(Note, the service that was hosting this post, CoverItLive, has been discontinued and is offline, so this post has no content any longer. Sorry! This was a fun day and I’m sad the record is gone!)

If a laptop user establishes a VPN connection to your corporate VPN server, and doesn’t use split tunneling (in other words, from the time they’re connected, all traffic goes through the VPN as its default gateway no matter what), assuming that you’re using a VPN client that verifies the identity of the server (rather than blindly trusting DNS, which is easily spoofable on a wireless network), the user moves from the realm of insecurity into a much more secure environment, similar to being plugged into your wired network at the office. Of course, then your office WAN connection has to support everything they do, including web browsing!

However, using a free or paid “VPN” service from a company that just turns your wireless connection into a VPN-enabled “wired” connection is only going to help thwart unencrypted wifi sniffing and other such attacks. Unless you also use SSL and other encryption technologies, those services are just giving you a wired internet connection just like your home connection rather than the easier-to-sniff unencrypted wireless. It’s better than nothing, but it’s not like an encrypted pipe into your own network.

Don’t discount unencrypted wireless attacks. It’s never happened to me, but if you hop over and read some of Security Monkey’s case files at you’ll discover that there’s a lot of bad stuff going on in the world on computers :-) Those case files are slightly modified true stories from this guy’s career! His old 2005-2007 podcast episodes are worth listening to for some cool security tips and tools as well, to digress for a moment!

I don’t have a good answer; VPN connections to the office make internet run very slowly unless you have the WAN bandwidth to support fast throughput to and from all your remote users including web browsing! But that’s a much more secure way to operate. The number of ways wireless can be hijacked, sniffed, spoofed, and hacked, especially if it’s unencrypted to begin with, is downright scary! At the very least use SSL with verified certificates for anything you do of any importance (or if passwords are transmitted) on an encrypted wireless connection. As an IT guy, I can tell you (or myself) whether a particular session (POP3, IMAP, RPC over HTTP, HTTPS, etc.) is happening over an encrypted connection or not and can be careful. However, the average user is, obviously, not going to know or even care necessarily if Outlook is using POP3 unencrypted or via SSL, or using RPC over HTTPS securely. And if they log into Gmail, they’re not likely to know that although their password is always encrypted on login, their email is transmitted in the clear unless they initiate the session using SSL from the start (using https://mail.google.com/ rather than http://mail.google.com)./ Even if their email contains passwords and confirmations for other accounts!

Stuart mentioned WiTopia on his comment to Tony’s original post. I’d never heard of them before, but I’ve seen similar services to their personalVPN product. That service appears to be, like I mentioned above, just a way to get a “wired quality” connection to the internet over unsecured wireless. An admirable service and a worthy goal even with its limitations, but what caught my eye even more was their SecureMyWifi service. It’s still a wireless service but it has to do with your own on-campus wireless access. It lets you move away from using WPA with a Pre-Shared Key (PSK), also known as WPA-Personal, and use their RADIUS services to authenticate users individually to your encrypted wireless access points. It seems a bit pricey (to me–it’s currently a $99 setup fee, $99/year for one access point, and $14.95/year for each additional access point), but we have the same thing set up using Microsoft’s free (built-in on Windows Server 2003) IAS RADIUS server in-house. If you aren’t familiar with how to set it all up, the WiTopia service could be quite beneficial! They charge per access point, but at Lakeview we have a centrally-managed access points system with one controller that takes care of authentication. I assume that the WiTopia service is based on unique RADIUS keys for each access point client; since the central controller (currently running 12 access points) acts as a single client, it should look like “one” access point to the service. Whether or not this is allowed with their terms of service I have no idea; we are not likely going to use the service since I already do this in-house for free, but I would recommend reading the terms and/or contacting them if you plan on doing something similar to remain in the spirit of their offering.

