C3H+Hotspot

toc

Intro to C3H [|Hotspot]
//**This content is in need of an update - the Communications Committee Technical Subcommittee is working to do so! [2016-08-18]**//

Short Hotspot update 2016
//The C3H WiFi hotspot chart shown below is being updated in late 2016//. There are currently three open access points + one repeater for visitors:
 * "C3HSSID2" in the Meeting Hall/Sanctuary and Commons area
 * "C3HSSID3" in the Meeting Hall/Sanctuary and Commons area (this is for newer smartphones and laptops or tablets, 5Ghz)
 * "Community Church of Chapel Hill Network" in the Jones Building
 * A repeater of the "Community Church of Chapel Hill Network" in the Kirby Room

These WiFi hotspots require no password, however users should be warned NOT to exchange any sensitive information such as accessing password protected web sites or financial information while using these these non-secure links. It is preferable to take the additional step and use the following secure access points.

There are two Secure WiFi access points with the WiFi password of "c3hssid2" in the Meeting Hall/Sanctuary and Commons area:
 * "C3HSSID2-2.4G" - a "standard" WiFi 2.4ghz hotspot that is usable on any smartphone or laptop or tablet manufactured since 2005 that meets the IEEE 802.11g standard
 * "C3HSSID2-5G" - a faster, higher frequency, higher bandwidth hotspot usable on newer devices, mostly those manufactured after 2013

A portable WiFi hotspot that can be checked out for users of the Manse is undergoing testing.

The open and secure WiFi links in the Jones Building will be updated here after verifying more details.

Intro to C3H Hotspot [dated information being updated]
This C3H WiFi hotspots are very simple WiFi routers (for those who care: Cisco/Linksys N300 and Linksys WRT54GS), The initial setup included semi-public WiFi access points with these two separate WiFi routers setup with an unadvertised, private network identifier (SSID). After many complaints, church staff made the decision in 2012 to open up the access points and removing passwords for the public WiFi maintaining password restrictions on the staff only network.

Since that time, there are many members concerned about the security of using the public access points at C3HUU. In response, there are tests underway in late 2015 to add secure WiFi side-by-side with the open WiFi.

There is one WiFi router in the Jones Building ("telecommunications closet") and another WiFi router in the Meeting Hall Soundroom. Another C3HUU WiFi repeater has been setup in the Kirby Room in the Jones Building. As this was being setup, the Church Council stated (on 2008-02-26) that they would prefer to have some [|content filtering] in place for future C3H [|Hotspot] setup if this comes in for broader use. We link to OpenDNS to provide conent filtering and are planning other enhancements in 2016 including better documentation and a better firewall.

Using the open C3H Hotspots
//[this process is under construction to document the open "public" hotspots.]// The Open, Public hotspots are available on your WiFi application by selecting the "C3HSSID2" access point when in the Meeting Hall or Commons Area, or the "CCCH Public Network" or "CCCH Public Network Extender" in the Jones Building.

Using the secure C3H Hotspots
//[this process is no longer required as several access points were made "public". The Communications Committee is reviewing this and has requests to return these access points to "private" and include some content filtering via OpenDNS.]// > this is both the PASSWORD and the hotspot Network Name or SSID
 * 1) Look for the WiFi hotspot with "SSID" as part of the name in your PC/Mac/tablet, or smartphone. There is a hotspot C3HSSID2 in the Community Room and Meeting Hall and C3HSSID1 and for the Jones Building WiFi router.
 * 2) Enter the SSID as the password in your PC/Mac/Smartphone software.(it may be called "Network ID" instead of SSID in your software)
 * 3) NOTE: THE SSID IS ALL UPPER CASE (except for any numbers in it)
 * 1) Connect to the appropriate WiFi router using your PC/Mac/Smartphone software
 * 2) Connect to the Internet. Please note that you may be in full view of children at the church, so be careful and considerate when displaying content showing on your PC/Mac/Smartphone. We are working on [|content filtering] if there are complaints.
 * 3) For staff and members hosting meetings //[another access point/router is being tested for checkout]// to create an instant public hotspot

The two semi-public WiFi routers cover most of the church buildings and extend onto the inner courtyard; note that the Chapel Hill Cooperative Preschool (CHCP) maintains its own WiFi router, with an SSID of CHPC, and C3HUU maintains two private WiFi routers limited to remote administration. Both of these are secured with passwords that are private to CHCP and C3HUU respectively. Please do not connect to either of these (connection attempts can disrupt normal wireless traffic)!

At this time, the public C3H Hotspot routers have no password or passkey, the private ones do have a password so are more secure. The WiFi routers are currently setup with minimal security using the unadvertised SSID. Some WiFi capable PCs/Macs/Smartphones call the SSID a "Network ID" and require you to enter this SSID which is separate from any WiFi password or passkey. As this service is used more, we'll refine how it is setup and managed.

[|Content Filtering]
In order to do [|content filtering], the router must interact with another service called a proxy, or proxy server, which allows for filtering of the content passing through from an external web site. The proxy server then runs [|content filtering] software which can be setup to restrict access to certain types of web content and also require that any user setup a userid and authenticate whenever they are on th service. There is now a very simple way to add this filtering to the WiFi routers by setting the routers to use OpenDNS, the premier, and still free, content filtering service.

C3H WiFi Site Analysis

 * Network: each router is running Network Address Translation (NAT) and manages an isolated set of host addresses (DNS domain). There is no ability to connect to the other PCs or devices on the internal C3HUU Network from either of the semi-public C3HUU WiFi routers.
 * Security: the semi-public WiFi routers are setup with an unadvertised (hidden) SSID, but no passwords or passkeys. The two private WiFi routers are setup with secure passkeys, please do not attempt to use them.

The mapping of all WiFi access points at C3HUU is presented below. Any new installation of WiFi routers should include an update to this site WiFi access point plan. __Channel #__ || hidden SSID, no pwd or passkey OK to use ||= Sound Room ||= 1 || hidden SSID, no pwd or passkey OK to use ||= Telecommunications Closet ||= 6 || hidden SSID, encrypted passkey DO NOT USE ||= Telecommunications Closet ||= 9 || hidden SSID, encrypted passkey DO NOT USE ||= Telecommunications Closet ||= 11 || public SSID=CHPC, encrypted passkey DO NOT USE ||= Chapel Hill Coop Preschool Office ||= 1 || public SSID= encrypted passkey For C3HUU Staff only ||= Telecommunications Closet ||= ? ||
 * ~ __WiFi Router__ ||~ __Characteristics__ ||~ __Location__ ||~ __WiFi__
 * Cisco/Linksys N300 || Semi-public WiFi,
 * Netgear WG602 || Semi-public WiFi,
 * Linksys WRT54GS || Private Staff WiFi,
 * Netopia router || Private WiFi mgmt,
 * Netgear router || Private Staff WiFi,
 * Apple Air router || Private Staff WiFi

C3HUU Router
A new Cisco/Linksys N300 router had been set aside for "checkout", but when an older WiFi router failed which services the Commons area, the Cisco/Linksys N300 router was installed in its place.