|
Posted by Stuart Miller on October 14, 2007, 12:56 am
If you were Registered and logged in, you could reply and use other advanced thread options
I have a file/print server here for personal and small business documents.
The business operates from my home.
Local security is not an issue, as everyone who has computer access is
either adult family members or trusted employees.
Workstations run either XP or Mandriva 2006/2007
File server runs Mandriva 2007
All are behind a d-link home router/firewall.
Outside of the firewall on separate IP address is a hobby apache/linux
webserver. Service provider allows up to 4 IP addresses, and this way the
server can be considred 'disposable' if it gets trashed somehow.
I am looking for a relatively simple yet secure way to allow family and
employees read & write access to the current document base. There are a
number of ways to offer reasonably secure read-only access, but the
logistics of updating the files is just too messy. File locking would be
necessary, as I can control who is updating which set of files. This is very
much a low volume operation.
I have done some research, and found the 'how to' for a number of possible
configurations.
One option is to bring the web server back inside the LAN, using a DMZ or ip
forwarding for port 80 and 443, and implement SSL on the web server. I
could move the 'shareable' documents where they can be updated, yet still be
accessed locally.
Another is to set up some kind of VPN to allow access to the file server,
but some form of security to keep users in specified directories.
Another would be to use a more secure variation of FTP, either on the web
server ( inside the LAN) or leave the web server alone and set it up on the
file server. ( again with a chroot environemnt )
I am wondering if there are any other options, and if anyone has opinions or
experience as to which options provide the best security for the shared and
non-shared document base, and which are more convenient and less expensive
to set up.
I have some experience with linux, having set up a dozen or so systems and
have had the servers in place for about 5 years. I just have not ventured
into this area. I'm willing to learn, I just would prefer to start with a
good plan.
Stuart
|
|
Posted by Todd H. on October 20, 2007, 2:48 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Another is to set up some kind of VPN to allow access to the file
> server, but some form of security to keep users in specified
> directories.
Say more about your requirements here and what level of directory
security are currently configured.
It's not clear what exactly you're trying to do. OpenVPN or an IPCop
based VPN inbound is easy if you're willing to have these remote users
have the same network access as your local users. Which sounds like
you would only wish to do if you can lock down the file permissions on
your file server appropriately.
A combo of OpenVPN to get inside your network, and then standard ftp
from the outside employee's machine to your file server may be be easy
and doable if you can get the permissions set up on you rfile server
to your liking, and your users are okay dealing with openvpn and ftp.
--
Todd H.
http://www.toddh.net/
|
| Similar Threads | Posted | | Windows 2003 remote admin access | June 30, 2006, 4:16 am |
| IE Not Allowing Me to Change Homepage | July 19, 2006, 7:00 am |
| FCC Issues Rule Allowing FBI to Dictate Wiretap-Friendly Design for Internet Service | August 9, 2005, 2:33 pm |
| FTP client with file encryption for remote backup? | February 20, 2006, 12:37 pm |
| Re: FTP Client With File Encryption For Remote Backup? | February 21, 2006, 4:28 am |
| Re: FTP Client With File Encryption For Remote Backup? | February 22, 2006, 8:04 pm |
| Re: Microsoft Active-X Remote Code Execution Vulnerability | June 28, 2006, 7:24 am |
| finding remote computer desktop lock status in windows 2003 server network ? | September 3, 2005, 5:37 pm |
| Re: Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability | December 19, 2005, 8:27 pm |
| Looking to block web access | August 23, 2005, 1:24 am |
|
XML site map