Logging / Proxying Meetinghouse Traffic

[johnshaw]

I definitely agree. Not looking to replicate what the church is doing. Not looking to really filter anything. I just want to log so I can fulfill the request from my Stk Prez to have some local auditing capabilities.

I hope there was some serious counsel and discussion before this task was assigned. I am not one to take a task that I think is ill-conceived without [privately] having a follow-up conversation. There is no reasonable Stake President or Bishop in the world that couldn't have their mind changed based on real information. I would take what little we know of the LDSAccount project (hopefully good information forthcoming-soon) and convince him to hold off and not duplicate efforts.

[russellhltn]

I just want to log so I can fulfill the request from my Stk Prez to have some local auditing capabilities.

Something to consider, what would you be able to find out? At best, it would be a time and website. Maybe a machine. How useful would that information be? I would suggest that if all it does is identify a problem without a way of figuring out who it is, it's may not be worth the effort. You may want to talk to the SP to discuss the limitations of whatever you come up with prior to encountering any expense.

[jdlessley]

After reviewing the thread to this point I think a review of what the OP's stake president really wants would be in order. The original statement describing the situation and goal was this:

I'm a newly called STS. When I was called, the Stake President told me that one of his priorities would be making sure that people aren't using our building internet improperly (we have the most liberal filtering due to FHC). However, after becoming familiar with the church firewall, and searching this forum, it's clear that the church isn't able to log all traffic and report the logging to the STS - clearly this would be the preferred way.

Unlike the OP, it is not clear to me that logging and reporting all traffic is the preferred way. "[M]aking sure that people aren't using our building nternet improperly" does not necessarily require logging all traffic and reviewing those logs.

What other alternatives are there to ensure people are using the Internet properly? It could mean that all appropriate preventative measures are taken to limit or minimize potential for misuse. This includes clear policies and procedures, training, and removal of temptation where and when possible. After-the-fact measures such as logging and reporting may have a place when feasable and the return for the cost and time warrant it.

To me there is little to very little return for the cost in money, the Lord's precious tithes, and the time in manhours for an after-the-fact or reactive method of prevention. RusselHltn's question I think is germain to the goal of preventing Internet misuse and abuse in regards to logging all Internet use:

Something to consider, what would you be able to find out?

What are the measures in place to proactive prevention of Internet misuse and abuse? What are the current stake policies and procedures for Internet access and use? What measures are being used to limit Internet access and use?

The two most likely areas for Internet access are in family history centers and through the wireless. If the policies and procedures put in place by the Family History Department are followed the misuse and abuse in the FHC is greatly limited. But wireless access within meetinghouses is still largely the responsibility for implementation and control in the hands of the stake leadership. The stake does not have to give Internet access to anybody wanting it. It can be controlled.

[sammythesm]

You all make some great points.

Maybe one last point to make is that whatever infrastructure is put in place needs to outlast my time in this calling. Perhaps 'custom' local unit solutions which require domain knowledge are better off not implemented, as they could become trip wires for the next STS to come along.

Maybe the wisest course of action is to wait to see how LDS Account authentication is implemented.

[nbflint]

Perhaps, instead of a customized hardware solution you might consider a software solution. There are commercial applications available that monitor internet usage and provide reports. Some provide e-mailing of those reports. Take a look at K9 Web Filtering for example. You don't have to use the web filtering, but you may be able to leverage the reporting.

[russellhltn]

Perhaps, instead of a customized hardware solution you might consider a software solution. There are commercial applications available that monitor internet usage and provide reports. Some provide e-mailing of those reports.

Don't those require installation on the computers being used? That would limit the usefulness in tracking member's computers and handhelds using WiFi.

[nbflint]

Don't those require installation on the computers being used? That would limit the usefulness in tracking member's computers and handhelds using WiFi.

True. But what good does knowing that someone is misusing the WiFi do if you can't identify them. If I'm using my personal device there is no way to guarantee that you'll be able to identify me. I'm more concerned about ensuring that the churches computers are not being misused.

I agree with the aforementioned solution: Try to convince the SP to hold off until the church implements the LDS Account login.

[russellhltn]

True. But what good does knowing that someone is misusing the WiFi do if you can't identify them. If I'm using my personal device there is no way to guarantee that you'll be able to identify me. I'm more concerned about ensuring that the churches computers are not being misused.

That's fine if that's the goal, but that's not what I interpreted the original request. So it comes back to what I said earlier: what's the goal, and is it practical?

I agree with waiting if at all possible.