looking for options re allowing remote access

Discussion in 'Computer Security' started by Stuart Miller, Oct 14, 2007.

  1. I have a file/print server here for personal and small business documents.
    The business operates from my home.
    Local security is not an issue, as everyone who has computer access is
    either adult family members or trusted employees.

    Workstations run either XP or Mandriva 2006/2007
    File server runs Mandriva 2007
    All are behind a d-link home router/firewall.

    Outside of the firewall on separate IP address is a hobby apache/linux
    webserver. Service provider allows up to 4 IP addresses, and this way the
    server can be considred 'disposable' if it gets trashed somehow.

    I am looking for a relatively simple yet secure way to allow family and
    employees read & write access to the current document base. There are a
    number of ways to offer reasonably secure read-only access, but the
    logistics of updating the files is just too messy. File locking would be
    necessary, as I can control who is updating which set of files. This is very
    much a low volume operation.

    I have done some research, and found the 'how to' for a number of possible
    configurations.

    One option is to bring the web server back inside the LAN, using a DMZ or ip
    forwarding for port 80 and 443, and implement SSL on the web server. I
    could move the 'shareable' documents where they can be updated, yet still be
    accessed locally.

    Another is to set up some kind of VPN to allow access to the file server,
    but some form of security to keep users in specified directories.

    Another would be to use a more secure variation of FTP, either on the web
    server ( inside the LAN) or leave the web server alone and set it up on the
    file server. ( again with a chroot environemnt )

    I am wondering if there are any other options, and if anyone has opinions or
    experience as to which options provide the best security for the shared and
    non-shared document base, and which are more convenient and less expensive
    to set up.

    I have some experience with linux, having set up a dozen or so systems and
    have had the servers in place for about 5 years. I just have not ventured
    into this area. I'm willing to learn, I just would prefer to start with a
    good plan.

    Stuart
     
    Stuart Miller, Oct 14, 2007
    #1
    1. Advertising

  2. Stuart Miller

    Todd H. Guest

    "Stuart Miller" <> writes:

    > Another is to set up some kind of VPN to allow access to the file
    > server, but some form of security to keep users in specified
    > directories.


    Say more about your requirements here and what level of directory
    security are currently configured.

    It's not clear what exactly you're trying to do. OpenVPN or an IPCop
    based VPN inbound is easy if you're willing to have these remote users
    have the same network access as your local users. Which sounds like
    you would only wish to do if you can lock down the file permissions on
    your file server appropriately.

    A combo of OpenVPN to get inside your network, and then standard ftp
    from the outside employee's machine to your file server may be be easy
    and doable if you can get the permissions set up on you rfile server
    to your liking, and your users are okay dealing with openvpn and ftp.

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Oct 20, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter Sale
    Replies:
    1
    Views:
    12,007
    Robin Walker
    Dec 11, 2004
  2. Atif Sajid

    Remote Access VPN options

    Atif Sajid, Jul 14, 2003, in forum: Cisco
    Replies:
    3
    Views:
    3,697
    Jocelyn
    Jul 18, 2003
  3. Albie
    Replies:
    1
    Views:
    479
    Walter Roberson
    Nov 15, 2005
  4. Craig

    Allowing Internet Access

    Craig, Jun 4, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    416
    Malke
    Jun 4, 2006
  5. Giuen
    Replies:
    0
    Views:
    1,017
    Giuen
    Sep 12, 2008
Loading...

Share This Page