Wireless networking in buildings - is there policy/guidelines?

[russellhltn]

While the phone line is over the Internet, it's so heavily filtered that it's not usable as an Internet connection. For all practical purposes, it's a VPN and quite secure.

Allowing the clerk's computer to browse the Internet opens up a rather large security issue. I think one of, if not the biggest vector for malware is a poisoned website or file. Any browsing to that site can cause the malware to install itself into the computer where it can then "phone home" for instructions or send any data it's found. Since most firewalls will permit outbound connections, it can usually get though. The trend now is not just OS vulnerabilities being exploited, but application vulnerabilities as well. Adobe had a problem with V7 of the reader that could allow a malicious PDF file to run arbitrary code. Quicktime also had that issue (Apple software causing a PC vulnerability - oh! the irony! :rolleyes: )

While the PIX filtering of inappropriate websites is a major help, not all such websites are caught. It also doesn't help if a valid website is hacked and a poised file is substituted for a valid one. Since the corruption could be subtle, it might take awhile before the intrusion is discovered.

So while I'm sure Internet access will be a big help, I personally remain leery about the current setup, if for no other reason then all MLS users have local admin rights on the machine, which means anything that manages to get into the machine can do anything it wants.

[thedqs]

The default internet settings could be increased similiar to Windows Server 2003's settings. This would require to place all approved websites on a trusted list and anything that isn't trusted is blocked. For a ward computer I would thing that the lds sites should be the only approved sites anyway.

[russellhltn]

The default internet settings could be increased similar to Windows Server 2003's settings. This would require to place all approved websites on a trusted list and anything that isn't trusted is blocked.

Blocked or highly restricted? (That is, the rest of the Internet is placed in the "Restricted" category.) Highly Restricted would help, but keep in mind there have been some vulnerabilities that can get past that. One of them was a flaw in the way an image was process. Simply loading a JPEG or GIF from a site could compromise the computer (both IE and Firefox had this issue.)

As for blocking everything except LDS sites, there are any number of non-LDS sites that are useful in doing the work. White Pages for doing telephone number lookups, software and hardware vendors to download driver and other updates are some I can come up with off the top of my head.

[thedqs]

The yellow/whitepages is a good point, but as for the software/hardware driver downloads and other updates I'd think that another account for the Ward Tech Speciallist could be created with less restrictions. (Usually those with more technical expertise can avoid compromissing situations)

[russellhltn]

I'd think that another account for the Ward Tech Speciallist could be created with less restrictions.

That still leaves the automatic updates such as anti-virus Windows. I'm sure there are alots of reasons to go to non-church sites. For example there are a number of member church sites for church-related software. I'm sure if we give the ward clerks a chance, they'll come up with a good list of sites they use to further the work.