Start Time Application Direction Protocol Remote Address Remote Port Reason
3:06:18 PM ward tools updater.exe IN REFUSED TCP 192.168.1.104 49589 Deny TCP any/any
3:06:15 PM mdnsresponder.exe IN REFUSED UDP 192.168.1.104 5353 Deny UDP any/any
3:06:05 PM mdnsresponder.exe IN REFUSED UDP 192.168.1.100 5353 Deny UDP any/any
3:05:58 PM mdnsresponder.exe IN REFUSED UDP 192.168.1.104 5353 Deny UDP any/any
3:05:48 PM mdnsresponder.exe IN REFUSED UDP 192.168.1.100 5353 Deny UDP any/any
3:05:41 PM mdnsresponder.exe IN REFUSED UDP 192.168.1.104 5353 Deny UDP any/any
3:05:39 PM ward tools updater.exe IN REFUSED TCP 192.168.1.104 49585 Deny TCP any/any
So, I have a two-part question:
1. Is it permissable for me, as STS (or the local unit, for that matter) to modify the default configuration of the Sophos firewall to permit additional applications to be run on the ward clerk computer? I've seen references in other threads which seem to indicate the decision to add software is up to the local stake president. But I don't know if that extends to altering the security software.
2. Is there an official policy regarding the export of MLS data for use on a phone (Blackberry, iPhone, etc.)? I realize there is a PDA export option in MLS for Palm, but I am not familiar enough with it to know if it contains sensitive information like membership records, ordinance dates, etc. It looks like the Ward Tools program *does* export this information. There seem to be a variety of applications out there designed to pull information out of MLS, with varying degrees of security (or lack thereof); including passing MLS login credentials out to 3rd parties.
I've been doing audit & compliance work long enough to understand there are significant challenges of securing data on privately-owned mobile devices. Add the additional responsibility to "ensure that all computers, software, and confidential Church information are secure", and I just get a bad feeling about this.
From https://tech.lds.org/wiki/images/a/aa/P ... eeping.pdf
SecurityInformation about members, donations, and
financial transactions is confidential and should
be protected from unauthorized disclosure.
Computers should be located in secure areas
where bishopric or stake presidency members
and ward or stake clerks can work with and print
this confidential information in private.
...financial transactions is confidential and should
be protected from unauthorized disclosure.
Computers should be located in secure areas
where bishopric or stake presidency members
and ward or stake clerks can work with and print
this confidential information in private.
[/SIZE][/font]
Church information downloaded to
[align=left]personal digital assistants (PDAs) for authorized
use by priesthood leaders should also be
password protected.[align=left]personal digital assistants (PDAs) for authorized
use by priesthood leaders should also be
[/SIZE][/font]
[/align]