Ask Slashdot: Setting Up a Wireless Catch-and-Release

First time accepted submitter SSG Booraem writes "I'm on the IT committee at my church. We've recently added wireless access points to our Family Life Center, but the committee chair isn't comfortable with allowing unrestricted access to our network. We host a lot of guests during the week for Upwards basketball practices and on Saturdays for games, so we want to restrict internet access to the Sunday school classes held in that building. Unfortunately, neither he, nor I, know anything about setting up a wireless catch-and-release like in hotels. If anyone could point me at good documentation, I would be very grateful."

charge 'em

[samjam]

Use enterprise WPA2 with keys. Give each client device a key. Charge $5 to provide a key. Church members who are donating will probably reduce their donation by $5 that month in order to pay for the key.

You can revoke keys individually.

Disclaimer: I don't know what I'm talking about, you might need expensive hotspots to do that, but for large building with more than one hotspot, you probably want special hotspots with decent handover as folk move from one hotspot to another.

Just turn it off

[Captain Hook]

If the access point is only meant to be used by the Sunday school, and they only meet at certain times. why not just switch the AP off when the Sunday School meeting isn't running?

set a password and change it regularly

[acidream]

Seems like you could just set a password and post it somewhere in a room that is not accessible to guests. Change the password every week.

Time-of-day restriction

[bgarcia]

Restrict the wireless router's use to Sunday mornings during class. Don't operate it during the week.

Re:StackExchange

[zoloto]

Who knew such unabashed idiocy and bigotry would exist on slashdot? He's asking a tech question for a NPO and you retort with such drivel?

Re:No thanks.

[JohnnyComeLately]

No, you're not going to answer because you're an absolute idiot. Log in and post that dumb azz crap. Not to mention you had to see the dozens of other a$$ hats who posted the same stupid thing, but no you had to anonymously post exactly the same crap because....??? Fail. Go back to playing your PS2, and mom should have dinner ready in a few minutes. Try not to complain about the free food in your free house.

Re:Time-of-day restriction

[Ginger Unicorn]

or go even lower tech and just ask the sunday school teacher to turn it on and off

Re:Not sure I understand the point here

[Anonymous Coward]

You could still try to point him in the right direction, if someone asks for the way to the airport it isn't that important if you understand why he wants to leave town!

Admin

[Anonymous Coward]

Use enterprise WPA2 with keys. Give each client device a key. Charge $5 to provide a key. Church members who are donating will probably reduce their donation by $5 that month in order to pay for the key.

You can revoke keys individually.

Disclaimer: I don't know what I'm talking about, you might need expensive hotspots to do that, but for large building with more than one hotspot, you probably want special hotspots with decent handover as folk move from one hotspot to another.

That sounds like a great quick-get-the-job-done solution but here's the 'but': adminstration.

Most churches have an admin - one business admin. I don't know how to put it kindley so here's a prediction of what will happen based upon what I've observed with other things that these adminstrators do:

You will be constantly dealing with folks who's key doesn't work. Keys that still work when they shouldn't and a constant searching for keys.

It will be one cluster fuck.

Volunteer IT person?

They turnover fast: they have work projects that take all their time up, can't deal with church committees, they find mega paying jobs on another coast, etc .....

Re:It would be a miracle

[Anonymous Coward]

This thread makes me embarrassed to be an atheist...

Re:It would be a miracle

[Linzer]

Yup, the amount of atheist bigotry and unpleasantness here is incredible. Now in their defense, these people are probably Americans who endure a lot of religious bigotry in their daily lives. They are just trying to fight back, but this doesn't really help at all.

Re:It would be a miracle

[TheRaven64]

Seriously? Just because some religious people behave like dicks to people of different beliefs to them doesn't mean that you have to join in. He asked a technical question, the fact that it's related to a church is irrelevant.

Re:StackExchange

[Anonymous Coward]

I sure agree with you, it hurts to see how a good place to exchange information is slowly dying and becoming less and less worth our attention.

Yes, that happened ever since "I'm too lazy to Google it and perform basic research" turned into the exact same thing as "I really need a community of experts to offer me advice".

Not that Slashdot does anything but try to shut you up with a downmod for pointing it out ... but you know what the REAL difference is? If you really need a community of experts to offer advice it's because you are doing something new and interesting and unique. If you're doing what every hotel and coffee-shop across the country already does on a daily basis ... then it's time to stop being lazy and research it yourself.

Re:StackExchange

[Anonymous Coward]

You religious types are insane. You cause so much violence, you condemn people who don't believe the same as you, you brainwash the youth with your fairy tales, you try to hold back scientific progress and you're a bunch of money grubbing hypocrites. Religion is the cause of all of the major social problems in the world.

How dare you call anyone an idiot or a bigot? Fuck you, fuck your god and fuck your religion.

Hire someone!

[Monoman]

Just because churches operate as tax exempt non-profits doesn't mean they can't afford to pay someone to do the work. If your church doesn't have a member that is in the IT business (and willing to do the work for free) then hire a local tech company to set it up for you. Support the local nerd economy!

Re:Just turn it off

[webheaded]

No, he's saying that not only is it pointless, but that it makes things a pain in the ass. He's also pointing it out so that people don't have a false sense of security. This is all true. I used to hide mine but it made it more of a pain in the ass than it was worth. That's basically security theater. :p

Re:Catch-and-release?

[Foofoobar]

What's that?>/a> [wikipedia.org]

I think it's something like Pray for a man and you save him once. Teach him to pray for himself and you save him for a lifetime.

actually its more like 'pray for a man and he easily ignores you, brainwash a man and he will pray with you'

Re:StackExchange

[TheDarkMaster]

For the asker, maybe is something new and interesting. Not everyone knows how to proper configure wireless internet. And about Google, many times the Google results throws you exactly here or in some obscure forum, where the first response is "Search in the google, moron!". Interesting infinite loop problem.

Re:Just turn it off

[fermion]

There is no such thing as locking you house. Most lock can be picked easily, or a window can be broken, so don't do it.

One of my networks in a somewhat public place where the users have a high motivation to get online. Knowing that there is wireless is inherently insecure, i.e. tools are available for harvesting passwords and MAC addresses, turning off the SSID is simply another tool I use. To me it is a no brainer because it does not cause me any significant problems and many casual users don't know how to connect to a 'hidden' network even if they have the name. That is what 'turning off' the SSID does. It does not make the network invisible, it prevents computers from automatically connecting. It says that this is a closed network and we would appreciate it if you did not join in.

I have seen articles like this where somehow 'hiding' the SSID causes problems for roaming. From where I have seen these articles, I suspect this is an OS specific problem as I have never had this problem. All my equipment connects automatically to my networks unless there is a higher power open competing network. I believe this is a case where certain people do not know how to implement the solution, so they say the solution is bad.

To the matter at hand, closing the network may be part of the solution. Time based access control, in which user accounts that require on the fly credential, is another solution. This is where the user provides an email address, and logs onto the network by clicking on an email link agreeing to the terms and conditions. I would also back it up with sa white list that will prevent all proxy access and make the pipe much less valuable for casual users to crack.