Wireless access with LDS Account

[russellhltn]

I can also see that this could be dangerous because of the computers on the network will be available to be connected to especially if they are using shares. So we will need to make sure that the computers are "locked" down.

A very good point. Unless the personal firewall prevents it, ALL shares on a administrative XP machine will have to be disabled, including the printer.

[johnshaw]

Maybe I'm thinking about this all wrong, but from a Clerk Computer perspective, how will we distinguish a user accessing the Internet and MLS dialing up? What about the Family History Center computers as well, not everyone there will have an LDSAccount (as has been noted previously). And if this is all going to be true, and computers must be put into different 'zones'. There are some complexities around it that I personally can't wrap my head around - Why would meetinghouse technologies be supplying expensieve Cisco gear for Wireless if -- as it seems -- the Cisco WAP's aren't important if everything would be done at the firewall.. The concept of logging into a proxy, having my MAC stored for a period of time letting me surf or whatever... but once we move past that to devices, clerk computers, printers, FHC computers, etc... that is where I'm wondering about the complexities....again, these are questions that come to my mind, though its not too important at this point as has been stated, I will wait and see.

harddrive, I would advise against setting up non-Cisco Wireless... I'd stick with the current plan from Meetinghouse technologies... get some Cisco gear - I am so glad we made this decision 2 years ago in our stake.... I'd be replacing 9 buildings worth of WAP's....

Matthew -- If something software is to be sent to the meetinghouses...I'm getting more nervous about the complexity which exists onsite. Our stake is already overwhelmed with supporting technology. We are starting to use professional IT in our wards and branches like we use piano players

[russellhltn]

Maybe I'm thinking about this all wrong, but from a Clerk Computer perspective, how will we distinguish a user accessing the Internet and MLS dialing up?

Keep in mind that SOME access would be allowed without an LDS Account. It's only if you needed broader Internet access outside of selected church sites would you need to log in.

Applying it to all connections would solve my concern of someone plugging in a rogue WAP into some wired jack. If everything is being done at the firewall, rogues only extend coverage. They wouldn't bypass security (hopefully). At least they wouldn't create a totally open WiFi connection like they would now.

[MatthewEhle]

Maybe I'm thinking about this all wrong, but from a Clerk Computer perspective, how will we distinguish a user accessing the Internet and MLS dialing up?

I can't say that I know enough about how MLS connects to the server to know the answer to this. I do know that certain areas can be accessed without any type of authentication (e.g. church web sites). Not sure if or how this would work for MLS.

What about the Family History Center computers as well, not everyone there will have an LDSAccount (as has been noted previously).

One requirement of the project is to allow guests to use the network. They would have to be "sponsored" by a member and such. There may be a different plan in place for the FHC computers though. I'll see if I can learn some more about those details next time I talk to the people involved in that part of the project.

Matthew -- If something software is to be sent to the meetinghouses...I'm getting more nervous about the complexity which exists onsite. Our stake is already overwhelmed with supporting technology. We are starting to use professional IT in our wards and branches like we use piano players

I believe the goal is to actually reduce that complexity by having standard preconfigured equipment in all of the meetinghouses. Of course, time will tell

[johnshaw]

There are still tons of questions in my head.... if you have access... could you ask this specific question? Will this work for sites that don't have the Cisco 881W??

[aebrown]

There are still tons of questions in my head.... if you have access... could you ask this specific question? Will this work for sites that don't have the Cisco 881W??

I don't quite understand why you want to have all the answers before the new system is released or even officially announced. I really think most if not all of your questions will be answered then.

But as for this specific question, in the May regional meeting (for my region at least) we were specifically told that it would work with the older firewalls as well.

[MatthewEhle]

Since there seems to be a lot of questions and confusion about this new system, here is what I'll do:

Next time I talk to the rest of the project team, I'll see if I can learn more about the networking side of the project, along with getting some of these questions answered. After that, I will start up a new post with the appropriate level of technical detail for this project.

As was mentioned a few times, there is really no need for individual units to be concerned about any of this just yet, but I know that curiosity is a hard thing to ignore

[johnshaw]

I don't quite understand why you want to have all the answers before the new system is released or even officially announced. I really think most if not all of your questions will be answered then.

My largest concern is that there is currently a push to get 85% of meetinghouses using the Internet with Wireless Functionality.... If we make that push and then need to go back and re-do work, that would be a large disappointment. Plus + I'm generally intersted to know how it will work.

This type of answer was all we saw prior to the CUBS conversion as well. Wait and see we'll get the answers then.... I got burned by waiting on that one... and I spent countless hours of volunteer time fixing issues, and refixing issues...... If I had asked these types of pointed questions prior to the release and had actual answers, my life might've been much different during that time...

[harddrive]

Since there seems to be a lot of questions and confusion about this new system, here is what I'll do:

Next time I talk to the rest of the project team, I'll see if I can learn more about the networking side of the project, along with getting some of these questions answered. After that, I will start up a new post with the appropriate level of technical detail for this project.

As was mentioned a few times, there is really no need for individual units to be concerned about any of this just yet, but I know that curiosity is a hard thing to ignore

Thank you for doing this. I feel like the reason so many questions comes from the idea of us being network engineers and being security minded. I work on an enterprise network and so we are looking at all aspects of networking and security.

So when I hear that the wireless being wide open it is a problem for me. I had a company that set up their wireless network and they were hacked. So we potentially have the same issue. There are many people who want to get things free and to get data and people's information.

The other items is that we need to be able to plan for changes and to inform our stake president on access.

[MatthewEhle]

Thank you for doing this. I feel like the reason so many questions comes from the idea of us being network engineers and being security minded. I work on an enterprise network and so we are looking at all aspects of networking and security.

So when I hear that the wireless being wide open it is a problem for me. I had a company that set up their wireless network and they were hacked. So we potentially have the same issue. There are many people who want to get things free and to get data and people's information.

The other items is that we need to be able to plan for changes and to inform our stake president on access.

I would say that for right now, you shouldn't expect this to be as secure as something like a home or corporate network using WPA encryption. This will be more like a public network with a captive portal, like a hotel or airport. In fact, I believe we are using a vendor that provides solutions for those types of organizations. Therefore, people on the network should treat this just as they would any public Wifi (running a basic firewall and making sure that sensitive information is being passed over SSL/TLS).