Physical access to firewall

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Post Reply
egridley
New Member
Posts: 2
Joined: Thu Nov 20, 2014 1:32 pm

Physical access to firewall

#1

Post by egridley »

Just a question about physical access to the firewall. Obviously, we don't want it in a location where lots of people have access to. However, in our stake, the firewall in all 3 of the buildings is in a mechanical closet that I, as the STS, don't have a key to.

The only reason this even came up is because of the firewall upgrade that is currently available. I need to ensure that nothing is connected to port 2 on the firewall. I am having to track down bishopric members, clerks, etc. just to get physical access to the firewall.

Is this something that I should request physical access to?
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Physical access to firewall

#2

Post by russellhltn »

I would.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

Re: Physical access to firewall

#3

Post by aebrown »

egridley wrote:...in our stake, the firewall in all 3 of the buildings is in a mechanical closet that I, as the STS, don't have a key to.
...
I am having to track down bishopric members, clerks, etc. just to get physical access to the firewall.

Is this something that I should request physical access to?
I would say that you absolutely need physical access to the firewall. You need to be able to reset the firewall on occasion (usually this can be done remotely via Technology Manager, but not always), and you need to adjust cabling and do other tasks that require access. But of course, that decision would be made by the stake president, perhaps in consultation with the FM group and/or PFR.

When I was STS, I was given master keys to the facilities. I needed to go to demarc rooms, mechanical closets, clerks' offices, family history centers, and even bishops' offices in order to fulfill my calling. The way the FM group distributes keys in our stake, I was often the only one (besides the stake presidency and stake clerk and PFR) who could even get into mechanical closets -- bishopric counselors could not.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

Re: Physical access to firewall

#4

Post by aclawson »

There exists a stake master key that will open every door that exists. Your stake president can authorize you to get a copy from FM.
User avatar
Mikerowaved
Community Moderators
Posts: 4734
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Re: Physical access to firewall

#5

Post by Mikerowaved »

aclawson wrote:There exists a stake master key that will open every door that exists. Your stake president can authorize you to get a copy from FM.
My SP didn't feel (and I agree with him) that I needed full access to all the bishop and SP offices, so I have a pretty full key ring that gets me into all the buildings, clerk's offices, and firewall locations. It's not as convenient as a master key, but it allows me access to everywhere I need to be to fulfill my calling as STS.
So we can better help you, please edit your Profile to include your general location.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

Re: Physical access to firewall

#6

Post by aclawson »

In our stake the FM group is in the process of changing all of the locks on the network cabinets to a single key to make it easier for the STS to get into the equipment.
natet
Member
Posts: 69
Joined: Fri Oct 24, 2008 5:09 pm
Location: Richland, Washington, USA

Re: Physical access to firewall

#7

Post by natet »

mikerowaved wrote:My SP didn't feel (and I agree with him) that I needed full access to all the bishop and SP offices, ...
I have found having access to the offices to be a rarely used, but valuable resource in my calling. I have used that access to test wireless signals in the Bishop and Stake Presidents offices when we installed WAP's, since one of the use cases for wireless in the building is during council meetings. In addition, our FM is understaffed, so I'm usually the person who is onsite when vendors such as the phone company come to service our lines, so I've needed access so I could test the phones in the offices.
drepouille
Senior Member
Posts: 2859
Joined: Sun Jul 01, 2007 6:06 pm
Location: Plattsmouth, NE

Re: Physical access to firewall

#8

Post by drepouille »

I have a master key to all exterior doors, but I only have access to about half of the clerks offices and FHCs, as well as the firewalls. In a few of our meetinghouses, the FM decided to put the firewall in the clerk's office, with the switch and power injectors strapped under the desk. I told the FM that this violates the policy that states that if a firewall is in a clerical office, it must be inside a locked cabinet. He's still pondering that one.

Last Friday, I noticed I could not see a WAP through TM. So I drove to the meetinghouse to find that the WAP was off. I found the power injector in the clerk's office, and it was off as well. The FM had mounted the power injector under the desk so the power plug was hanging out of the bottom of it. Gravity, vibrations, and feet under the desk had caused the plug to work its way out of a secure connection to the power injector.
Dana Repouille, Plattsmouth, Nebraska
rknelson
Member
Posts: 124
Joined: Tue May 01, 2007 3:13 pm
Location: Oregon

Re: Physical access to firewall

#9

Post by rknelson »

I can't imagine being able to magnify my calling without full access to everywhere that has equipment I need to support including printers, copiers, TV's, computers, modems, firewalls, network patch panels, wireless, satellite, phones, etc. I have the same master key the Stake President has to allow access to all rooms including mechanical rooms in all buildings in the stake, and I use it regularly. I also have MLS login accounts on every MLS computer. Of course the decision is ultimately up to the Stake President, but in order for him to make an informed decision he needs to understand the full breadth of what a Stake Tech is called to do.
Post Reply

Return to “Meetinghouse Internet”