Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Stuart Miller
October 14, 2007, 4:56 am
rate this thread
The business operates from my home.
Local security is not an issue, as everyone who has computer access is
either adult family members or trusted employees.
Workstations run either XP or Mandriva 2006/2007
File server runs Mandriva 2007
All are behind a d-link home router/firewall.
Outside of the firewall on separate IP address is a hobby apache/linux
webserver. Service provider allows up to 4 IP addresses, and this way the
server can be considred 'disposable' if it gets trashed somehow.
I am looking for a relatively simple yet secure way to allow family and
employees read & write access to the current document base. There are a
number of ways to offer reasonably secure read-only access, but the
logistics of updating the files is just too messy. File locking would be
necessary, as I can control who is updating which set of files. This is very
much a low volume operation.
I have done some research, and found the 'how to' for a number of possible
One option is to bring the web server back inside the LAN, using a DMZ or ip
forwarding for port 80 and 443, and implement SSL on the web server. I
could move the 'shareable' documents where they can be updated, yet still be
Another is to set up some kind of VPN to allow access to the file server,
but some form of security to keep users in specified directories.
Another would be to use a more secure variation of FTP, either on the web
server ( inside the LAN) or leave the web server alone and set it up on the
file server. ( again with a chroot environemnt )
I am wondering if there are any other options, and if anyone has opinions or
experience as to which options provide the best security for the shared and
non-shared document base, and which are more convenient and less expensive
to set up.
I have some experience with linux, having set up a dozen or so systems and
have had the servers in place for about 5 years. I just have not ventured
into this area. I'm willing to learn, I just would prefer to start with a
Re: looking for options re allowing remote access
Say more about your requirements here and what level of directory
security are currently configured.
It's not clear what exactly you're trying to do. OpenVPN or an IPCop
based VPN inbound is easy if you're willing to have these remote users
have the same network access as your local users. Which sounds like
you would only wish to do if you can lock down the file permissions on
your file server appropriately.
A combo of OpenVPN to get inside your network, and then standard ftp
from the outside employee's machine to your file server may be be easy
and doable if you can get the permissions set up on you rfile server
to your liking, and your users are okay dealing with openvpn and ftp.
- » Firefox dialog: unable to verify the identity of ... as a trusted site
- — Next thread in » Computer Software Security
- » Is there a way to edit/alter a file but leave the 'time' stamp unchanged?
- — Previous thread in » Computer Software Security