Safe Public wifi in Churches

Public wifi from church premises
When it comes to Safeguarding one area of protection and care that the church should not overlook is if it offers wifi facilities for the public from church premises.

There are good reasons why such provision can be positive and helpful. Increasingly the Church seeks to engage with the community around it by offering the church premises for a wider variety of uses. Using the premises for things such as conferences and training, are more attractive if providing an online facility, especially if your church premises have little or no 3G mobile phone broadband signal. Offering public wifi at a church raises two particular challenges: controlling who has access and controlling the content public users might use.

Controlling who has accessProviding wifi in a public arena, such as church premises, must be understood as fundamentally different from a domestic wifi scenario. One reason for this is that offering wifi safely to occasional/infrequent unknown users requires security approaches that are not needed in the domestic situation. A fixed wifi password which must be revealed to the wifi user, if distributed widely, leaves the wifi facility totally open to misuse and abuse. However systems which can give some level of control to the free wifi access must not be so complex that they become unattractive to either use, or administrate.

Controlling the contentPublic wifi access is attractive to rogue internet users who might like to either download, or upload, illegal, illicit and pornogrpahic content. Assuming such a user makes an internet connection with their own wifi device, once they have disconnected and removed themselves from the physical location of the wifi hotspot, their is no way to trace who that person was. With the wireless connection often being detectable from the street they don’t even have to be on the premises to do such things, just walk by or pull up in a car.

For every problem there are solutions and there are software and hardware tools which can, and I suggest should, be deployed by churches to ensure that the abuse and misuse of Church wifi facilities is minimised as much as possible, this is not least for their own protection; there are serious legal and criminal ramifications of certain types of internet traffic being passed through a church broadband connection.
Controlling accessTo control who can use the wifi a system which uses timed vouchers is a reasonable solution. Firstly such systems require users to present themselves to someone inhouse to obtain the voucher, which can be limited to only work for (eg) 4 hours. Each user voucher uses a code or password which is unique, not generic. After the time expires connections can’t be made.
Controlling content – To ensure that inappropriate material is not passed through the Church broadband connection a content filtering system should be deployed. Although such systems require some management, they are essential to try and block and filter inappropriate internet traffic of guest users, especially if they are children or young people.
Deploying such a solution?
Such systems typically work by replacing the broadband router provided by the ISP with something more sophisticated. Such approaches need not be prohibitively expensive, especially if there are local people who can help with the setup and administration of the systems.
Some very worthwhile solutions which use free (opensource) software, can be deployed with a specialised routers/firewall. pfSense is an excellent example of an opensource solution  which can provide all of the above; it provides many professional features. Although such software is free to download and use it will need to be run on a dedicated PC. Ideally special PC hardware which has a very low power requirement is used. Such hardware can cost less than £200; if that breaks the budget pfsense can be run on a redundant PC which might cost next to nothing. Some basic content filtering can be deployed using such a router.
Other considerations?
Do you have an extensive building, or thick walls within the premises? If so one wifi access point (AP) might not cover all the site; additional APs will be required. pfSense and solutions like it use a ‘firewall’ which provides robust security between the wifi and other parts of the network, eg the church office. pfSense also has the ability to setup two (or more) wifi networks, one for trusted ‘in house’ connections and one for ‘public’ users. Separating these networks helps maintain network security; it does though add to the complexity of the setup. Carefully chosen AP hardware can broadcast both networks simultaneously, saving on hardware and power costs.

If you’d like to know more about deploying such systems post a comment or you contact me at: mark.pengelly AT