VNC Needed- how to open a port in the firewall?

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
achesley
New Member
Posts: 3
Joined: Thu Nov 20, 2014 5:49 pm

VNC Needed- how to open a port in the firewall?

Postby achesley » Sun Mar 01, 2015 4:03 pm

So I'm the ward clerk, but my schedule doesn't permit me to go to the meeting house during the week for my work. I'd like to either RDP or VNC into the machine, but it appears that all ports are closed, and I'm not sure how to modify the firewall settings.
All I need to do is forward one port to my particular machine. Any ideas on howq to modify the firewall?

eblood66
Senior Member
Posts: 2028
Joined: Mon Sep 24, 2007 8:17 am
Location: Cumming, GA, USA

Re: VNC Needed- how to open a port in the firewall?

Postby eblood66 » Sun Mar 01, 2015 4:24 pm

achesley wrote:So I'm the ward clerk, but my schedule doesn't permit me to go to the meeting house during the week for my work. I'd like to either RDP or VNC into the machine, but it appears that all ports are closed, and I'm not sure how to modify the firewall settings.
All I need to do is forward one port to my particular machine. Any ideas on howq to modify the firewall?

Only CHQ can modify the firewall configuration and I'm sure they would not make this kind of modification. Remote access into the church computer to access MLS is expressly prohibited in section 4.10 of the Meetinghouse Technology Policy document.

However, if you're not already aware of it, you can perform many membership related things using Leader and Clerk Resources. Additional support in LCR to maintain callings and record home and visiting teaching should be released sometime this year, probably within a couple months or so. That's your best option for remote work right now.

achesley
New Member
Posts: 3
Joined: Thu Nov 20, 2014 5:49 pm

Re: VNC Needed- how to open a port in the firewall?

Postby achesley » Sun Mar 01, 2015 9:07 pm

Hmm, seems like an odd rule.
It is what it is, however. Thanks for the heads up!

eblood66
Senior Member
Posts: 2028
Joined: Mon Sep 24, 2007 8:17 am
Location: Cumming, GA, USA

Re: VNC Needed- how to open a port in the firewall?

Postby eblood66 » Sun Mar 01, 2015 9:24 pm

achesley wrote:Hmm, seems like an odd rule.

Not really. Any organization that deals with sensitive information is likely to have a rule that remote access is not allowed without enhanced security. For example my workspace (which deals with sensitive data for background screenings) does not allow any remote access to any company resource except via a VPN which is authenticated using two factor authentication (for most accesses that involves RSA SecureID for us). The cost required for that kind of security would be hard to justify for meetinghouse computers. So the best way to prevent the ability to hack into those computers is to not provide any outside access of any kind.

yarrgh
Church Employee
Church Employee
Posts: 42
Joined: Mon Dec 23, 2013 1:54 pm

Re: VNC Needed- how to open a port in the firewall?

Postby yarrgh » Mon Mar 02, 2015 12:39 pm

Those ports are closed on purpose by church policy. They will not be opened up as it is a security vulnerability. We also do not do custom configurations for a specific building. Even if it was fine to open up those ports, we wouldn't as it would put your firewall on a custom configuration.

Also, any custom configuration would get wiped and erased if any further updates get pushed to your firewall which is another reason we cannot and will not do custom configurations for meetinghouse firewalls.

achesley
New Member
Posts: 3
Joined: Thu Nov 20, 2014 5:49 pm

Re: VNC Needed- how to open a port in the firewall?

Postby achesley » Tue Mar 03, 2015 6:44 pm

eblood66 wrote:
achesley wrote:Hmm, seems like an odd rule.

Not really. Any organization that deals with sensitive information is likely to have a rule that remote access is not allowed without enhanced security. For example my workspace (which deals with sensitive data for background screenings) does not allow any remote access to any company resource except via a VPN which is authenticated using two factor authentication (for most accesses that involves RSA SecureID for us). The cost required for that kind of security would be hard to justify for meetinghouse computers. So the best way to prevent the ability to hack into those computers is to not provide any outside access of any kind.


I mean, I don't have a problem following a church rule, but having VNC access (or RDP) would hardly qualify at opening a huge security hole. Heck, we just last week got off of a windows xp machine.
As for security, it doesn't have to be insecure- VPN might be overkill, but SSH tunneling or encypted VNC is possible and not even difficult. I'm just saying that it would be very beneficial to have offsite access.

I guess I'll just wait for LCR to replace MLS =)

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: VNC Needed- how to open a port in the firewall?

Postby johnshaw » Tue Mar 03, 2015 7:52 pm

The rule has been extremely disappointing to me and my clerks over the years as well. It made even less sense when there was absolutely NO access to LCR. Frankly, I just don't get it. At one point the desktop team in a presentation challenged us to provide any use-cases where Remote Access was needed and we got nothing out of it but chirping silence on the other side of the internet.

i think we just need to wait it out until LCR completely replaces MLS. Until then, someone else knows best, When a Stake President or Bishop asks you for information, tell them the Church doesn't allow you to have access to the data other than on Sunday and if they want information it would be helpful to ask with plenty of time notice so you can get the needed information.

Make sure you are using LCR to the full extent possible. I think you'll find that most things are there.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”
― Thomas Paine, Common Sense


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest