Difference between FHCs and Meetinghouse Internet?

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
kalebpederson
New Member
Posts: 32
Joined: Tue Jul 31, 2007 9:16 pm

Difference between FHCs and Meetinghouse Internet?

Postby kalebpederson » Tue Apr 21, 2009 9:22 pm

Our stake center has had internet access for quite some time since it was needed for our family history center. We had a PIX installed and the building was wired with CAT-5 cable at that time. If I understand correctly, we were among the first to have one of the PIXs and the internet filtering at that time was nearly unusable. Although I no longer have access to the PIX, I believe that part of the security restrictions were bypassed and that we have full access to the Internet.

What are the differences between the above setup and the Meetinghouse Internet? I can get to gambling.com, which I suppose is a valid test indicating that our PIX is not configured correctly, can anybody confirm this? Lastly, can anybody fill me in on sufficient details so I can keep following up until this is configured correctly.

Thanks.

--Kpederson

User avatar
aebrown
Community Administrator
Posts: 14685
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Tue Apr 21, 2009 9:38 pm

kpederson wrote:Our stake center has had internet access for quite some time since it was needed for our family history center. We had a PIX installed and the building was wired with CAT-5 cable at that time. If I understand correctly, we were among the first to have one of the PIXs and the internet filtering at that time was nearly unusable. Although I no longer have access to the PIX, I believe that part of the security restrictions were bypassed and that we have full access to the Internet.

What are the differences between the above setup and the Meetinghouse Internet? I can get to gambling.com, which I suppose is a valid test indicating that our PIX is not configured correctly, can anybody confirm this? Lastly, can anybody fill me in on sufficient details so I can keep following up until this is configured correctly.


Church policy requires that a firewall be installed and functioning for all Church computers connected to the Internet, whether in a FHC (typically using a PIX) or under the Meetinghouse Internet program (typically using an ASA firewall). This policy is for the protection of all users of these computers, the local leaders, and the Church.

Configuring the networking properly is the responsibility of the Stake Technology Specialist -- I don't know if that is your role or not. In any case, the STS should check out the network and make sure that the firewall is properly positioned between the cable/DSL modem and any computers. If not, the cabling should be adjusted to make that true. If the firewall is in the correct position, but is not providing filtering (and yes, trying to access gambling.com is a reasonable test for that), then that must mean that the firewall has been reconfigured locally in a way that disables the Church's standard filtering configuration. In that case, the STS should work with the Global Service Desk to get the firewall properly configured.

russellhltn
Community Administrator
Posts: 20724
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Tue Apr 21, 2009 11:27 pm

kpederson wrote:If I understand correctly, we were among the first to have one of the PIXs and the internet filtering at that time was nearly unusable.


While I've had a few run-ins with the firewall, it's never been serious. (And I've had the device before the PIX.) I've never felt that it was unreasonable. What kind of problems were you having?

As Alan stated, it's against policy to bypass the firewall.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

kalebpederson
New Member
Posts: 32
Joined: Tue Jul 31, 2007 9:16 pm

Postby kalebpederson » Wed Apr 22, 2009 9:06 am

RussellHltn wrote:While I've had a few run-ins with the firewall, it's never been serious. (And I've had the device before the PIX.) I've never felt that it was unreasonable. What kind of problems were you having?


We contacted them and they indicated that the machines doing the filtering were running way beyond capacity. Hence, they were working correctly but not able to keep up.

--Kpederson

kalebpederson
New Member
Posts: 32
Joined: Tue Jul 31, 2007 9:16 pm

Postby kalebpederson » Wed Apr 22, 2009 9:09 am

Alan_Brown wrote: Configuring the networking properly is the responsibility of the Stake Technology Specialist -- I don't know if that is your role or not. In any case, the STS should check out the network and make sure that the firewall is properly positioned between the cable/DSL modem and any computers.

It's physically positioned correctly and handing out the private IPs / DNS information as it should. I believe that the filtering was disabled or an all-encompassing whitelist was dropped in. I'll follow up with our STS and stake president again.

Thanks.

--Kpederson

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Apr 22, 2009 12:03 pm

kpederson wrote:It's physically positioned correctly and handing out the private IPs / DNS information as it should. I believe that the filtering was disabled or an all-encompassing whitelist was dropped in. I'll follow up with our STS and stake president again.

Thanks.

--Kpederson
??????????? If the Church provided firewall was correctly installed there should be no access to it to disable the filtering or to add a whitelist. All of that is managed by a third party system called WebSense. The only thing someone besides the GSD can do is bypass the device. Of course I am ruling out the possibility that someone has hacked the device.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

kalebpederson
New Member
Posts: 32
Joined: Tue Jul 31, 2007 9:16 pm

Postby kalebpederson » Thu Apr 23, 2009 8:33 am

jdlessley wrote:??????????? If the Church provided firewall was correctly installed there should be no access to it to disable the filtering or to add a whitelist. All of that is managed by a third party system called WebSense. The only thing someone besides the GSD can do is bypass the device. Of course I am ruling out the possibility that someone has hacked the device.


The stake technology specialists, which included myself at the time, were provided instructions that included the enable password for the PIX. So we did have full access to change it, including the remote management features. As I was released shortly thereafter, I'm not sure to what extent its configuration may have been changed.

--Kpederson

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Thu Apr 23, 2009 10:37 am

kpederson wrote:The stake technology specialists, which included myself at the time, were provided instructions that included the enable password for the PIX. So we did have full access to change it, including the remote management features. As I was released shortly thereafter, I'm not sure to what extent its configuration may have been changed.

--Kpederson
Some time ago units had the option of selecting the default failure mode of the filtering software of the PIX for internet access to either "full access" or "no access". That has been standardized to "no access". It is possible your PIX is set to "full access".

The best course of action is for the stake technology specialist to contact the GSD and have them check the configuration of the PIX. Even if someone has the capability to reconfigure the PIX (has the password) the management of the PIX is done at Church headquarters for a variety of reasons.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

elgaucho-p40
New Member
Posts: 1
Joined: Tue Apr 28, 2009 3:20 pm
Location: Sherwood, OR, USA

Postby elgaucho-p40 » Tue Apr 28, 2009 3:27 pm

When trying to login to http://new.familysearch.org I am blocked by the firewall. The regular familysearch.org site works fine as does the lds.org main site. Who is the right person to talk to in order to have new.familysearch.org whitelisted?

User avatar
aebrown
Community Administrator
Posts: 14685
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Tue Apr 28, 2009 3:40 pm

elgaucho wrote:When trying to login to http://new.familysearch.org I am blocked by the firewall. The regular familysearch.org site works fine as does the lds.org main site. Who is the right person to talk to in order to have new.familysearch.org whitelisted?


The Stake Technology Specialist is responsible for all such issues in the stake. He should know what type of firewall is installed with what filtering level. He can consult with the Global Service Desk regarding specific problems.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest