looking for options re allowing remote access

Discussion in 'Computer Security' started by Stuart Miller, Oct 14, 2007.

  1. I have a file/print server here for personal and small business documents.
    The business operates from my home.
    Local security is not an issue, as everyone who has computer access is
    either adult family members or trusted employees.

    Workstations run either XP or Mandriva 2006/2007
    File server runs Mandriva 2007
    All are behind a d-link home router/firewall.

    Outside of the firewall on separate IP address is a hobby apache/linux
    webserver. Service provider allows up to 4 IP addresses, and this way the
    server can be considred 'disposable' if it gets trashed somehow.

    I am looking for a relatively simple yet secure way to allow family and
    employees read & write access to the current document base. There are a
    number of ways to offer reasonably secure read-only access, but the
    logistics of updating the files is just too messy. File locking would be
    necessary, as I can control who is updating which set of files. This is very
    much a low volume operation.

    I have done some research, and found the 'how to' for a number of possible
    configurations.

    One option is to bring the web server back inside the LAN, using a DMZ or ip
    forwarding for port 80 and 443, and implement SSL on the web server. I
    could move the 'shareable' documents where they can be updated, yet still be
    accessed locally.

    Another is to set up some kind of VPN to allow access to the file server,
    but some form of security to keep users in specified directories.

    Another would be to use a more secure variation of FTP, either on the web
    server ( inside the LAN) or leave the web server alone and set it up on the
    file server. ( again with a chroot environemnt )

    I am wondering if there are any other options, and if anyone has opinions or
    experience as to which options provide the best security for the shared and
    non-shared document base, and which are more convenient and less expensive
    to set up.

    I have some experience with linux, having set up a dozen or so systems and
    have had the servers in place for about 5 years. I just have not ventured
    into this area. I'm willing to learn, I just would prefer to start with a
    good plan.

    Stuart
     
    Stuart Miller, Oct 14, 2007
    #1
    1. Advertisements

  2. Stuart Miller

    Todd H. Guest

    Say more about your requirements here and what level of directory
    security are currently configured.

    It's not clear what exactly you're trying to do. OpenVPN or an IPCop
    based VPN inbound is easy if you're willing to have these remote users
    have the same network access as your local users. Which sounds like
    you would only wish to do if you can lock down the file permissions on
    your file server appropriately.

    A combo of OpenVPN to get inside your network, and then standard ftp
    from the outside employee's machine to your file server may be be easy
    and doable if you can get the permissions set up on you rfile server
    to your liking, and your users are okay dealing with openvpn and ftp.
     
    Todd H., Oct 20, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.