Talk:Local insights on Meetinghouse technology
One things that could be done that would provide an increased level of security is the use of VLANs on the Cisco Firewalls. Virtual LANs, or VLANs, provide the ability to restrict access between different ports on a switch. For instance, if you have three ports, A, B, and C, with A being your internet connection, you can create a VLAN between A and B, and A and C, but not between B and C. This allows both B and C to connect to the internet, but not to each other. (at least not without going back through the firewall)
The use of this technology would be ideal for church buildings with wifi enabled. Typically clerk computers and family history computers are connected to the same network as wifi users. Using VLANs on the Firewall, you could create two separate networks, one for wifi users and one for Church owned devices. This would provide an enhanced level of security for Church computers should the wifi ever get compromised or if a person with malicious intent ever obtained access to the wifi in the building.
The Cisco firewalls endorsed by the Church do support the use of VLANs. However, this is the type of change that would need to be made either at Church Headquarters and incorporated into the Firewall settings, or given to STS with extensive instructions. I think it would be easier though to make the configuration generic and provide directions that state "Only connect wifi extenders to ports 1-8 and local hard-wired connections to ports 9-16". (insert correct port numbers as I'm not sure what they actually are) The new configuration would then establish VLANs between 1-8 and the upload port, and 9-16 and the upload port, but not between 1-8 and 9-16.
While we all certainly hope no member of the Church would ever attempt to compromise a Clerk computer or any other computer belonging to the Church, this is an easy change that would make sure an attack much more difficult.