New Internet Filter

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
aebrown
Community Administrator
Posts: 15119
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Re: New Internet Filter

Postby aebrown » Sun Mar 09, 2014 4:58 am

russellhltn wrote:I got that email today. While it had the necessary information, it made it sound like every device that uses the network had to be checked, which could imply all the member's tablets, laptops and smart phones.

I didn't read it that way. It says "Any devices connected to Meetinghouse Internet that have been set to use non-Church specified DNS servers should be changed to use approved Church meetinghouse DNS servers or to obtain DNS server addresses automatically," and later refers to "each device in question." Personally, I'm only going to focus on what I'm determining to be a "device in question."

I'm taking that to mean that I need to examine every network device that I as STS (or anyone else under my direction) may have set to have anything other than a DHCP-issued DNS server. If anyone chose to play with DNS settings on their own personal devices, they're on their own. In my opinion, that is a highly speculative proposition anyway; I have a hard time imagining that anyone played with the DNS settings on their personal device.

WillClaridge
New Member
Posts: 5
Joined: Thu Jan 27, 2011 9:59 pm
Location: Scappoose, OR

Re: New Internet Filter

Postby WillClaridge » Sun Mar 09, 2014 9:26 am

aebrown wrote:If anyone chose to play with DNS settings on their own personal devices, they're on their own. In my opinion, that is a highly speculative proposition anyway; I have a hard time imagining that anyone played with the DNS settings on their personal device.


Since the TCP/IP settings are connection-specific on most personal devices (i.e. you can mess with the settings for each separate wireless access point configured on your device) this should generally not be a problem. As an STS I can guarantee you that someone will come to me some day and tell me that they cannot use their personal device at church and I will find that they have played with their DNS settings. I am also a SS teacher for the 16/17 year olds. I know for a fact that they will play with these parameters (but I would like a way to filter them out anyways - I was sad that SLC canceled the project to require LDS Single Sign On to use the wireless in the buildings).

russellhltn
Community Administrator
Posts: 28146
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: New Internet Filter

Postby russellhltn » Sun Mar 09, 2014 12:05 pm

I'm referring to the opening sentence: "Please be aware that only Church-specified Domain Name System (DNS) entries on devices connected to Meetinghouse Internet are allowed on the network." I read that as a policy statement. That's OK for church-controlled devices, but not really enforceable for devices belonging to the general membership.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.

JamesAnderson
Senior Member
Posts: 766
Joined: Tue Jan 23, 2007 2:03 pm

Re: New Internet Filter

Postby JamesAnderson » Sun Mar 09, 2014 1:57 pm

Setting up the DNS access this way is a very good thing to do, it's one of the best security practices anyone c an do. And Zscaler has made this aspect of Internet security very easy to do, even for some of our STS people who may not know a whole lot about DNS settings, so it is a real plum of a product that the Church has decided to go with. I'm sure someone will come up with an even better version of it, I'm sure all the big companies that provide similar services will compete and make this one even better, and we're all better off now that this has been developed.

drepouille
Senior Member
Posts: 2296
Joined: Sun Jul 01, 2007 5:06 pm
Location: Plattsmouth, NE
Contact:

Re: New Internet Filter

Postby drepouille » Sun Mar 09, 2014 6:28 pm

I asked the GSC to install the new filter on all firewalls in my stake a week ago. Last Wednesday, a group of youth came into the stake FHC to learn about FamilySearch Family Tree and FamilySearch Indexing. One boy brought his own laptop, but said he could not connect to the Internet. I didn't get a chance to look at his laptop, but it is possible that he had set his DNS to static IPs.
Dana Repouille, Plattsmouth, Nebraska

russellhltn
Community Administrator
Posts: 28146
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: New Internet Filter

Postby russellhltn » Sun Mar 09, 2014 6:47 pm

Some people deliberately use a 3rd party DNS, like OpenDNS.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.

WillClaridge
New Member
Posts: 5
Joined: Thu Jan 27, 2011 9:59 pm
Location: Scappoose, OR

Re: New Internet Filter

Postby WillClaridge » Sun Mar 09, 2014 7:35 pm

russellhltn wrote:I'm referring to the opening sentence: "Please be aware that only Church-specified Domain Name System (DNS) entries on devices connected to Meetinghouse Internet are allowed on the network." I read that as a policy statement. That's OK for church-controlled devices, but not really enforceable for devices belonging to the general membership.


Once implemented it becomes "self enforcing". Its not that the STS has to check every device that belongs to the general membership; it will just be the case of helping members understand why their devices no longer work on the Church-controlled network if they are not getting their DNS settings through DHCP.

pbarnsley
New Member
Posts: 10
Joined: Sun Mar 17, 2013 9:47 am

Re: New Internet Filter

Postby pbarnsley » Mon Mar 24, 2014 3:55 pm

I'm guessing this has been suggested and there is a good reason for not doing it.... but shouldn't the internet access be limited to the IP addresses of lds.org and other church sites, plus Microsoft for windows updates? Then it doesn't matter what the DNS settings are.

The church is currently open to some fairly serious liability issues relating to the nature of illegal content which can currently be downloaded over its connection. That's before you consider that half the adults in my ward use Facebook instead of listening to the talks in sacrament ;)

Using DNS in order to secure the internet will not stop anyone that knows how to lookup an IP address.... take our youth for example ;)

russellhltn
Community Administrator
Posts: 28146
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: New Internet Filter

Postby russellhltn » Mon Mar 24, 2014 4:11 pm

pbarnsley wrote:but shouldn't the internet access be limited to the IP addresses of lds.org and other church sites, plus Microsoft for windows updates? Then it doesn't matter what the DNS settings are.


At one time, that was one of the filtering options to select. However, that doesn't work for Family History work as there are any number of sites that contain information that a researcher would need to get access to.

There's also the need to access one's personal email which may be used as part of a church calling. And that's just starting. I'm sure we would have quite a list if we were to start down that road.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.

pbarnsley
New Member
Posts: 10
Joined: Sun Mar 17, 2013 9:47 am

Re: New Internet Filter

Postby pbarnsley » Mon Mar 24, 2014 4:19 pm

The fhc sites are a good point. The rest I think people could either live without or use their 3g connection on their phones. For church employees on the road they should already have a 3g dongle for their laptop anyway. After all we all lived without access to our emails at church a few years ago.

I would think you can white list nearly every family history site out there, it would be a bit of work admittedly but the church could run a helpdesk where sites can be added as they are requested. You could also pre white list all the major email providers if you were that bothered about email.

The question to ask is, what is the churches risk appetite? Do they mind the bad press when some sicko downloads or shares child porn through the church connection?

I don't think the right questions are being asked at the moment.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 2 guests