|
||||
I would use the built-in FTP server (comes with OpenBSD generic installation) on your file server, and open port 23 on your firewalls.
Assigning specific user access will help to secure that, and that can be easily linked to your current system users with fun stuff like RADIUS. BTW, OpenSSH isn't installed on your OpenBSD fileserver? Really?
__________________
Network Firefighter |
|
||||
Quote:
Can't you do the same thing by opening port 22 (or even better some non-sense like 25608 which will map into 22) and then actually use built in OpenSSH server built in on LAN file server? I like the idea of RADIUS though very much. Thanks for the answer. OKO Last edited by Oko; 22nd June 2008 at 07:38 PM. |
|
||||
You don't say what type of fileserving you wish to do; NFS or CIFS. But I don't think it matters.
Both are considered insecure; even if authentication and authorization are well controlled, these technologies transfer unencrypted data blocks. If you don't have complete end-to-end control of all access to the network, this is insecure. The best practice is to implement a VPN for filesharing over insecure networks. |
|
||||
Quote:
My question is what is the best way to enable access on the files stored on the HDD of such a file server from the machine which is not in LAN, not even in DMZ zone but somewhere out on the internet. This is typical situation when the user wants to log in from the Internet and get some files from his account. Yes VPN (IPSec) is also a solution (IPSec is probably the best solution) and this is what big guys from the central university computer center are doing. Although they use CISCO 3000 server which is NOT very secure but that is another matter. Last edited by Oko; 22nd June 2008 at 11:27 PM. |
|
||||
Well, you could run FTP, but if security is paramount (and I suppose it should be), then Secure FTP (SFTP) would work well, too, as it encrypts its communications. If your outside clients use Windows, then WinSCP is a good SFTP application for that platform to access your fileserver securely.
The nice thing about an SFTP solution is you get a similar experience to FTP, but it's secure, and without a major investment in time installing/configuring/managing anything new like a VPN solution (even if it already does come with OpenBSD.) Besides, a VPN solution suggests more than just needing access to files on a file server, which is all you have stated is needed to be happy.
__________________
Network Firefighter |
|
|||
IPSEC by most standards is generally the preferred method for connecting network to network. However in your case it really doesn't make much sense. With IPSEC you will have slightly faster xfer speeds as the encryption overhead does not require as much CPU/RAM as PPTP. However -- PPTP in your case seems better suited. If all your wanting is a simple means to access files in a remote location -- you do not need to be connected 24/7, via IPSEC. Keep in mind that the more gateways you are connected to will require more to manage.
A more robust solution might be some of the other options other members have offered up. Personally for your basic services I would use some sort of virtualization, but thats me. It all depends on your needs and requirements, thus far to do what you described it quite easy, as many have offered good solutions. In my opinion the best practice is to keep it simple. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Remote backups server using FreeBSD, ZFS, and Rsync | phoenix | Guides | 1 | 5th March 2010 12:17 AM |
Setup Remote Access VPN | plexter | OpenBSD Security | 54 | 4th September 2009 06:33 PM |
Remote FreeBSD server upgrade - Guide! | carpman | Guides | 8 | 5th April 2009 05:37 PM |
Appending to file on remote host via SSH | splooge | Programming | 10 | 7th June 2008 10:23 PM |
Swfdec read-only file access vulnerability | corey_james | FreeBSD Ports and Packages | 0 | 14th May 2008 11:31 PM |