Managing Control of Unit Wireless Installs

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
lagreen08-p40
New Member
Posts: 1
Joined: Wed Aug 26, 2009 8:05 pm
Location: USA

Managing Control of Unit Wireless Installs

Postby lagreen08-p40 » Wed Aug 26, 2009 8:53 pm

So far as I can tell there a few options to managing wireless access in a unit.

Understood = Stake President accepts responsibility for the control process

Options:
OPEN
PRO - Easy, WAY TOO EASY
CON - Not a good choice
Use LDS Access (same as in church operations facilities like welfare)
PRO - Easy to deploy with SLC help
CON - Password distribution is difficult to control
Use locally managed procedure such as MAC address filtering
PRO - strong local control going through Stk Tech Spec.
CON - Labor intensive and limited to number of storable address slots

Suggestion (probably already addressed - but where?)
Use LDS Account
Look how hotels receive guest connection requests and redirect the connection request to a Usage Terms and Conditions screen (a good reminder of conduct expectations). User must then accept terms before proceeding further in the redirect process. Log in using their LDS Account password which should be user specific, church managed, with recovery options available.

A MAC address can be trapped, along with the login ID. Make standardized usage reports available to the Tech Specialist to help the Stake President address misuse issues. (Odd instances of multiple MAC address per user name, inappropriate destinations, etc...)

Just an idea in VERY rough form from a non-technical servant.

russellhltn
Community Administrator
Posts: 20775
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Aug 26, 2009 9:04 pm

The way it's supposed to be done is with WPA or WPA2 and the password is distributed in accordance to the stake president's policy.

Linking to LDS Account would be nice, but that would have to be figured out by CHQ. It's not practical for a stake to do.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Aug 26, 2009 9:26 pm

Maybe I am thinking of your suggestion wrong but wouldn't using LDS Account to gain access to a wirelss connection be a catch 22. You couldn't get the connection unless you already had a connection to login.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Aug 26, 2009 10:06 pm

lagreen08 wrote:Use LDS Access (same as in church operations facilities like welfare)
PRO - Easy to deploy with SLC help
CON - Password distribution is difficult to control


This is not an option. The LDSAccess profile cannot be deployed to regular routers and wireless access points -- it is designed for Cisco hardware only (I think it is even specific to the Aironet WAPs). It is appropriate, even preferred, for buildings that have an official FHC with a Church-managed firewall and access points. But when a stake purchases its own hardware for wireless access, the Global Service Desk will not manage the security -- that is the responsibility of the stake technology specialist.

lagreen08 wrote:Use locally managed procedure such as MAC address filtering
PRO - strong local control going through Stk Tech Spec.
CON - Labor intensive and limited to number of storable address slots


As was mentioned, the requirement is for at least WPA security. This is managed by the stake technology specialist. There is no rule for or against MAC address filtering, but as you said, it is labor intensive.

User avatar
Mikerowaved
Community Moderators
Posts: 3132
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Wed Aug 26, 2009 10:27 pm

Alan_Brown wrote:There is no rule for or against MAC address filtering, but as you said, it is labor intensive.
...and almost pointless with the easy ways it can be bypassed.
So we can better help you, please edit your Profile to include your general location.

russellhltn
Community Administrator
Posts: 20775
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Aug 26, 2009 10:29 pm

jdlessley wrote:Maybe I am thinking of your suggestion wrong but wouldn't using LDS Account to gain access to a wirelss connection be a catch 22. You couldn't get the connection unless you already had a connection to login.


I think he's talking about doing it like a hotel would. The connection is "open" but all you'd get is a sign in screen until you've been validated.

There's two problems. The first is one would have to set up such a system. I'm not sure of the difficulty. At minimum you'd have to stick with specific brands of access points and flash custom software.

The second problem is that you'd need a way of validating the LDS Account. Right now there are no APIs for doing so.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

james_francisco
Member
Posts: 76
Joined: Thu Feb 08, 2007 9:42 am
Location: Arizona
Contact:

Postby james_francisco » Fri Aug 28, 2009 11:23 pm

In a new building why have wireless access at all? I'm in the process of provisioning a 16224 sq. ft. Chapel (Full chapel, not a stake center.) that should have between 25 and 29 network jacks throughout the facility. Right now I can't think of a case where I would want to have wireless in that building. Some might ask about Family History classes. The ward can get a 10/100 ethernet hub for ~$20 and some cable and set it up on a work table in the classroom for the class to sit around with their computers.

russellhltn
Community Administrator
Posts: 20775
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sat Aug 29, 2009 12:18 am

James_Francisco wrote:In a new building why have wireless access at all?


Depends on the application. In a meeting (PEC, Presidency, etc) it's nice to allow everyone to have their laptops or PDAs.

It's also hard to anticipate every need. Perhaps a display booth in the cultural hall. Or maybe a small thing in the foyer.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Sat Aug 29, 2009 12:45 am

James_Francisco wrote:The ward can get a 10/100 ethernet hub for ~$20 ...
Why use a hub when the cost differential between a hub and a switch is negligible? Using a switch does not have the same negative affects on bandwidth as hubs have.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Sat Aug 29, 2009 12:48 am

James_Francisco wrote:In a new building why have wireless access at all?
Because that is what the bishop/branch president or stake president wants; the device connecting does not have a wired port; the leaders using the network do not want to be tethered; not all locations in the building have wall ports ...
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 2 guests