wireless access policy for meeting house ?

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
KenRichins
Member
Posts: 189
Joined: Mon May 07, 2007 5:07 pm
Location: Live Oak, California, United States

wireless access policy for meeting house ?

Postby KenRichins » Wed Jun 11, 2008 11:41 am

We are looking for opinions and or resources for developing our stake wireless access policy. Who should be granted access. why and how to give or approve access. any and all opinions are desired.

I have looked every where and can find NO guidline from Salt Lake except that the Stake President is responsible. That being true how do we help him understand what is needed and the risks involved with each access given.

How often should passphrases be changed?

Please help!!

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Jun 11, 2008 12:09 pm

KenRichins wrote:We are looking for opinions and or resources for developing our stake wireless access policy. Who should be granted access. why and how to give or approve access. any and all opinions are desired.

I have looked every where and can find NO guidline from Salt Lake except that the Stake President is responsible. That being true how do we help him understand what is needed and the risks involved with each access given.


You're right that there is no guideline. In my opinion, Church Headquarters is wise in leaving this decision to the stake president; there are so many variables and different situations that CHQ would be criticized for being too lax or too restrictive if they set one policy for the whole church.

Here is what our stake has decided:
  • At the stake level, the stake presidency, clerks, and executive secretaries know the wireless key.
  • At the ward level, the bishops were given the wireless key that works in their building. Bishops may choose to tell their counselors, clerks, and executive secretaries.
  • Disclosure of the wireless keys to anyone else requires stake president approval on a case-by-case basis.
Thus far, we have had zero requests outside the initial approval list in the 3 months we have had wireless in the stake center. The other two buildings have had it only for one month. So it's a bit early to tell, but I suspect that the policy is about right and that we will have a few, but not too many requests for exceptions.

The trick, of course, is to grant access to those who can and will use the access to help move the Lord's work forward, and who will maintain proper confidentiality. Letting the key be known too broadly will result in abuse, and will make it somewhat inevitable that knowledge of the key will come to those who will use it for non-Church purposes.

KenRichins wrote: How often should passphrases be changed?


We don't have a specific plan on this. Every time you change the key, you have to disseminate the information about the new key, which has to be done rather carefully so that the dissemination is secure. If we have reason to believe that the confidentiality of the key has been compromised, we will change it. I doubt that we will change it until then.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Jun 11, 2008 1:32 pm

I agree with Alan_Brown.

Our stake just created our first internet use policy (attached) last week. We will distribute hard copy to all units and leaders this coming week. We started out with a tight grip on control. We feel it is wiser to start this way and loosen up if conditions warrant. Our policy was developed using the Church's "Family History Center Internet Use Policies" (attached) as a guide and before the capability to have our own SSID and WPA key was announced by Joe Russell.
russellja wrote:We just received some new information.

LDSAccess and Moroni do not work well together on the same access point. Moroni uses WEP encryption and LDSAccess uses WPA encryption. This causes a lot of wireless networking problems. We are fixing this by removing both moroni and LDSAccess from the access points and replacing them with a new SSID. Please call the GSD and they will escalate you to OTSS to have the access point configured.

You will be able to choose an SSID and WPA key for your site. Keep in mind this is only for sites with church-supported Cisco Aironet access points. These may be in sites that have a FHC or FM office.

Joe Russell
OTSS


Not mentioned in our internet use policy is that when the stake president approves an individual for access to the CCN and the stake technology specialist installs the WPA key he will also record the individual's name and pertinent information as well as the computer's (network card's) MAC address. Having the MAC address will permit better control of who can or cannot have access (MAC address filtering).

Currently in our stake only the stake center building with the three resident wards have access to the internet through the wireless network. We are going to see how that works for a few months before we permit two other wards with collocated CCNs wireless access to the internet.

We want to have a good measure of issues before the Church permits meeting house internet in our area. We are still pondering the issue of providing and controlling hardwire connection ports.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Jun 11, 2008 1:41 pm

I forgot to mention that the stake president approves each individual case by case. He doesn't think there will be many people asking for access because of the limitation to ecclesiastic work. Based on what I have seen in some threads in these forums I am wondering if that will be true once the word gets out.

I was pushing for a list of callings to be approved before hand and the case by case approval for all others. We will see how it goes.

russellhltn
Community Administrator
Posts: 20773
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Jun 11, 2008 2:44 pm

For those of you have have published your policy, can you also tell us what access has been set up? I wouldn't mind giving everyone access if the available sites were restricted to LDS only. That way every quorum and auxiliary has access to the ward and stake websites during their meetings.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Jun 11, 2008 3:05 pm

RussellHltn wrote:For those of you have have published your policy, can you also tell us what access has been set up? I wouldn't mind giving everyone access if the available sites were restricted to LDS only. That way every quorum and auxiliary has access to the ward and stake websites during their meetings.


