MLS remote access

So you have the BIG idea that the Church or community needs to develop. Discuss that idea here. Maybe you just want to make a suggestion on a new forum topic. Let us know.
rmrichesjr
Community Moderators
Posts: 2526
Joined: Thu Jan 25, 2007 11:32 am
Location: Dundee, Oregon, USA

Postby rmrichesjr » Tue Oct 07, 2008 9:18 pm

Ivan wrote:I'm not sure that I've seen this policy - could you please reference this statement. Any remote access program, not just GoToMyPC, would require the computer to be left on. Most business, I would venture to say, do leave at least their main servers turned on. MLS is still password protected, and the door to the clerk's office should be locked and only accessible to those who have permission. Furthermore, at least with GoToMyPC, one can blank the host screen and lock the host computer keyboard and mouse, preventing any unauthorized use or observance from occuring while remotely connected. I'm not a computer expert, but I simply don't understand the resistance to remote access.


(... just my opinion, not necessarily that of any other person or organization ...)

Remote access to MLS would be marvelously great!!! However, I suspect we're more likely to see access to the central Church systems, like a cross between LUWS and MLS, long before we would see generally accepted remote access to the meetinghouse clerks office computers.

Leaving the computer running in the building would increase the risk of building fire.

More importantly, if I understand correctly, it would leave the computer accessible over the internet. Given the demonstrated security weakness of the operating system involved, that would be one very scary proposition! The anti-LDS crowd and a lot of other black hats would go nuts over remote access to MLS. If several thousand meetinghouse office computers were remotely accessible, intrusions would happen very frequently. Even if the operating system were secure, passwords would be cracked with regularity.

(... just my opinion ...)

User avatar
Mikerowaved
Community Moderators
Posts: 4008
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Tue Oct 07, 2008 11:15 pm

Has anyone tried remote access to an admin PC? I ask because I doubt very much the Cisco firewall will keep the necessary ports open for you to make any kind of outside contact.
So we can better help you, please edit your Profile to include your general location.

russellhltn
Community Administrator
Posts: 29332
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Oct 08, 2008 1:53 am

Mikerowaved wrote:Has anyone tried remote access to an admin PC? I ask because I doubt very much the Cisco firewall will keep the necessary ports open for you to make any kind of outside contact.


I believe that GoToMyPC works on a different principle - the computer "calls out" to to GoToMyPC server and connection is made that way. Since most firewalls do not block outgoing communication, it usually works without having to configure any router in the system.

Policy and Guidelines for Computers Used by Clerks for Church Record Keeping mentions remote access "for diagnostic purposes". Since the subject has been addressed, I think it's a safe assumption that other uses of remote access are at best highly questionable.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.

Ivan-p40
New Member
Posts: 17
Joined: Sun Jul 06, 2008 11:03 pm
Location: Sweet Home, OR

Postby Ivan-p40 » Wed Oct 08, 2008 7:06 am

I still haven't found any statement discussing the "always on" concern. Found statistics on computer related fires - 360 over a 4 year period - you probably have better odds winning the lottery (and that study didn't appear to separate laptops out).

This Policy and Guidelines letter referenced below was written more than 4 years ago. I don't think that we can interpret it's statement about remote access as anything but open ended. The statement that "some stakes use remote access for diagnostic purposes" is simply an observation, not an implied approval or disapproval of that usage or any other remote access usage. As I read it, the church is indifferent to the subject, other than being sure the data remains secure. Remote access is much more prevalent today, and I believe, much more secure.

Just some of my additional thoughts and opinions. :) Ivan

RussellHltn wrote:I believe that GoToMyPC works on a different principle - the computer "calls out" to to GoToMyPC server and connection is made that way. Since most firewalls do not block outgoing communication, it usually works without having to configure any router in the system.

Policy and Guidelines for Computers Used by Clerks for Church Record Keeping mentions remote access "for diagnostic purposes". Since the subject has been addressed, I think it's a safe assumption that other uses of remote access are at best highly questionable.

splassle
New Member
Posts: 16
Joined: Wed Oct 08, 2008 6:51 am
Location: Rapid City, South Dakota
Contact:

MLS remote access

Postby splassle » Wed Oct 08, 2008 7:14 am

FYI. The Cisco Pix can be configured to block any number of ports going in and out. Most of the traffic going out uses 80 and 443. So if the communication is done other than that it would most likely not go through. Plus according to the guidelines the Stake President can state how tight he would like the security to be, and what to allow.

the other thing to think about is that the Church uses the Cisco VPN for remote access. If we would ever be allowed to use remote access in the Clerks computers it would be only through a VPN that is managed by the Church. And I do not foresee this happening.

