Managing Control of Unit Wireless Installs
-
- New Member
- Posts: 1
- Joined: Wed Aug 26, 2009 9:05 pm
- Location: USA
Managing Control of Unit Wireless Installs
So far as I can tell there a few options to managing wireless access in a unit.
Understood = Stake President accepts responsibility for the control process
Options:
OPEN
PRO - Easy, WAY TOO EASY
CON - Not a good choice
Use LDS Access (same as in church operations facilities like welfare)
PRO - Easy to deploy with SLC help
CON - Password distribution is difficult to control
Use locally managed procedure such as MAC address filtering
PRO - strong local control going through Stk Tech Spec.
CON - Labor intensive and limited to number of storable address slots
Suggestion (probably already addressed - but where?)
Use LDS Account
Look how hotels receive guest connection requests and redirect the connection request to a Usage Terms and Conditions screen (a good reminder of conduct expectations). User must then accept terms before proceeding further in the redirect process. Log in using their LDS Account password which should be user specific, church managed, with recovery options available.
A MAC address can be trapped, along with the login ID. Make standardized usage reports available to the Tech Specialist to help the Stake President address misuse issues. (Odd instances of multiple MAC address per user name, inappropriate destinations, etc...)
Just an idea in VERY rough form from a non-technical servant.
Understood = Stake President accepts responsibility for the control process
Options:
OPEN
PRO - Easy, WAY TOO EASY
CON - Not a good choice
Use LDS Access (same as in church operations facilities like welfare)
PRO - Easy to deploy with SLC help
CON - Password distribution is difficult to control
Use locally managed procedure such as MAC address filtering
PRO - strong local control going through Stk Tech Spec.
CON - Labor intensive and limited to number of storable address slots
Suggestion (probably already addressed - but where?)
Use LDS Account
Look how hotels receive guest connection requests and redirect the connection request to a Usage Terms and Conditions screen (a good reminder of conduct expectations). User must then accept terms before proceeding further in the redirect process. Log in using their LDS Account password which should be user specific, church managed, with recovery options available.
A MAC address can be trapped, along with the login ID. Make standardized usage reports available to the Tech Specialist to help the Stake President address misuse issues. (Odd instances of multiple MAC address per user name, inappropriate destinations, etc...)
Just an idea in VERY rough form from a non-technical servant.
-
- Community Administrator
- Posts: 34517
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
The way it's supposed to be done is with WPA or WPA2 and the password is distributed in accordance to the stake president's policy.
Linking to LDS Account would be nice, but that would have to be figured out by CHQ. It's not practical for a stake to do.
Linking to LDS Account would be nice, but that would have to be figured out by CHQ. It's not practical for a stake to do.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Community Moderators
- Posts: 9924
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
Maybe I am thinking of your suggestion wrong but wouldn't using LDS Account to gain access to a wirelss connection be a catch 22. You couldn't get the connection unless you already had a connection to login.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
- aebrown
- Community Administrator
- Posts: 15153
- Joined: Tue Nov 27, 2007 8:48 pm
- Location: Draper, Utah
lagreen08 wrote:Use LDS Access (same as in church operations facilities like welfare)
PRO - Easy to deploy with SLC help
CON - Password distribution is difficult to control
This is not an option. The LDSAccess profile cannot be deployed to regular routers and wireless access points -- it is designed for Cisco hardware only (I think it is even specific to the Aironet WAPs). It is appropriate, even preferred, for buildings that have an official FHC with a Church-managed firewall and access points. But when a stake purchases its own hardware for wireless access, the Global Service Desk will not manage the security -- that is the responsibility of the stake technology specialist.
lagreen08 wrote:Use locally managed procedure such as MAC address filtering
PRO - strong local control going through Stk Tech Spec.
CON - Labor intensive and limited to number of storable address slots
As was mentioned, the requirement is for at least WPA security. This is managed by the stake technology specialist. There is no rule for or against MAC address filtering, but as you said, it is labor intensive.
- Mikerowaved
- Community Moderators
- Posts: 4744
- Joined: Sun Dec 23, 2007 12:56 am
- Location: Layton, UT
...and almost pointless with the easy ways it can be bypassed.Alan_Brown wrote:There is no rule for or against MAC address filtering, but as you said, it is labor intensive.
So we can better help you, please edit your Profile to include your general location.
-
- Community Administrator
- Posts: 34517
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
I think he's talking about doing it like a hotel would. The connection is "open" but all you'd get is a sign in screen until you've been validated.jdlessley wrote:Maybe I am thinking of your suggestion wrong but wouldn't using LDS Account to gain access to a wirelss connection be a catch 22. You couldn't get the connection unless you already had a connection to login.
There's two problems. The first is one would have to set up such a system. I'm not sure of the difficulty. At minimum you'd have to stick with specific brands of access points and flash custom software.
The second problem is that you'd need a way of validating the LDS Account. Right now there are no APIs for doing so.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Member
- Posts: 77
- Joined: Thu Feb 08, 2007 9:42 am
- Location: Arizona
In a new building why have wireless access at all? I'm in the process of provisioning a 16224 sq. ft. Chapel (Full chapel, not a stake center.) that should have between 25 and 29 network jacks throughout the facility. Right now I can't think of a case where I would want to have wireless in that building. Some might ask about Family History classes. The ward can get a 10/100 ethernet hub for ~$20 and some cable and set it up on a work table in the classroom for the class to sit around with their computers.
-
- Community Administrator
- Posts: 34517
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Depends on the application. In a meeting (PEC, Presidency, etc) it's nice to allow everyone to have their laptops or PDAs.James_Francisco wrote:In a new building why have wireless access at all?
It's also hard to anticipate every need. Perhaps a display booth in the cultural hall. Or maybe a small thing in the foyer.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Community Moderators
- Posts: 9924
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
Why use a hub when the cost differential between a hub and a switch is negligible? Using a switch does not have the same negative affects on bandwidth as hubs have.James_Francisco wrote:The ward can get a 10/100 ethernet hub for ~$20 ...
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
-
- Community Moderators
- Posts: 9924
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
Because that is what the bishop/branch president or stake president wants; the device connecting does not have a wired port; the leaders using the network do not want to be tethered; not all locations in the building have wall ports ...James_Francisco wrote:In a new building why have wireless access at all?
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?