Monthly Archives: May 2014

charity software – methodist charities

In summer 2013 I realised that the free ‘google apps non-profits‘, after much UK lobbying for many years, is now available for UK Registered Charities. This is a great offer, for the facility it provides, costs serious money for businesses. I have successfully applied for and set this up for our Methodist Circuit. If you have dreams of using ICT effectively in your Circuit or Church and want to know what it can do, message me. In a nutshell it’s key features are: secure document/creation and  sharing; shared calendars for colleagues and (potentially) a common address book (this needs work to make happen which I haven’t been able to achieve yet); a shared Circuit-wide addressbook for email and directory creation has always been a bit of a holy grail for me! Got this sorted already – for free?? Let me know how!

Just recently I’ve investigated TT-Exchange, which offers donated software from several noteworthy firms, including microsoft, to UK Charities. Yesterday it was confirmed that our Circuit does qualify for some, if not all of the software, but importantly it includes the MS stuff. I think this means for an ‘administration donation’ we can get licences for Windows 8 OS for about £5, and Office 2013 Standard for £15. I will confirm in the future if this is true!

Safe Public wifi in Churches

Public wifi from church premises
When it comes to Safeguarding one area of protection and care that the church should not overlook is if it offers wifi facilities for the public from church premises.

There are good reasons why such provision can be positive and helpful. Increasingly the Church seeks to engage with the community around it by offering the church premises for a wider variety of uses. Using the premises for things such as conferences and training, are more attractive if providing an online facility, especially if your church premises have little or no 3G mobile phone broadband signal. Offering public wifi at a church raises two particular challenges: controlling who has access and controlling the content public users might use.

Controlling who has accessProviding wifi in a public arena, such as church premises, must be understood as fundamentally different from a domestic wifi scenario. One reason for this is that offering wifi safely to occasional/infrequent unknown users requires security approaches that are not needed in the domestic situation. A fixed wifi password which must be revealed to the wifi user, if distributed widely, leaves the wifi facility totally open to misuse and abuse. However systems which can give some level of control to the free wifi access must not be so complex that they become unattractive to either use, or administrate.

Controlling the contentPublic wifi access is attractive to rogue internet users who might like to either download, or upload, illegal, illicit and pornogrpahic content. Assuming such a user makes an internet connection with their own wifi device, once they have disconnected and removed themselves from the physical location of the wifi hotspot, their is no way to trace who that person was. With the wireless connection often being detectable from the street they don’t even have to be on the premises to do such things, just walk by or pull up in a car.

For every problem there are solutions and there are software and hardware tools which can, and I suggest should, be deployed by churches to ensure that the abuse and misuse of Church wifi facilities is minimised as much as possible, this is not least for their own protection; there are serious legal and criminal ramifications of certain types of internet traffic being passed through a church broadband connection.
Controlling accessTo control who can use the wifi a system which uses timed vouchers is a reasonable solution. Firstly such systems require users to present themselves to someone inhouse to obtain the voucher, which can be limited to only work for (eg) 4 hours. Each user voucher uses a code or password which is unique, not generic. After the time expires connections can’t be made.
Controlling content – To ensure that inappropriate material is not passed through the Church broadband connection a content filtering system should be deployed. Although such systems require some management, they are essential to try and block and filter inappropriate internet traffic of guest users, especially if they are children or young people.
Deploying such a solution?
Such systems typically work by replacing the broadband router provided by the ISP with something more sophisticated. Such approaches need not be prohibitively expensive, especially if there are local people who can help with the setup and administration of the systems.
Some very worthwhile solutions which use free (opensource) software, can be deployed with a specialised routers/firewall. pfSense is an excellent example of an opensource solution  which can provide all of the above; it provides many professional features. Although such software is free to download and use it will need to be run on a dedicated PC. Ideally special PC hardware which has a very low power requirement is used. Such hardware can cost less than £200; if that breaks the budget pfsense can be run on a redundant PC which might cost next to nothing. Some basic content filtering can be deployed using such a router.
Other considerations?
Do you have an extensive building, or thick walls within the premises? If so one wifi access point (AP) might not cover all the site; additional APs will be required. pfSense and solutions like it use a ‘firewall’ which provides robust security between the wifi and other parts of the network, eg the church office. pfSense also has the ability to setup two (or more) wifi networks, one for trusted ‘in house’ connections and one for ‘public’ users. Separating these networks helps maintain network security; it does though add to the complexity of the setup. Carefully chosen AP hardware can broadcast both networks simultaneously, saving on hardware and power costs.

If you’d like to know more about deploying such systems post a comment or you contact me at: mark.pengelly AT