And thus 2007 comes to a close, with a not-so-subtle nod to HTML/XML closing tags. Which is fitting; I’ve spent a good chunk of time with the church websites this past quarter. The results aren’t public yet, but things are moving along. (There’s a poll to take at the end of this post, for good readers who make it to the end or bad ones who skip ahead ;-)

The past week and a half have been very relaxing. My in-laws came around Christmas, and are back through tomorrow. It’s been good to see them, and my son is enjoying getting to know them a little since they live 2.5 hours away, and his long-term memory isn’t all that great yet! He turned one last week, and immensely enjoyed his banana bread “cake,” some of the most sugar he’s been allowed to eat.

I’ve had less time to spend online than I’d planned, and the time I did spend was primarily reading, learning, and helping a friend get his website up and running (he used to be Lakeview’s Media Pastor, now he’s a professor and runs video production company Media 21 on the side). I also spent some time reading through WordPress core source code and Trac. I was able to submit two or three small patches that may or may not make it in some form into WordPress 2.4, coming out in January! I also updated most of my WordPress installs, including this blog, to version 2.3.2 within seven hours of it being released this past Saturday.

WordPress Babblings

Why the focus on WordPress? Well, I calculated recently, and I’m actually involved with (running myself or set up for work or family or friends) twelve WordPress installations right now! This blog runs forty WordPress Plugins, and some of those I use on the other installs as well! I’ve been having a lot of fun working with WordPress from the technical side, but this past semester, as I’ve mentioned, I had a Technical Writing class that pretty much took all of my writing creativity, resulting in my lowest monthly post count ever in December! I thought when the semester ended I’d be right back in the saddle here (and I managed a post or two), but it turns out I needed a break!

If you’re interested, here’s an approximation of what those twelve WordPress installations I mentioned are:

• This blog (1)
• My son’s blog (1)
• My wife’s blog (1) (now about obsessions and compulsions! Some of which I share, or at least strongly approve…)
• Pastor Nathan’s blog (1)
• Blogs of a missionary from Lakeview and a Director at the Indiana Assemblies of God District Office (2) (still somewhat in development)
• Two WordPress-as-Content Management System installs for Lakeview, not public yet (2)
• Media 21 website for Rob Price (1)
• An inactive install at one of my domains for testing (1)
• An old blog I ran for a while a few years ago (1) (Don’t you wish I’d give you a link? It’s not hard to find!)
• An unofficial blog for my homeowners association (not turned over to residents from the builder yet, can’t get enough people out to the meeting to vote! Hence blog!) (1)

That makes twelve! I may also get around to setting up an internal WordPress installation for our intranet, which is how I got started with WordPress for the church in the first place but of course, the intranet got stuck on the back burner!

I’ve promised in the past that I would post about the work I’ve been doing on the church websites and converting them to WordPress. As you can see, I’ve been doing a lot more with WordPress than just the church, and I’ve discovered a lot of tips, tricks, plugins, and all kinds of WordPress stuff, and a lot of general website stuff as well! I know some Church IT readers are interested in this kind of thing, as they are involved with or are responsible for their own church websites. Others probably don’t care in the least! I don’t want to overwhelm readers with WordPress and websites, but I’m curious how many of you are interested.

Why have I not written much about WordPress until now? Like I said, I haven’t been sure how many of you would be interested. Also, I kept finding new information so fast I didn’t have time to post the old. And I wanted to provide some context first; I want to start at the very beginning. (“…a very good place to start. When you read, you begin with A B C.” Oh wait, this isn’t the Sound of Music! :-) Anyway, I want to start at the beginning and describe the reasons for choosing WordPress, what the catalyst was for the project, what steps we’ve been taking, what’s changed as the project has continued (another reason not to post, things keep changing!), and then get to the meat like plugins and links and implementation. I haven’t had the time to fill in the high level stuff yet, so I’ve skipped jumping in in the middle! Another good reason to hold off is politics. Not the presidential election, as interesting as that may be to some, but a church website at a larger church has reach among many areas and departments, and while the sailing has been more smooth than I could have hoped for on a project of this size (really! I have awesome coworkers!), there are always bumps and friction when working with others and I don’t want to publicly vent or air dirty laundry.

