Page 1 of 1

VNC Needed- how to open a port in the firewall?

Posted: Sun Mar 01, 2015 4:03 pm
by achesley
So I'm the ward clerk, but my schedule doesn't permit me to go to the meeting house during the week for my work. I'd like to either RDP or VNC into the machine, but it appears that all ports are closed, and I'm not sure how to modify the firewall settings.
All I need to do is forward one port to my particular machine. Any ideas on howq to modify the firewall?

Re: VNC Needed- how to open a port in the firewall?

Posted: Sun Mar 01, 2015 4:24 pm
by eblood66
achesley wrote:So I'm the ward clerk, but my schedule doesn't permit me to go to the meeting house during the week for my work. I'd like to either RDP or VNC into the machine, but it appears that all ports are closed, and I'm not sure how to modify the firewall settings.
All I need to do is forward one port to my particular machine. Any ideas on howq to modify the firewall?
Only CHQ can modify the firewall configuration and I'm sure they would not make this kind of modification. Remote access into the church computer to access MLS is expressly prohibited in section 4.10 of the Meetinghouse Technology Policy document.

However, if you're not already aware of it, you can perform many membership related things using Leader and Clerk Resources. Additional support in LCR to maintain callings and record home and visiting teaching should be released sometime this year, probably within a couple months or so. That's your best option for remote work right now.

Re: VNC Needed- how to open a port in the firewall?

Posted: Sun Mar 01, 2015 9:07 pm
by achesley
Hmm, seems like an odd rule.
It is what it is, however. Thanks for the heads up!

Re: VNC Needed- how to open a port in the firewall?

Posted: Sun Mar 01, 2015 9:24 pm
by eblood66
achesley wrote:Hmm, seems like an odd rule.
Not really. Any organization that deals with sensitive information is likely to have a rule that remote access is not allowed without enhanced security. For example my workspace (which deals with sensitive data for background screenings) does not allow any remote access to any company resource except via a VPN which is authenticated using two factor authentication (for most accesses that involves RSA SecureID for us). The cost required for that kind of security would be hard to justify for meetinghouse computers. So the best way to prevent the ability to hack into those computers is to not provide any outside access of any kind.

Re: VNC Needed- how to open a port in the firewall?

Posted: Mon Mar 02, 2015 12:39 pm
by tlhackett
Those ports are closed on purpose by church policy. They will not be opened up as it is a security vulnerability. We also do not do custom configurations for a specific building. Even if it was fine to open up those ports, we wouldn't as it would put your firewall on a custom configuration.

Also, any custom configuration would get wiped and erased if any further updates get pushed to your firewall which is another reason we cannot and will not do custom configurations for meetinghouse firewalls.

Re: VNC Needed- how to open a port in the firewall?

Posted: Tue Mar 03, 2015 6:44 pm
by achesley
eblood66 wrote:
achesley wrote:Hmm, seems like an odd rule.
Not really. Any organization that deals with sensitive information is likely to have a rule that remote access is not allowed without enhanced security. For example my workspace (which deals with sensitive data for background screenings) does not allow any remote access to any company resource except via a VPN which is authenticated using two factor authentication (for most accesses that involves RSA SecureID for us). The cost required for that kind of security would be hard to justify for meetinghouse computers. So the best way to prevent the ability to hack into those computers is to not provide any outside access of any kind.
I mean, I don't have a problem following a church rule, but having VNC access (or RDP) would hardly qualify at opening a huge security hole. Heck, we just last week got off of a windows xp machine.
As for security, it doesn't have to be insecure- VPN might be overkill, but SSH tunneling or encypted VNC is possible and not even difficult. I'm just saying that it would be very beneficial to have offsite access.

I guess I'll just wait for LCR to replace MLS =)

Re: VNC Needed- how to open a port in the firewall?

Posted: Tue Mar 03, 2015 7:52 pm
by johnshaw
The rule has been extremely disappointing to me and my clerks over the years as well. It made even less sense when there was absolutely NO access to LCR. Frankly, I just don't get it. At one point the desktop team in a presentation challenged us to provide any use-cases where Remote Access was needed and we got nothing out of it but chirping silence on the other side of the internet.

i think we just need to wait it out until LCR completely replaces MLS. Until then, someone else knows best, When a Stake President or Bishop asks you for information, tell them the Church doesn't allow you to have access to the data other than on Sunday and if they want information it would be helpful to ask with plenty of time notice so you can get the needed information.

Make sure you are using LCR to the full extent possible. I think you'll find that most things are there.