donaldbrooksby wrote:Ah yes, I cannot get into any ward's MLS, but I can get to their backup documents and bring them over to mine. I don't do that, but I have logged in to show other wards that just because they have something on their computer doesn't mean it is safe.
I don't understand what you are saying. Are you talking about MLS backups or working files from other programs that have been backed up? MLS backups are of no use without usernames and passwords. If you are talking about working files or backups of those working files there should be little concern if Church policies and procedures for confidential data are followed. If policies and procedures are not followed then you are correct that they are putting sensitive information at risk. But that is a result of their failure to follow policy and procedure and not the lack of security on the computer.
donaldbrooksby wrote:Perhaps we were instructed differently, but MLS drops the backup to the Hard drive, and copies are made to USB for off-site storage. Perhaps the info needs to be given to my STS to not instruct others to do that.
MLS will create backups anywhere you designate. The automatic backups are created on the hard drive. Off-site storage of MLS backups is required by policy (See Handbook 1: Stake Presidents and Bishops [2010], 13.3.3, 13.8-13.9). Your STS has provided the correct instruction.
donaldbrooksby wrote:But even with that, under the generic login, all people who have access to that computer also has access to that file.
To which file are you referring? If you are talking about the MLS backup file you are correct. They do have access to it. But of what value is it. It is encrypted. How are they going to get to the confidential data? If the file is any other working file there should not be any confidential data on it. If there is confidential data on the file it should not be on the computer's hard drive. I can't stress that any more plainly.
I my opinion, even after the Church changes policies for Windows user accounts I doubt there will be a relaxation on the policy regarding storing confidential data files on the computer outside MLS.
donaldbrooksby wrote:But also, to have an external storage, secure, that data still needs to be available to everyone who is supposed to get to it at all times.
Membership and financial data is available to all who need it in MLS to perform their calling. In the past MLS was the only place that data was available. To make it easier for leaders to fulfill their callings access to some of that data is being extended by applications on the internet in LDS.org. Any confidential data that is stored on removable media and secured is most certainly available to those who created it. It is a bit far fetched to say that it must be available at all times. There is no Church policy I can find that requires that.
donaldbrooksby wrote:We store it in a cabinet? not secure if there is a fire or a cabinet is carried out - they aren't security cabinets. At a home, not practical if some need to get to the data. But this is only an after-thought. No problems.
The MLS database is stored on the computer’s hard drive. Other confidential files should not be stored on the hard drive. They should be saved on external media and locked in storage when not in use.
How your bishop interprets that is a local decision. Most units use the same locking cabinet that other confidential and financial materials are stored in.
JD Lessley Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
JD,
The issue and what I have been talking about isn't exclusively about MLS. My example of getting to another Wards' drive easily by virtue of the same standard password was illustrated that I could get to their backup file on their hard drive. Yes, I can grab their data from another computer in the building, yes, I can install MLS on a different computer and restore their data to it. Yes, I can crack a password - even by virtue of standing behind a person logging in to their MLS account. That was not the point. But there is more to Confidential data that doesn't necessarily sit in MLS.
My comments about the storage of data externally are about the Document storage on that computer. But looking at the whole situation, there isn't one thing in a tiny clerks office that can have any resemblance of anything that can be secure. Standing in a doorway of a clerks office, you have financial documents that are 4 years old that still need to be stored, but won't fit in a cabinet, so it sits on the floor in a bankers box. You have no place that the computer screen is shielded from someone walking in the door. You sit with your back to the door (at least in the tiny, tiny clerks office we all have in our stake center). We can't fit more than 2 people in the clerks office, and we have to have enough room to store everything? You have membership transmission reports sitting in the Membership clerks' slot waiting for him to see it and file it. You have documents that need to be signed by the bishop. You have ward lists sitting there for people when they ask for it - or lists that were generated by the stake for information to pass out to members.
Given the Policy (and I am NOT bucking the Policy) But we are to keep offsite storage of Data - YES that is Very important. But think about the path that you have to take.
* Backup MLS - copy to USB Drive for storage in the clerks office, another backup for offsite storage.
* Keep all data on an external drive and locked away - keep backup of that data - so we are copying another usb drive to a usb drive for offsite storage.
* We also are needing to monitor all data saved in the documents folder on the computer. So I need to go in and look at each file and determine if it is worthy of being on the external drive? If there wasn't access to that external drive at the time and a document was saved to the internal drive, then it needs to be moved over and deleted from the internal drive... it is easy to say well, nobody is to store on the hard drive...but it is impossible to stop that. There are 2 worlds in the computer industry (1) The way an administrator wants and plans for it, and (2) the way it really is done.
Where as you have secure data on the drive and you make one single backup to an external drive for safe storage. It seems that the process is really based on the door that keeps people out of the office. Where I have 15 other members with keys to the clerks office, at what point is there a failure...I can tell you, pretty much on a daily basis. It isn't the fact that we need to be trusting of one another, but perhaps as members, we are too trusting of people. I would be $500,000 richer if I weren't so trusting of members, but we all know the natural man is not the same person that sits in church on Sunday. Our stake offices were broken into by a 14 year old leaning down on the door handle. You cannot sit there and tell me that resembles anything secure.
I didn't mean for this to go so far, but even the policy, as followed, is a little strange for the simple process of just locking the computer down 1 more level by not using generic passwords. Everyone is quoting the policy, well, here is what I am talking about. 13.8
"Information that is stored electronically must be kept secure and protected by a password " It doesn't say only MLS...all information. It doesn't seem that the policy allows for this.
In 13.9.1: "Church record-keeping systems" is the key term. I shot an email out to 7 other ward clerks asking them a simple question after I started my question last night..."How do you read that phrase" All but 1 came back saying "Computer systems", the 1 came back saying "not sure, MLS?"
Where we are dealing with more info than just existing in MLS or the lack of being able to rely completely on MLS for the right data (i.e. CUBS and Budgets) I am afraid that we actually have to store other spreadsheets and data outside of MLS to do our job accurately (referring to the 2 worlds above). Then if some of that data needs to be available to others outside of the bishopric...i.e. YM president or YW president, then they don't have access to that info, when the data is stored in a cabinet, locked. Reality is that there is some information that needs to be shared, yet it is still confidential information, so do I now give a key to the cabinet for the confidential info they can get to? (2 worlds)
When we rely on external media to be the sole place of storing data, we have put into play a point of failure. USB ports push out 5v of power all the time. On countless times, I have customers frying their ports and usb drives just by plugging it in wrong (barely tweeked or trying to plug in upside down). How many companies actually run all of their data from a USB drive hooked to the server...I don't see any. They use USB drives as a form of Backup for the convenience of removing data from the location. Not to say this will be the problem, or has been the problem as the policy is, but you put at risk far more than to just add a layer of security to a computer and put orgs on a different login to what a bishopric would do. It really isn't hard.
But look, I am at peace with the fact that policy is policy and you can throw it all at me all you want, but you have to admit, if you are or were a clerk, you would be able to step back and actually see there are many issues at play here and I, for one, have no interest in debating. And I will do what is outlined in all of the materials and wikis that try to spell out how security is set and all of the manual handling of the data. I just see that 12 hours on Sunday in meetings and working on the computer, plus managing data during the week is far too much time to be sitting at the church house dealing with all of these Manual security holes that some simple discussions can overcome most of them. Until this week, we couldn't plug an external hard drive into our computer without getting the BSOD - our computer is over 6 years old with USB 1.1 and not liking any type of external hard drive - only 2gb or less USB drives.
I started it last night, I was probably the 500th person who asked the simple question in trying to find an answer to all of the physical and manual moving of data that could be easier and even more secure, as I deal with on a daily bases. I know that there are people who work hard at trying to appease the masses and write these programs and councils overseeing the policies - I love them for it (remembering MIS) the changes today are far better than they were years ago. I am not trying to ruffle feathers here. AND I don't want to be a part of a movement to lock the data away from the clerks. I think most of us are able to do our job well by virtue of how the technology is progressing now.
Just pretend I never even brought up the point. I am more than willing to follow along and change only when the policy is changed.
--Don
donaldbrooksby wrote:Standing in a doorway of a clerks office, you have financial documents that are 4 years old that still need to be stored, but won't fit in a cabinet, so it sits on the floor in a bankers box. You have no place that the computer screen is shielded from someone walking in the door.
IIRC, that's against policy as well. I'd suggest talking to the Stake Presidency about getting the issues with your clerk's office fixed.
donaldbrooksby wrote:our computer is over 6 years old with USB 1.1 and not liking any type of external hard drive - only 2gb or less USB drives.
That's odd. 6 years would put it around a Dell GX270 which most certainly has USB 2.0. (Donated computers are not allowed). It would appear to me that your computer is either defective, or far older than 6 years. Assuming this is a hardware problem (and not missing drivers), I'd suggest working though the stake presidency with the FM group to get a replacement.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
Evidentially you don't know the newer buildings...like I said, 2 people can fit in the clerks office at 1 time and there is no room for any more cabinets. Yeah, we would love more room and more cabinets to help, but the clerks office is not much bigger than 6' x 8' - wall to wall. Add 2 file cabinets and 4 overhead Cabinets, a L-shaped table top for the computer - Bam! You don't have room to turn around inside. I would LOVE the extra room, but I don't think that is possible, so we give and take. We do the best we can with the lack of room we have. Policy or no.
Computer: we got a replacement in December, I finally had to start loading it so we can get that 6 year old piece of junk out of there. So it will be replaced this week. Drivers aren't missing, it is just shot and I have had to keep it going for over a year before FM would give us a "new" one (with XP on it and ONLY SP2).
RussellHltn wrote:As far as I can remember, all of the clerk's doors in my stake do have a dead bolt.
Must be a luxury then, we don't. All doors open with a push-down handle. Apply a little pressure to the locked door handle, you have it open. Perhaps you are seeing maybe a glimpse of why I am just a little worried about "Door Security" Maybe it's a Fire-proof door, so perhaps we call it a FireDoor?
donaldbrooksby wrote:All doors open with a push-down handle. Apply a little pressure to the locked door handle, you have it open. Perhaps you are seeing maybe a glimpse of why I am just a little worried about "Door Security"
I certainly would agree that this is a problem. But if your doors are so lacking in security, I would think that the FM group would want to know and would be motivated to fix this defect. Is the FM group aware of the problem?
Questions that can benefit the larger community should be asked in a public forum, not a private message.
RussellHltn wrote:Even if we could, I'm not sure as it would be wise to do so. Sooner or later, you'd go to use the computer and find that it is locked (probably because the screen saver kicked in) by "Brother Smith". Where's Brother Smith? Oh, he had to run one of his kids home. He should be back in 20 minutes. Sure, with Admin rights you could force log him off. Hopefully the forced shutdown won't corrupt MLS.
The idea of everyone having their own login comes from business where most of the time people have their own computers and you need accountability on who did what. In areas where the computer is in a common area, making people log off and back on with their own ID just doesn't work that well. Not unless you want to become the security ogre. Even then, I predict that you'll find that you'll be more effective in being known as a ogre then in getting compliance.
To fix the problem you describe (for XP) enable Fast User Switching and it will allow multiple people to be logged in simultaneously (no need to enable it on 7 as it is enabled by default). Then you can just log in as yourself and the other person's session is still there, their programs are still running but they are sitting in the background.
Has anyone had problems where they needed to know who did what to a computer - that could be determined if everyone did use their own login? The only one I can think of is I'd like to know who changed the time/date on some computers. Unfortunately, I don't think Windows leaves that good of an audit trail.
Yes, I have. Not at church (I dont have a need to use the computer there), but at work.
I would prefer that there be a separate login for each group (Bishopric, clerks, auxiliaries, etc) as mentioned by donaldbrooksby. Not out of mistrust or to be a security ogre, but to help keep honest people honest.
Aczlan wrote:To fix the problem you describe (for XP) enable Fast User Switching and it will allow multiple people to be logged in simultaneously (no need to enable it on 7 as it is enabled by default). Then you can just log in as yourself and the other person's session is still there, their programs are still running but they are sitting in the background.
But that doesn't fix the problem. If someone is logged in to MLS and leaves the computer with MLS running, any other users of the computer who want to use MLS have a real problem until they can find that person. They can't use MLS because that other user has it open. And it's not a good idea to force that user session to close -- the effects on the MLS database are unpredictable.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
Aczlan wrote:To fix the problem you describe (for XP) enable Fast User Switching and it will allow multiple people to be logged in simultaneously (no need to enable it on 7 as it is enabled by default). Then you can just log in as yourself and the other person's session is still there, their programs are still running but they are sitting in the background.
Yes multiple Windows users can be logged on at the same time (hogging resources - that valuable memory there is a shortage of and CPU cycles and...), but only one MLS user can be logged on at a time. Most users of the administrative computer are using it to gain access to MLS. So now what do you do when another is (was) using MLS and you find the scenario Russell describes.
JD Lessley Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
