jltware wrote:So far as I can determine, the hardware firewall and router are all locked in boxes that even the stake president's master key doesn't open (apparently physical facilities are the only ones able to access this)...
This appears to be a local policy since that is not the way it is throughout the Church. In order for the stake technology specialist to perform his duties as outlined in the Church Handbook of Instructions, Book 1, 2006
, page 141, having access to the firewall and router is sometimes necessary.
jltware wrote:[T]he hardware firewall and router are all locked in boxes ... and we dont have access to the passwords to log onto them.
The Church provided security device (firewall and router) is managed by Church headquarters to ensure uniform and standardized configurations as well as to ensure supportablility and maintainablility of a system that can easily overwhelm the technical capabilities of members called to manage these systems. Just read the number of threads and posts from brethren called as stake technology specialists trying to understand setting up a local network. As Alan_Brown has pointed out the stake technology specialist can still configure the network security device by contacting the global service center and working with a technician.
jltware wrote:And the version of symantec firewall that came preinstalled on all our computers has all the configuration programs deleted and the options for even basic port forwarding blocked out.
Symantec firewall has nothing to do with accessability to the Windows control panel console applets or any similar restrictions to user interfaces of the operating system. Church headquarters used the features of Windows XP's configuration management to make those operating system modifications. They are still available to anyone who has the knowledge to access them or make any other operating system configuration changes. In these forums we do not advocate circumventing the operating system changes that have been put in place to protect the confidential material available on these systems.
jltware wrote:Short of deleting the firewall and starting over with a different security program, how can you configure the firewall[?] Has anyone successfully bypassed this problem.
We do not advocate bypassing security put in place by Church headquarters. Posting any such procedures, work-arounds, or hacks is a violation of the Code of Conduc
t of these forums. We should address issues to the Church IT people for resolution when necessary.
jltware wrote:Does anyone know why the computers are set up this way in apparent disregard for the above quoted policy[?]
To what policy are you referring? We have discussed the use of the remote access capabilities in other threads. The reference to remote access is quite dated and is well back in time before the [url=http://www.lds.org/Static%20Files/PDF/STS/Letters/English/06809_000_notice.pdf]11 February 2008 authorization to connect ward clerk computers to the Internet[/url]. As technology use within the Church changes so do the policies. For some, those policy changes do not appear in a timely manner. Until the issues discussed in this thread and others are resolved we must adhere to the policies in effect.
jltware wrote:BTW, on the above post that quoted it being against church policy to connect any mls computer to the internet, that policy is very outdated now, and any mls computer can be connected to the internet as long as it is done under the stake president's direction and securely. This change was made under the direction of the presiding bishopric some time ago.
Please note that this thread is quite old in itself. It wasn't until user chadke resurrected it that it came to life again. The quote was the policy in effect at the time.