But I would agree that access to MLS remotely would be nice. And for that to happen I think it would only be via a secure connection to a dummy down version of MLS via the church web site. But if one were to do that, there would have to be a locked put on the unit so no one can access it at the Church Building, and once it has been edited, you would have to make sure that the one did a send receive before using MLS agan.

jeffclark1070-p40
New Member
Posts: 22
Joined: Sun Mar 16, 2008 8:40 pm
Location: Antioch, CA 94531

Remote Access

Postby jeffclark1070-p40 » Wed Oct 08, 2008 7:43 am

I think that this would be a great idea however I believe that there are security risks. The first is being able to access confidential information at home. A spouse or someone else could see information over one's shoulder that they shouldn't. There is a reason the computer is behind a locked door in the chapel. I am all for requesting records and updating HT and VT reports.

jdlessley
Community Moderators
Posts: 8150
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Oct 08, 2008 9:45 am

To me the [url=http://www.lds.org/Static%20Files/PDF/STS/Troubleshooting%20PDFs/00262_000_Mar05_notice[2].pdf]Policy and Guidelines for Computers Used by Clerks for Church Record Keeping[/url]prohibits remote access. In the section titled 'Internet and Online Networks' it says:
Church computers used for membership and financial record keeping are normally not connected to the Internet or any other network or bulletin board (unless MLS is used on a computer in a Family History Center). Local leaders are notified by the proper authority when the Internet is to be used for Church purposes. Special equipment is then provided.
Connecting remotely is creating a network. The words 'normally not' and the contextual information of the document indicate that further direction from the Church would be provided for the exceptions. Of course the exception to connecting to the Internet has been provided. We have not been given the exception to networking these computers.

Additionally, the section titled 'Security' reads:
Information stored on computers concerning members, donations, and financial transactions is confidential and should be protected from unauthorized disclosure. Computers should be located in secure areas where bishopric members and ward clerks can work with and print this confidential data in private.
To access MLS remotely where others can view confidential information either 'over the shoulder' (Already addressed by others in this thread.) or by other means opened by the remote connectivity would not meet the security needs for this data. Over the shoulder viewing of data, to me, is not so much of the issue because providing guidance and setting policy can remedy that aspect of disclosure. It is opening the doors to accessing the database that needs attention. That could be solved by hardware and software. It is the member's end of the network for remote access that causes the problem. And that is the aspect of remote access the Church cannot control.

Once the Church can adequately address the issue of confidential data security when connecting remotely to computers running the MLS database then I think the approval will be forthcoming just as we have seen for the internet.

--- My humble observation of the situation.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center?

User avatar
johnshaw
Senior Member
Posts: 2163
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Black Box Development

Postby johnshaw » Wed Oct 08, 2008 12:03 pm

During the online tech broadcast there were some new 'black box' solutions being developed and would soon be available that address mostly issues relating to distance. Video conferences etc were going to be available for Stakes particularly to deal with the issues of distance for PPI's meetings, etc...

Wouldn't an additional need along those lines be a secure ability to remotely do the work that is currently performed in the clerk's office. Currently I drive about 1/2 hour out of my way, and spend an hour several times a week before work (4:30 - 5:30 am) rather than take time away from my young family at night.

I would prefer to have the luxury of working from home where I could avoid the extra drive, plus I could sign off anytime to be with the kids, and easily get back on to finish what I was working on.

User avatar
marianomarini
Senior Member
Posts: 619
Joined: Sat Jan 19, 2008 3:13 am
Location: Vicenza. Italy

Postby marianomarini » Sat Oct 11, 2008 2:47 am

jshawut wrote:I would prefer to have the luxury of working from home where I could avoid the extra drive, plus I could sign off anytime to be with the kids, and easily get back on to finish what I was working on.

I think this is the real goal.
We can go into phylosophical discussion about "security" and realize soon that informationt "printed in a secure place" doesn't mean "they are safefor ever".
When information reach the paper are they stored in a ket-lock bag? Readed in a safe place? Never let over the house desktop, and so on?
We are Latter-day Saint. We face Latter-Day challenge. I think this is one of them.
Reduce time and gasoline for useless purpose a find out a way to mantain, or encrease, privacy, this a worth of win challenge.
If remote access will be granted, we need a new way to enable it.
I think that the "priesthood keys" principle will works fine!
La vita è una lezione interminabile di umiltà (Anonimo).
Life is a endless lesson of humility (Anonimous).

Ivan-p40
New Member
Posts: 17
Joined: Sun Jul 06, 2008 11:03 pm
Location: Sweet Home, OR

Postby Ivan-p40 » Sun Oct 12, 2008 1:52 pm

Lest anyone misunderstand me, I do truly appreciate the opportunity on this board to discuss this topic. I gain much appreciation and additional understanding. I think we can summarize this thread with two points, 1) yes, we all would like remote access, in order to increase our flexibility of time usage, and reduce fuel costs, and 2) the security of remote access is very much a real concern that the church does not have a satisfactory solution for yet.

It would be my hope that some type of remote access could be applied in the near future.

And I should add a compliment to the tech department - they are very quick to act. Just two weeks ago, I was sitting in the stake office completing my reports and minutes and sending emails to high councilors and bishops on my home computer using gotomypc.com. I really enjoyed this new capability. Today, I found that this website is now blocked by the firewall. We had a good chuckle that this thread probably had something to do with that. :)


Return to “Ideas & Suggestions”

Who is online

Users browsing this forum: No registered users and 1 guest