In the two buildings we have with FHCs, we have the standard FHC Internet access that controls what web sites are accessible. As far as I know, we have no other option in those buildings. That access of course is much broader than LDS Restricted Access. I don't know how it compares to LDS Extended access, but I imagine it is quite similar, if not exactly the same.

In the one building connected under the Meetinghouse Internet option, our stake president selected LDS Extended access. This option is defined officially as "LDS Extended Access—Blocks known inappropriate material (for example, pornography, weapons information, hate sites, and other known offensive content) but could be more susceptible to misuse."

And by the way, there is no "LDS only" access option. The most restrictive option is LDS Restricted Access, which is officially described as "LDS Restricted Access—Allows access only to Church-sponsored Web sites (for example, www.lds.org, www.mormon.org) and Web-mail sites." Note that this includes Web-mail sites, which is somewhat vague, but if it includes Yahoo, for example, then there may be a lot of content available on those sites that is certainly not LDS. There are dozens if not hundreds or thousands of Web-mail sites -- I have no idea how inclusive that description is.

russellhltn
Community Administrator
Posts: 20773
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Jun 11, 2008 5:34 pm

Alan_Brown wrote:In the two buildings we have with FHCs, we have the standard FHC Internet access that controls what web sites are accessible. As far as I know, we have no other option in those buildings.


I know. And that's going to be an issue. I wonder if the church would allow us to get a second firewall to have "dual-zones".


Alan_Brown wrote:"LDS Restricted Access—Allows access only to Church-sponsored Web sites (for example, www.lds.org, www.mormon.org) and Web-mail sites." Note that this includes Web-mail sites, which is somewhat vague, but if it includes Yahoo, for example, then there may be a lot of content available on those sites that is certainly not LDS. There are dozens if not hundreds or thousands of Web-mail sites -- I have no idea how inclusive that description is.


Good point. Still, I wonder how big a problem it would be. The benefit may outweigh the potential abuse.

User avatar
Mikerowaved
Community Moderators
Posts: 3132
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Wed Jun 11, 2008 5:56 pm

jdlessley wrote:Not mentioned in our internet use policy is that when the stake president approves an individual for access to the CCN and the stake technology specialist installs the WPA key he will also record the individual's name and pertinent information as well as the computer's (network card's) MAC address. Having the MAC address will permit better control of who can or cannot have access (MAC address filtering).

Don't put too much faith in MAC address filtering as it's not very difficult to circumvent.

jdlessley wrote:We are still pondering the issue of providing and controlling hardwire connection ports.

The simplest way is to unplug any unused ports from their switch, which is stored in a secure closet somewhere. They can easily be activated on an as-needed basis.

RussellHltn wrote:I wonder if the church would allow us to get a second firewall to have "dual-zones".

It would not be hard to setup a 2nd firewall on your own with off-the-shelf gear and limit access to those machines behind it to sites of your choosing.
So we can better help you, please edit your Profile to include your general location.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Jun 11, 2008 5:59 pm

jdlessley wrote:I forgot to mention that the stake president approves each individual case by case. He doesn't think there will be many people asking for access because of the limitation to ecclesiatic work.




The term "ecclesiastic" seems a bit unusual -- it could be restricted to administration by leaders, but I think you simply mean "Church work." If so, there are abundant options:
  • Any Family History class, whether it be for Sunday School, Priesthood, Relief Society, or youth.
  • A RS Enrichment course on any of the topics at providentliving.org
  • A 5th Sunday lesson on using Ward/Stake web sites
  • A Scout merit badge class on any number of topics that involve Internet resources
  • Any lesson that might include a video or audio clip played from lds.org or byubroadcasting.org
  • A building scheduler accessing the resources on LUWS; for that matter, any auxiliary leader, activities committee, etc., researching scheduling options
  • A welfare committee using any of the Helps for Leaders on providentliving.org
  • and on and on and on -- I didn't even slow down, and I have plenty more ideas
jdlessley wrote:Based on what I have seen in some threads in these forums I am wondering if that will be true once the word gets out.


I think it will start slowly, but as people catch the vision of the resources available online, it will accelerate. Almost every time I talk to someone about the tremendous effort the Church has put into posting helpful information online, they express surprise and say they had no idea there were such great resources on Church web sites. There are even some people who haven't heard of LDS Tech! ;)

russellhltn
Community Administrator
Posts: 20773
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Jun 11, 2008 8:10 pm

Mikerowaved wrote:It would not be hard to setup a 2nd firewall on your own with off-the-shelf gear and limit access to those machines behind it to sites of your choosing.


Yeah, but then I'm stuck managing it. I'd prefer to go with a church standard and let them deal with the list.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest