View Single Post
  #5   (View Single Post)  
Old 22nd June 2008
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

Quote:
Originally Posted by jggimi View Post
You don't say what type of fileserving you wish to do; NFS or CIFS. But I don't think it matters.

Both are considered insecure; even if authentication and authorization are well controlled, these technologies transfer unencrypted data blocks. If you don't have complete end-to-end control of all access to the network, this is insecure.

The best practice is to implement a VPN for filesharing over insecure networks.
Well LAN file server seen from the machines in the LAN zone is NFS and completely unprotected. All machines in the LAN zone are considered 100% trusted and they can do anything between each other.

My question is what is the best way to enable access on the files stored on
the HDD of such a file server from the machine which is not in LAN, not even in DMZ zone but somewhere out on the internet. This is typical situation when the user wants to log in from the Internet and get some files from his account.

Yes VPN (IPSec) is also a solution (IPSec is probably the best solution) and this is what big guys from the central university computer center are doing. Although they use CISCO 3000 server which is NOT
very secure but that is another matter.

Last edited by Oko; 22nd June 2008 at 11:27 PM.
Reply With Quote