The Expectation: Robust, “All-the-time” Internet Access
Today, people have an expectation of always-on connectivity and anytime access to Internet resources for information, banking, shopping, research, entertainment, social interaction, reading, communicating and so much more. They can get angry and frustrated when they cannot get online—even when flying in an airplane or traveling in fairly remote areas. Like it or not, (and there is some debate on this issue,) this is the state of technology and the world today. And this very real expectation extends to church. People will likely be frustrated and annoyed if they cannot get good Internet access while visiting your church campus for services and events.
The wireless carriers will not necessarily solve this problem for you! Despite their extravagant and often-misleading claims for comprehensive coverage, the wireless carriers’ actual delivery on their promises often leaves their customers far less than satisfied. (Nope, we CAN’T hear you now.) Mobile connectivity in many church environments is inadequate at best. So, if there is an expectation of connectivity, and if the wireless providers cannot be counted upon to deliver what a church’s members and guests expect, what is the church to do?
If the church is intent upon meeting the expectation of its members and guests for mobile connectivity, it must provide safe, secure and robust Wi-Fi access. This is not even a conscious expectation in the mind of most average church members—it’s just there. Wi-Fi is no longer thought of as an “optional item” or a “nice to have.” Most now consider it unconsciously as a utility on the order of electricity, air conditioning and plumbing.
Basic Wi-Fi Considerations for Churches
When it comes to Wi-Fi, there is no one-size fits all solution. The church must custom- design and plan its technology infrastructure carefully to ensure that it can provide effective coverage throughout its facilities, to all of the various groups who need access, e.g. staff, public/guests, students, etc. As with anything related to technology
investment, ministry philosophy and process must drive the specifics of any Wi-Fi effort. Wi-Fi technology has evolved, and, if properly configured, now operates nearly as fast as wired speeds. Any solution a church implements should be capable of upgrading via software so that it can continue to serve the church effectively and securely for years to come.
Coverage and speed will be affected by architecture, building materials, and other competing electronic equipment, facilities controls, etc. What works in a home or coffee shop isn’t fast enough, secure enough, or reliable enough to meet the demands of a church environment. Very few environments experience the huge spikes in demand that are characteristic of a church. During the week it is used by a modest staff size, and then on certain days at varying times, hundreds or thousands of devices simultaneously descend upon the wireless environment during church service or conferences/events.
Recommendations for a Secure Network
- 802.1X RADIUS authentication
Enable recommends implementing private wireless networks utilizing 802.1X RADIUS authentication. This technology allows client devices to be connected using a person’s existing network credentials and eliminates the need for an unsecure pre-shared key. 802.1X authentication helps mitigate many of the risks involved in using the WEP protocol, which is more geared for home use. For example, one of the biggest problems with WEP is the long life of pre-shared keys and the fact that they are shared among many users and are well known. With 802.1X, each station could have a unique WEP key for every session. The Authenticator (Wireless Access Point) could also choose to change the WEP key very frequently, such as once every 10 minutes or every 1000 frames. 802.1X gives the informed network manager the potential to design and implement a more secure WLAN.
- Scalable, Separated Guest Network
Enable Ministry Partners recommends implementing a scalable guest network with capabilities to secure each device with client isolation. Client isolation prevents any single client device from communicating with any other device on the same guest network. This ensures that all communications in transit from a client device are protected and private.
- UTM Firewall Integration
An enterprise wireless solution should be paired with a UTM firewall solution. Effective UTM firewall solutions include features such as gateway anti-virus, anti-spyware, intrusion prevention, application control and intelligence, and geo-IP filtering. Additionally, your UTM firewall solution should include custom content filtering. This will enable you to configure your various wireless networks, e.g. staff, guests, students with their own specific access and security policies.
A Checklist for Enterprise Wi-Fi
- Capability to broadcast multiple Wi-Fi networks within your environment (Ex. staff, guests, students)
- Capability to integrate secure networks with single sign-on mechanism (Active Directory)
- Unique pre-shared passwords for each device joining guest networks
- Capacity for all connected devices, e.g phones, tablets, computers, etc.
- Coverage throughout your entire campus
- Scalability – capacity to deal with a campus expansion or additional location or site
- UTM firewall solution
- Vendor support (future bug fixes, security patches, feature upgrades)
Written by: Cody Baird, Senior Engineer, Enable Ministry Partners