with users of open WiFi connections. While the church's WiFi is not technically "open", as you mentioned, it may as well be.

BTW, in keeping within the guidelines of the forum, I removed the link you had provided.
So we can better help you, please edit your Profile to include your general location.
CleggGP
Church Employee
Church Employee
Posts: 118
Joined: Mon Jul 28, 2014 1:55 pm

Re: WI-FI Passwords

#20

Post by CleggGP »

KeithWilson wrote:Currently all our buildings have the Cisco ASA, and off the shelf Linksys wireless access points.
If the existing meetinghouse router is the Cisco model Pix 501 or ASA 5505, it is highly recommended that the router be replaced (current Cisco model is the C881, which FMs can order). LDSACCESS is the default (and preferred) wireless SSID for meetinghouse networks, with the common password set by the Church. Specific controller-based Cisco WAPs are recommended for use in meetinghouses; most use Cisco model 1041N WAPs, while others use a combination of Cisco 1041N and 701i WAPs (the 702i is the current dual-band model that FMs can order). But if commodity WAPs are installed in a meetinghouse, please follow these guidelines.
Post Reply

Return to “Meetinghouse Internet”