Page 1 of 2

What do you want to learn about Clerk PC Security?

Posted: Tue Jan 31, 2012 4:06 pm
by scotthamilton57
We are currently planning a live online training about security with Clerk PCs. We want the experience to be a positive one and are asking for your help to make it as useful as possible! Please post whatever questions you have on this thread so we can integrate those topics in the webinar!


[color=black]Topics for the Training
[/color]
[color=#1F497D]Desktop Security Sophos anti-virus/firewall
[/color] [color=#1F497D]Desktop and Laptop hardware.
[/color][color=#1F497D] -Warranty/service
[/color][color=#1F497D] -Disposal
[/color][color=#1F497D]-Establishing hardware standards
[/color] [color=#1F497D]LANDesk/TEM
[/color] [color=#1F497D]Computer renaming (small project)
[/color] [color=#1F497D][font="]Desktop software like open office. (MLS is not included)[/font][/color]

All the best

Posted: Tue Jan 31, 2012 4:12 pm
by russellhltn
Who is this aimed at? The clerk or the STS? Or both?

As as STS, how can I prevent the clerk from connecting his own Internet connection to the ward computer? I have one ward clerk who connected a WiFi "dongle" and by using his phone as a hotspot gets connection to the Internet. I'm still waiting on the FM group to run the wires so I can give them broadband.

Posted: Tue Jan 31, 2012 4:16 pm
by aebrown
There are many longstanding security issues, so I for one welcome the opportunity to share these with someone who clearly has a listening ear!

My first set of questions is focused on the clerk PC itself:

  • Although MLS theoretically has been able to run on a non-administrator account since version 3.0, we have received no instructions as to how to do that. Can it really be done (including software updates)?
  • Are there any plans to allow MLS to run under different user accounts?
  • Can we at least change the password on the standard account?
  • What is the policy on allowing exceptions in the Sophos Firewall for specific applications? Can the local Stake Technology Specialist make those changes?
  • Many stakes have multi-function printers that have a scanning capability, but the default configuration for clerk PCs doesn't allow scanned files to be saved. Can we make changes to allow that to work? Are there risks in doing that? Should there be standard instructions and/or configuration changes to allow this?

Posted: Tue Jan 31, 2012 4:17 pm
by aebrown
scotthamilton57 wrote:We are currently planning a live online training about security with Clerk PCs. We want the experience to be a positive one and are asking for your help to make it as useful as possible! Please post whatever questions you have on this thread so we can integrate those topics in the webinar!


What is the scope of this question? Is it just clerk PCs themselves, or is the topic of networking included as well?

Posted: Tue Jan 31, 2012 4:22 pm
by lajackson
Question 1.

Is there an official communication channel? What is it? If there is more than one official channel, what are they?

We will be more successful out here in the hinterlands if ALL of the official communication channels could be identified. That way we will plan to expend the effort to monitor all of them and will not miss important changes that now come down the line through various seemingly random paths in a hit or miss fashion.

Or better yet, if there is one official channel, we will carefully monitor it and not worry about things we hear out on the grapevine.

Question 2.

If there is more than one official channel, and they give differing "official" instructions, which one takes priority?

Bonus points for quoting and addressing 1 Cor. 14:8 during the training. [grin]

Posted: Wed Feb 01, 2012 8:57 am
by scotthamilton57
RussellHltn wrote:Who is this aimed at? The clerk or the STS? Or both?


The main aim is on the STSs.

Posted: Wed Feb 01, 2012 9:21 am
by scotthamilton57
aebrown wrote:What is the scope of this question? Is it just clerk PCs themselves, or is the topic of networking included as well?

[color=black]Networking will actually be addressed at another time. The topics for this training will be...
[/color][color=#1F497D][color=black]Desktop Security Sophos anti-virus/firewall[/color]
[/color] [color=#1F497D]Desktop and Laptop hardware.
[/color][color=#1F497D] -Warranty/service
[/color][color=#1F497D] -Disposal
[/color][color=#1F497D]-Establishing hardware standards
[/color] [color=#1F497D]LANDesk/TEM
[/color] [color=#1F497D]Computer renaming (small project)
[/color] [color=#1F497D][font="]Desktop software like open office. (MLS is not included)

[color=black]But if you have an important question related to one of these topics, please feel free to post them!

[/font][/color][/color]

Posted: Wed Feb 01, 2012 11:47 am
by aebrown
Windows Updates:

  • Is it prohibited, allowed, recommended, or required to turn on Windows Updates on clerk PCs?
  • Will the OS and other applications (specifically, Internet Explorer) be updated by LANDesk (or its replacement)?
  • Does the answer to the above depend on whether the clerk PC is on dial-up vs. a broadband Internet connection?

Posted: Wed Feb 01, 2012 2:53 pm
by rbeede
Should a desktop have a security cable locking it to the desk to prevent theft?

If a computer is stolen what are the procedures for reporting the loss? Will church headquarters be responsible for complying with data theft notification laws to the members or the stake/ward?

Are there future plans to encrypt the entire hard drive to prevent confidential data exposure in the event of theft?

Posted: Wed Feb 01, 2012 3:03 pm
by aebrown
rbeede wrote:If a computer is stolen what are the procedures for reporting the loss?


That particular question is clearly answered in Policies and Guidelines for Computers Used by Clerks for Church Record Keeping: "If a computer or printer is stolen or vandalized, the stake physical facilities representative should contact the FM group immediately." I assume the FM group will then either take responsibility for followup or tell the stake what to do.