Restricted Access

[greggo]

Thanks for the input. I'll have the ward tech specialist check the settings in the internet options applet, but he was certain it had something to do with some Norton software.

To clarify further...
The wireless network was setup by the ward tech specialist at the request of the bishop back in Apr, and it was at least partially installed before the stake tech specialist was involved (maybe he only provided the CD with the required OS/software from CHQ).
The ward computer in the clerk's office is hardwired to the Linksys router, and as far as I know, it is separate from the network in the FHC. The FHC may be configured with the firewall device that was mentioned, but the ward tech specialist couldn't find one.
And I am definitely connected wirelessly to the same router from my laptop, as I needed the key that was provided by the ward tech specialist.

[jdlessley]

Thanks for the input. I'll have the ward tech specialist check the settings in the internet options applet, but he was certain it had something to do with some Norton software.

To clarify further...
The wireless network was setup by the ward tech specialist at the request of the bishop back in Apr, and it was at least partially installed before the stake tech specialist was involved (maybe he only provided the CD with the required OS/software from CHQ).
The ward computer in the clerk's office is hardwired to the Linksys router, and as far as I know, it is separate from the network in the FHC. The FHC may be configured with the firewall device that was mentioned, but the ward tech specialist couldn't find one.
And I am definitely connected wirelessly to the same router from my laptop, as I needed the key that was provided by the ward tech specialist.

If the LAN settings on the computer in question is not using a proxy server for filtering then we may need some more information.

If your clerk computer only has Church provided security software then there is no Norton product installed. The Church uses the Symnantec corporate security products such as Symantec antivirus on US and Canadian (maybe worldwide) administrative computers. There is no firewall software installed on the computer.

But since you mentioned a Linksys router and a FHC in the building the situation may be that your STS installed the router between the Cisco PIX 501 Security Appliance (firewall and router) and the ward clerk computer. If that is the case then he may have configured the firewall in the Linksys router. You will have to talk to him about that.

I doubt that the ward clerk computer is using another internet access from the FHC internet connection since an additional internet connection not through the FHC CCN would incur an additional expense to the stake for which there is no need.

[aebrown]

The wireless network was setup by the ward tech specialist at the request of the bishop back in Apr, and it was at least partially installed before the stake tech specialist was involved (maybe he only provided the CD with the required OS/software from CHQ).

You might want to review the .pdf]Computer Policy of the Church. There is no official calling of "ward tech specialist", but there definitely is a Stake Technology Specialist, who has responsibilities that include:

You manage Church computers in the stake, including those in family history centers. Duties include ordering, installing, scheduling, reassigning, supporting, and arranging for repairs and disposal of Church computers.
You provide support for the initial setup of computer workstations, printers, and Internet connections (where authorized), as well as maintenance of computer hardware, operating systems, and software.
You support all users of Church technology in your stake, including the stake presidency, bishoprics, auxiliary leaders, family history consultants, seminary and institute instructors, and others who use such technology in Church meetinghouses.

So the stake technology specialist is to be involved in every hardware implementation. There are provisions for him delegating some of that responsibility, but he is still ultimately responsible (under the authority of the stake president, of course). He is responsible to support bishoprics, among others. A bishop has no authority to direct the installation of a network without the involvement of the stake technology specialist, who must insure that it is done properly within Church policy.

The ward computer in the clerk's office is hardwired to the Linksys router, and as far as I know, it is separate from the network in the FHC. The FHC may be configured with the firewall device that was mentioned, but the ward tech specialist couldn't find one.

I hope this is simply due to a lack of understanding of the network, but if what you are saying is true, your building is completely out of policy. The basic principles are:

1. There is only one Internet connection allowed per building. Period.
2. The first device downstream from the Internet device (cable modem, DSL modem, etc.) must be the Church-managed firewall.
3. You may not reconfigure, replace, or circumvent in any way the Church-managed firewall.

The above principles apply to all computers, whether administrative computers or computers in Family History Centers. I find it hard to believe that your FHC doesn't have a firewall (typically a Cisco PIX), but if it doesn't, it is a huge security and policy problem. I also find it hard to believe that any other computers in the building would not be on that network and share the Internet connection, but again, if that is true, it is a security, policy, and budget problem.

[mkmurray]

Yes, even your wireless network will need to be moved behind the Church-managed, firewalled network...and this must also be orchestrated with the Stake's approval through the Stake Technology Specialist and Stake Presidency.

[russellhltn]

Hopefully it will be posted soon clerk.lds.org with the other similar letters. But my stake president handed it to me yesterday. The letter is dated 8 August 2008, is addressed to all stake presidents (and some other leaders) in the US and Canada.

It is word for word the same as the .pdf]26 March 2008 letter, except that it says "Effective August 8, 2008, stake presidents in the United States and Canada Areas may authorize and fund, out of local unit budgets, broadband Internet connections for meetinghouses within their stakes...."

I can confirm that. I had a copy sent to me by a member of the clerks list (thanks!). I've just been sitting back to watch how the news broke. (And to get a head start on my call to Xilec Broadband :p)

I must admit I was surprised to see it open up to all areas instead of a phased roll-out.

[russellhltn]

I find it hard to believe that your FHC doesn't have a firewall (typically a Cisco PIX)

I don't. Someone gets assigned to "get Internet" for the FHC. They do it the only way they know how - call the Phone/Cable company. :-/

Something like that must have happened in a neighboring stake. I stopped by to help them out with a problem and discovered they didn't have a firewall. That's since been corrected.

[russellhltn]

There is only one Internet connection allowed per building. Period.

I know of all the policies that allows a single one to be shared, and I can understand from a cost standpoint that's desirable - but.... Can you point me to a source that only one is allowed?

One of the reasons I ask is that we're going to have a major pain getting the FHC connection to the admin offices. But then the FHC is in a different building - but on the same lot. So I'd like to know if I'm missing something.

[aebrown]

I know of all the policies that allows a single one to be shared, and I can understand from a cost standpoint that's desirable - but.... Can you point me to a source that only one is allowed?

The Introduction to Meetinghouse Internet page says:

Note: If a Church-managed firewall is currently used in a Church facility, the broadband connection should be shared among all tenants that are requesting broadband Internet access and are approved by the stake president

Also the Meetinghouse Internet Guidelines says:

The stake technology specialist must work with the facility manager to install the services in a way that . . . avoids duplication of any other services.

Finally, Installing the Church-Managed Firewall says:

NOTE: If a Church-managed firewall or wireless network for Internet use is already in the building, contact the facility manager to share the existing service.

It is Church policy to share existing filtered Internet connections between ecclesiastical units (wards,stakes, districts, and branches) and field office units (family history centers, seminaries and institutes,facilities management offices, LDS Employment Resource Centers, etc.).

[russellhltn]

Not just missed it, missed it twice. (I won't count the third since I'm not yet installing a firewall.)

Thanks.

[greggo]

You might want to review the Computer Policy of the Church. There is no official calling of "ward tech specialist", but there definitely is a Stake Technology Specialist.

I hope this is simply due to a lack of understanding of the network, but if what you are saying is true, your building is completely out of policy..

Thank you Alan for the copy of the computer policy and your valuable input. I'll review with those involved and try to get things cleaned up. Hopefully, we're not as far out of policy as I suspect.