End of the year…and more WordPress Babblings

This is the part where I say Happy New Year! And also where I ask you to vote for how much I should talk about WordPress and websites here in 2008:

(Poll coming here as soon as I get the darn plugin working correctly! Sorry!)
There should be a post tomorrow as well; as they say, when one tag closes, another opens! :-D

• Storage and backups
  • Mozy and MozyPro for offsite backup of some critical data (Shelby, Exchange) and is doing Shelby offsite backups on encrypted hard drives as well
  • SANs
  • NAS
• Email spam filtering
  • DefenderSoft is used by Lakeview Church, which is an MX Logic reseller
  • Symantec Barracuda in use by several churches
• Phone systems (VoIP vs. traditional) discussion I was not able to take notes on.
• Digital signage for internal church display
  • Jason Wilson (Indian Creek) mentioned that they are using Axis TV that lets them run an in-house TV network. The system is used to display announcements, splitting an LCD screen into multiple frames (a PowerPoint on one half and other feeds or announcements on the other half, like the auditorium feeds). Content can be assigned to individual areas so video can be targeted. It’s IP-based but feeds standard def RF to the TVs (HD capable but not doing it). Axis allows scheduling of upcoming events so announcements can be set up via it’s web-based administration area to display and turn off at particular times. Ballpark cost for the software is around $25k.
  • PowerPoint is being used by a couple of churches, including one church that pipes PowerPoint through EasyWorship.
• WiFi
  • Lakeview is doing public and private WiFi on separate SSIDs and separate VLANs throughout their building. Nomadix is being used to limit guest access with a well-known password, bandwidth limits, and content filtering via OpenDNS.
  • Seacoast is also doing WiFi through a separate public network at several of their locations.
• Network Monitoring
  • What’s up Gold is being used at COR
  • Nagios open source was mentioned by Matt Bradshaw from COR
• Websites and division of labor between IT and Communications
  • Mary Walton said it is difficult to get each pastor in different areas to create or update content for their website.
  • Steve Hewitt attending a church of 3,000 that is using a flash site that can’t be updated easily so they’ve had to create a separate site for their ministry area (as lay users).
  • Asbury United Methodist posts their sermons online
• Sermons online and podcasting
  • Most churches represented in this room that are doing online sermons are also posting the feed in iTunes.
  • Steve Hewitt said churches should make sure to post sermons with keywords and good descriptions in the titles, to make sure people around the world can find them rather than just using the date and church name for the system
• Email blasts
  • Room A asked about email blasting experience and options:
    • Steve Hewitt highly recommends Constant Contact for email blasts (50,000 addresses, 20 different groups) because they have relationships with AOL to get the emails through. Cost for his level of use is about $350 per month but it depends on the number of addresses.
    • Asbury uses ACS to blast out directly to 5,000 twice a week and hasn’t had any problems with blocking.
• We also dicsussed multi-site service streaming a bit but I was unable to capture notes on that.
• Mac integration
  • Asbury just got two Macs in their Communications department and they have had a lot of trouble integrating them.
  • Indian Creek hasn’t had a push to use Macs but they have some high-powered PCs.
  • COR does not backup the default storage on their Macs but they give them a UNC path they can store documents to be backed up. But they can’t integrate with Active Directory for free.
  • Lakeview integrates Mac OS X 10.4 with Active Directory using the Directory Access utility in Utilities. It does authentication including to (non-DFS) network shares but does not apply any policies. ADmitMac software supposedly can do a lot more including DFS operations but is expensive and Lakeview has not used or tried it.
• Patch management
  • Indian Creek is doing patch management through the Windows Software Update Server.
• User software testing
  • TotalTesting.com is recommended by Rod Cadenhead to test user’s ability to use Office products
• Service Planning and Music software
  • Lakeview uses PlanningCenterOnline.com to organize their weekend worship and music
  • A couple of churches use software called Music Manager
• Donations
  • Seacoast generally does not accept computer donations because they’re old and generally don’t work
  • Indian Creek takes donations and has a volunteer who eBays the items and the money goes back into the IT budget

Lunch time!