Since you didn't mention that the meetinghouse firewall protects against inappropriate content, I wonder if you are assuming that it performs only traditional firewall functions. But just to be clear, the meetinghouse firewall does indeed provide filtering against inappropriate content, which also includes many security risks. Of course, if you want additional content protection, you are welcome to add it (as RussellHltn said), but you should start by understanding the capabilities the firewall already offers.sjager wrote:We use a layered approach to desktop security, The Firewall helps with protecting the desktop from intrusions and helps to block or allow network traffic. We also use additional tools for filtering to help protect against inappropriate content/use, as well as security risks. Church Headquarters is also tracking internet usage.
LDSAccess Security Provisions
-
aebrown
- Community Administrator
- Posts: 15153
- Joined: Tue Nov 27, 2007 8:48 pm
- Location: Draper, Utah
Questions that can benefit the larger community should be asked in a public forum, not a private message.
-
JamesAnderson
- Senior Member
- Posts: 773
- Joined: Tue Jan 23, 2007 2:03 pm
And the filtering is very good. Had a good experience with it tonight at an FHC where I'm posting this from after mistyping a FamilySearch subdomain URL and the domain name was what was mistyped. It blocked that, presumably it was possibly a malware spreader site. However, the block notice page looks like it was poorly formatted so it could use some housekeeping to make it look better.
-
carljokl
- Member
- Posts: 151
- Joined: Fri Jun 20, 2008 12:09 pm
- Location: London, UK
- Contact:
It remains to be seen now what the Bishop decides to do as regards allowing any members to use LDS Access. Some individuals have already commented in the past about they would like to be able to use some material in their lessons. The ward as a whole is not aware of the change. It would not surprise me though if the bishop says no or deems it too risky. The fall back position would involve disconnecting the access point and only connecting it during times when some kind or training session was running for which it was needed.
I don't see it as a particular risk to mention the changeover on here given that I don't know of anyone else in the ward who knows about this forum exists let alone uses it and I think the SSID of the wireless network would be noticed sooner. As I mentioned, if there is a problem the wireless can be disconnected.
I don't think that the fear of the Internet being a distraction is likely to be the larger issue in my mind or at least banning it completely on that basis. There is already a reverence problem in the ward. A number of the youth are already playing with mobile devices during sacrament meeting. Things like iPods and Smartphones are tricker because many use them at church for scriptures and manuals. However there are a number who play on their Nintendo DS's through the Sacrament Meetings. I am not saying that the Internet is not a potential distraction but if distractions are to be tackled there are existing ones which need to be addressed. Also I am not suggesting that Internet access be given out to everyone (though I accept that the password could be found out).
I see the bigger concern being that of inappropriate content. There was an incident a number of years ago in the ward regarding that. I was not in the ward at the time that happened. From a technical point of view the problem related to someone using one of the Church provided computers and not someone who was meant to be using either MLS or the FHC but one of the computers must have been left logged in and unattended. The fact that someone left a computer logged in and unattended was an issue and windows can be set to require login after the computer has been left idle which probably would have prevented this. Strictly speaking due to the technical nature of what happened I am not sure that things have changed much in the way to prevent that happening if someone was careless and left a computer logged in and unattended for a length of time (I will check the login after screensaver settings). Having password protected wireless has similar strengths and weaknesses i.e. the Wireless is password protected but if someone is careless with the password the security is undermined.
One aspect of LDSAccess I am not sure about is whether the password is able to be changed if needed on a unit by unit basis. All the LDSAccess enabled Church buildings I have used have all had exactly the same password. Some people have mentioned adding additional security measures. I wonder what additional measures you are using or had in mind? Adding extra filtering on client computers for example is only effective on the Church provided equipment and cannot be enforced if individuals use their own computers. Due to the centralised nature of the security I don't know about the ability to add extra custom filtering configuration to the Cisco unit for example or to configure the system with MAC address filtering (at least not locally).
It is a difficult balancing act with many benefits if the internet can be used constructively but dangers if it gets abused.
I don't see it as a particular risk to mention the changeover on here given that I don't know of anyone else in the ward who knows about this forum exists let alone uses it and I think the SSID of the wireless network would be noticed sooner. As I mentioned, if there is a problem the wireless can be disconnected.
