Remote Desktop Connections and MLS

Discussions around using and interfacing with the Church MLS program.
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#21

Post by russellhltn »

mahoneyjn wrote:Your question does make me question the use of logmein.com which allows access to a computer remotely via the internet and does require the installation of software.

You may want to see this post. Note that using LogMeIn is placing the church's desktop in the hands of a third party since you're going though their servers rather then direct like you do for MS Remote Desktop.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
sammythesm
Member
Posts: 225
Joined: Tue Jan 05, 2010 2:50 pm
Location: Texas, United States
Contact:

#22

Post by sammythesm »

mahoneyjn wrote: I used to used to use logmein.com to access the ward computer from home and keep mls updated. It has stopped working for me though. I can access the computer and log in but the window where MLS should be when it is running is blank. I am wondering if anyone else has run into this?

I was able to fix this by going into my target computers device manager. From there I selected the display adapter and disabled the "LogMeIn Mirror Driver". After a reboot it worked great.

---

I will say that one benefit of remote desktop (RDP) over logmein is that RDP blanks the screen and locks the keyboard on the remote computer. So if, by chance, one of the 20,000 people who have a key to the clerk's office walks in while you are viewing privileged data remotely, it will not be exposed. logmein also has this functionality (you click a checkbox in the top ribbon of the screen after you've logged in) but it's not enabled by default.

Logmein is a reputable company with a great SLA. They don't store your machine's credentials. They still require you to input both the windows credentials and your MLS credentials as if you were personally at the computer. The clicks, keystrokes, and streaming images are exchanged using strong encryption SSL/TLS. There is more on their security whitepaper.

Arguing the inherent/historic insecurity of Windows XP or the wickedness of 3rd party service providers are both red herrings. You could use this logic to make arguments against Sophos, LANDesk, or any other church-licensed software - or even use it to argue that units shouldn't have computers at all.

I think technology should be used to enable people to do their callings in a secure environment. The technology industry has proven remote access can be done seriously and securely for many years. If it's requested by leadership, then I don't see an issue with providing it.

HOWEVER - as more MLS functionality moves to LDS.org, I suspect there will naturally be less desire for remote access to the unit computer, anyways.
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#23

Post by russellhltn »

sammythesm wrote:Arguing the inherent/historic insecurity of Windows XP or the wickedness of 3rd party service providers are both red herrings. You could use this logic to make arguments against Sophos, LANDesk, or any other church-licensed software
First, I'm not sure as any church data passes though their servers.

Secondly, we are required by policy to install them. The question here is obedience to policy.
sammythesm wrote:If it's requested by leadership, then I don't see an issue with providing it.

As long as you define "leadership" as including the Stake President's authorization, then I would have a hard time arguing that it's not a valid interpretation of policy (as currently revealed). Although I'd still have personal concerns about security.

I use a related service at work and I've seen a number of connection requests that seem to be hackers looking for some security hole. (Perhaps weak passwords).
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
jdlessley
Community Moderators
Posts: 9861
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#24

Post by jdlessley »

sammythesm wrote:Arguing the inherent/historic insecurity of Windows XP or the wickedness of 3rd party service providers are both red herrings. You could use this logic to make arguments against Sophos, LANDesk, or any other church-licensed software - or even use it to argue that units shouldn't have computers at all.
We are not here to argue anything for or against Windows XP or 3rd party service providers. But I can confirm from personal experience and testing that Windows XP is vulnerable to compromise on a workgroup network. If administrative computers are setup for networking without closing all the default settings that make it vulnerable it is quite easy to gain access. For those meetinghouses with wireless on the same network the exposure to potential intruders is significant. If Windows XP is properly managed it can be secure.

Administrative computers had been isolated from intrusion prior to being connected to the Internet. Without IT professionals or those similarly familiar with setting up the network these computers are definitely at risk from intrusion. It is for this reason I and many others do not advocate networking administrative computers. Too many of those called to the position of STS are not familiar with networking sufficiently to maintain the security required by the Church for the sensitive data maintained on the administrative computer. And there are those who are not the STS taking it upon themselves to reconfigure the administrative computers and networks without abiding by Church policies and procedures. Only the STS with approval from the stake president should be making configuration changes.
sammythesm wrote:I think technology should be used to enable people to do their callings in a secure environment.
We are in favor of that also. We just need to be certain that sensitive data is truly secure and that we are not just deceiving ourselves into believing that it is just to provide a convenience to ourselves.
sammythesm wrote:The technology industry has proven remote access can be done seriously and securely for many years.
We also agree with this. Simply to state that it is possible does not make it so without considering the entire environment for which it is to be used. Even when it is technologically possible to accomplish what we want we must also adhere to Church policies and procedures. Those who set those policies and procedures are more familiar with more than just the technical issues that must be considered.
sammythesm wrote:If it's requested by leadership, then I don't see an issue with providing it.
I am in favor of providing what is request but only when all the issues (pros and cons) as well as Church policies and procedures are made known to those leaders.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Locked

Return to “MLS Support, Help, and Feedback”