Ask Slashdot: Setting Up a Wireless Catch-and-Release 332
First time accepted submitter SSG Booraem writes "I'm on the IT committee at my church. We've recently added wireless access points to our Family Life Center, but the committee chair isn't comfortable with allowing unrestricted access to our network. We host a lot of guests during the week for Upwards basketball practices and on Saturdays for games, so we want to restrict internet access to the Sunday school classes held in that building. Unfortunately, neither he, nor I, know anything about setting up a wireless catch-and-release like in hotels. If anyone could point me at good documentation, I would be very grateful."
charge 'em (Score:4, Insightful)
Use enterprise WPA2 with keys. Give each client device a key. Charge $5 to provide a key. Church members who are donating will probably reduce their donation by $5 that month in order to pay for the key.
You can revoke keys individually.
Disclaimer: I don't know what I'm talking about, you might need expensive hotspots to do that, but for large building with more than one hotspot, you probably want special hotspots with decent handover as folk move from one hotspot to another.
Just turn it off (Score:5, Insightful)
set a password and change it regularly (Score:4, Insightful)
Time-of-day restriction (Score:5, Insightful)
Re:StackExchange (Score:5, Insightful)
Re:No thanks. (Score:3, Insightful)
Re:Time-of-day restriction (Score:4, Insightful)
Re:Not sure I understand the point here (Score:2, Insightful)
You could still try to point him in the right direction, if someone asks for the way to the airport it isn't that important if you understand why he wants to leave town!
Admin (Score:2, Insightful)
Use enterprise WPA2 with keys. Give each client device a key. Charge $5 to provide a key. Church members who are donating will probably reduce their donation by $5 that month in order to pay for the key.
You can revoke keys individually.
Disclaimer: I don't know what I'm talking about, you might need expensive hotspots to do that, but for large building with more than one hotspot, you probably want special hotspots with decent handover as folk move from one hotspot to another.
That sounds like a great quick-get-the-job-done solution but here's the 'but': adminstration.
Most churches have an admin - one business admin. I don't know how to put it kindley so here's a prediction of what will happen based upon what I've observed with other things that these adminstrators do:
You will be constantly dealing with folks who's key doesn't work. Keys that still work when they shouldn't and a constant searching for keys.
It will be one cluster fuck.
Volunteer IT person?
They turnover fast: they have work projects that take all their time up, can't deal with church committees, they find mega paying jobs on another coast, etc .....
Re:It would be a miracle (Score:5, Insightful)
This thread makes me embarrassed to be an atheist...
Re:It would be a miracle (Score:5, Insightful)
Yup, the amount of atheist bigotry and unpleasantness here is incredible. Now in their defense, these people are probably Americans who endure a lot of religious bigotry in their daily lives. They are just trying to fight back, but this doesn't really help at all.
Re:It would be a miracle (Score:5, Insightful)
Re:StackExchange (Score:4, Insightful)
I sure agree with you, it hurts to see how a good place to exchange information is slowly dying and becoming less and less worth our attention.
Yes, that happened ever since "I'm too lazy to Google it and perform basic research" turned into the exact same thing as "I really need a community of experts to offer me advice".
... but you know what the REAL difference is? If you really need a community of experts to offer advice it's because you are doing something new and interesting and unique. If you're doing what every hotel and coffee-shop across the country already does on a daily basis ... then it's time to stop being lazy and research it yourself.
Not that Slashdot does anything but try to shut you up with a downmod for pointing it out
Re:StackExchange (Score:0, Insightful)
How dare you call anyone an idiot or a bigot? Fuck you, fuck your god and fuck your religion.
Hire someone! (Score:4, Insightful)
Just because churches operate as tax exempt non-profits doesn't mean they can't afford to pay someone to do the work. If your church doesn't have a member that is in the IT business (and willing to do the work for free) then hire a local tech company to set it up for you. Support the local nerd economy!
Re:Just turn it off (Score:5, Insightful)
Re:Catch-and-release? (Score:2, Insightful)
What's that?>/a> [wikipedia.org]
I think it's something like Pray for a man and you save him once. Teach him to pray for himself and you save him for a lifetime.
actually its more like 'pray for a man and he easily ignores you, brainwash a man and he will pray with you'
Re:StackExchange (Score:4, Insightful)
Re:Just turn it off (Score:5, Insightful)
One of my networks in a somewhat public place where the users have a high motivation to get online. Knowing that there is wireless is inherently insecure, i.e. tools are available for harvesting passwords and MAC addresses, turning off the SSID is simply another tool I use. To me it is a no brainer because it does not cause me any significant problems and many casual users don't know how to connect to a 'hidden' network even if they have the name. That is what 'turning off' the SSID does. It does not make the network invisible, it prevents computers from automatically connecting. It says that this is a closed network and we would appreciate it if you did not join in.
I have seen articles like this where somehow 'hiding' the SSID causes problems for roaming. From where I have seen these articles, I suspect this is an OS specific problem as I have never had this problem. All my equipment connects automatically to my networks unless there is a higher power open competing network. I believe this is a case where certain people do not know how to implement the solution, so they say the solution is bad.
To the matter at hand, closing the network may be part of the solution. Time based access control, in which user accounts that require on the fly credential, is another solution. This is where the user provides an email address, and logs onto the network by clicking on an email link agreeing to the terms and conditions. I would also back it up with sa white list that will prevent all proxy access and make the pipe much less valuable for casual users to crack.