I don't think that the fear of the Internet being a distraction is likely to be the larger issue in my mind or at least banning it completely on that basis. There is already a reverence problem in the ward. A number of the youth are already playing with mobile devices during sacrament meeting. Things like iPods and Smartphones are tricker because many use them at church for scriptures and manuals. However there are a number who play on their Nintendo DS's through the Sacrament Meetings. I am not saying that the Internet is not a potential distraction but if distractions are to be tackled there are existing ones which need to be addressed. Also I am not suggesting that Internet access be given out to everyone (though I accept that the password could be found out).
I see the bigger concern being that of inappropriate content. There was an incident a number of years ago in the ward regarding that. I was not in the ward at the time that happened. From a technical point of view the problem related to someone using one of the Church provided computers and not someone who was meant to be using either MLS or the FHC but one of the computers must have been left logged in and unattended. The fact that someone left a computer logged in and unattended was an issue and windows can be set to require login after the computer has been left idle which probably would have prevented this. Strictly speaking due to the technical nature of what happened I am not sure that things have changed much in the way to prevent that happening if someone was careless and left a computer logged in and unattended for a length of time (I will check the login after screensaver settings). Having password protected wireless has similar strengths and weaknesses i.e. the Wireless is password protected but if someone is careless with the password the security is undermined.
One aspect of LDSAccess I am not sure about is whether the password is able to be changed if needed on a unit by unit basis. All the LDSAccess enabled Church buildings I have used have all had exactly the same password. Some people have mentioned adding additional security measures. I wonder what additional measures you are using or had in mind? Adding extra filtering on client computers for example is only effective on the Church provided equipment and cannot be enforced if individuals use their own computers. Due to the centralised nature of the security I don't know about the ability to add extra custom filtering configuration to the Cisco unit for example or to configure the system with MAC address filtering (at least not locally).
It is a difficult balancing act with many benefits if the internet can be used constructively but dangers if it gets abused.
There are no problems, only solutions.
-
russellhltn
- Community Administrator
- Posts: 34511
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
As you've noted, we already have Internet in all our chapels - at least for those members who are able to afford the data plan for their smart phones. I see Meetinghouse Internet as extending the benefits to those members who cannot afford it. Mostly to the leaders for quorums and auxiliaries during their presidency meetings, but there may advantages for the general membership as well.
It would most likely have to involve yet another box between the access point and the church firewall. That way all wireless connections get additional filtering without installing anything additional on the clients.
I'm keeping an eye out for a good solution myself. I dislike having to use a regular computer for that task. I'd prefer if it was an "appliance box" that could be left on at all times.
carljokl wrote:Some people have mentioned adding additional security measures. I wonder what additional measures you are using or had in mind?
It would most likely have to involve yet another box between the access point and the church firewall. That way all wireless connections get additional filtering without installing anything additional on the clients.
I'm keeping an eye out for a good solution myself. I dislike having to use a regular computer for that task. I'd prefer if it was an "appliance box" that could be left on at all times.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
carljokl
- Member
- Posts: 151
- Joined: Fri Jun 20, 2008 12:09 pm
- Location: London, UK
- Contact:
I would doubt that we would have ward budget available to pay for additional boxes. I set up the wired bit of the network out of my own pocket. I did wonder as regards extra boxes. Things like the little Intel Atom micro ITX bundles can be built into very compact boxes possibly even small enough to fit inside our equipment cabinet. I wondered if it was technically possible to build a little server box to live in there with a big hard-drive and create ISOs of the Church provided DVDs and somehow share these over the network such that the server ends up as a big media repository. I don't know if it would even work in practice or even if it did if it would be worth it.
Anyway that getting a bit off topic.
In terms of security it might be more effective to control access down to individuals rather than putting lots of effort into blocking sites. No filtering system is 100% fool proof. Having to meticulously list every site which can and cannot be visited may get a bit "Law of Moses" not to mention it can become burdensome to manage. Restricting the access to those who are trusted to "Govern themselves" I think is more likely to work. I don't know what the Bishops decision is yet but probably will by Sunday.
Anyway that getting a bit off topic.
In terms of security it might be more effective to control access down to individuals rather than putting lots of effort into blocking sites. No filtering system is 100% fool proof. Having to meticulously list every site which can and cannot be visited may get a bit "Law of Moses" not to mention it can become burdensome to manage. Restricting the access to those who are trusted to "Govern themselves" I think is more likely to work. I don't know what the Bishops decision is yet but probably will by Sunday.
There are no problems, only solutions.
-
russellhltn
- Community Administrator
- Posts: 34511
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
I do remember seeing something about LDS Account being tied to Internet access at some point, so individual access may be on the way.
I'm not sure what decision you're talking about, but with respect to Meetinghouse Internet, I believe it's the Stake President's decision, not the Bishop's.
carljokl wrote:I don't know what the Bishops decision is yet but probably will by Sunday.
I'm not sure what decision you're talking about, but with respect to Meetinghouse Internet, I believe it's the Stake President's decision, not the Bishop's.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
carljokl
- Member
- Posts: 151
- Joined: Fri Jun 20, 2008 12:09 pm
- Location: London, UK
- Contact:
It may be officially the case that it the Stake President's decision and I got permission from him to make the change (on my recommendation that it would be beneficial) but I think the Bishop will want to have a say on how it is administered within the Ward. If I took a stance that it was the Stake Presidents decision and he approved it I don't think he would take too kindly to that stance (even if it is technically by the book).
I don't have any decision making power as such. At the moment I feel I am kind of taking on the role of Stake Technology Specialist without officially having the assignment. I don't know if the stake has a Stake Technology Specialist but there is a member of the stake presidency who normally oversees the technical matters. The point is though that the Bishop may not have decision making power but neither do I really for that matter.
I don't have any decision making power as such. At the moment I feel I am kind of taking on the role of Stake Technology Specialist without officially having the assignment. I don't know if the stake has a Stake Technology Specialist but there is a member of the stake presidency who normally oversees the technical matters. The point is though that the Bishop may not have decision making power but neither do I really for that matter.
There are no problems, only solutions.
-
russellhltn
- Community Administrator
- Posts: 34511
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
In light of your situation, I'd suggest that you point out to your bishop the documentation showing that computer issues fall under the stake and ask him to take up his concerns with the stake president. If the stake president decides to give the bishop authority, that's fine. But in the absence of a decision, we shouldn't be assuming it's OK to let the bishop decide.
If it makes you feel more comfortable, you may also want to ask that you be excused from further actions in this area. The outcome may be that you'll be called as the STS or assistant STS. That's fine too. Fixing a broken system is one thing, but I don't think it's right to be installing or modifying things without the calling and the authority.
If it makes you feel more comfortable, you may also want to ask that you be excused from further actions in this area. The outcome may be that you'll be called as the STS or assistant STS. That's fine too. Fixing a broken system is one thing, but I don't think it's right to be installing or modifying things without the calling and the authority.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
carljokl
- Member
- Posts: 151
- Joined: Fri Jun 20, 2008 12:09 pm
- Location: London, UK
- Contact:
You mentioned that Security Policy for computers and Internet is managed at the Stake level. Who at Stake is responsible for establishing policy and proceadure of the units. It is the Stake President himself? A member of the Stake Presidency? Can it be delegated to a desegnated member of the High Council or the Stake Technology Specialist? I don't know who the individual is who's dececision it is to make. Obviously the Stake President has the authority but he is busy and if it is something he can delegate he might prefer that but I don't know what the policy is. He might be the only one who can make the decision.
There are no problems, only solutions.
-
aebrown
- Community Administrator
- Posts: 15153
- Joined: Tue Nov 27, 2007 8:48 pm
- Location: Draper, Utah
The stake president is responsible for the policy, but as with so many things that the stake president is responsible for, typically someone else makes a proposal, and the stake president approves it, perhaps with some adjustments. In the case of security policy, in every stake that I know of (including my own) that has dealt with this issue, the stake technology specialist reviews the applicable Church policies and then makes a recommendation to the stake president. The stake technology specialist is going to be the one in the best position to make sure that the policy is followed once it is approved and published within the stake, so it makes sense that he would be involved in the drafting of the policy.carljokl wrote:You mentioned that Security Policy for computers and Internet is managed at the Stake level. Who at Stake is responsible for establishing policy and proceadure of the units. It is the Stake President himself? A member of the Stake Presidency? Can it be delegated to a desegnated member of the High Council or the Stake Technology Specialist? I don't know who the individual is who's dececision it is to make. Obviously the Stake President has the authority but he is busy and if it is something he can delegate he might prefer that but I don't know what the policy is. He might be the only one who can make the decision.
Questions that can benefit the larger community should be asked in a public forum, not a private message.