It shouldn't happen to an IT consultant
Spend your time doing business, not IT.
Thursday 25 December 2008, 6:02 PM
FTP not VPN
In the unlikely event you are missing the office this Christmas, this is how I like to arrange remote file access. The standard method is via a VPN. It’s not a solution for smaller businesses I favour. Aside from the security of the VPN connection itself, it is inherently risky to allow the staffs' home PCs, that are out of sight and mind, the total trust of office LAN. Any malware has an easy route into the office.
Even the lowest risk user is at a much greater risk of when working from home. They may only use their PC for work, not visit porn sites (the quickest way to infect PC with malware), and have no idea how to install applications, but if you can’t keep an eye on the PC, updates may be missed or anti-virus and firewall failures go unnoticed. And who’s using it? Well meaning house guests with access to the PC are I find, a frequent cause of malware. Teenagers are the worst, it’s not a surprise they are they are malware makers favourite target. Kids know enough to get infected via infested peer to peer files sharing applications, free games, porn sites, fake security software, pirated applications and files swapped with friends. Few know enough to know what is and isn’t risky.
Because most remote users only want to access their files my favoured and free FTP solution is the free open source FileZilla server and client. Using FTP to transfer files may be mildly less convenient than saving to a drive letter, it is though inherently much safer.
FileZilla Server isn’t perfect. The server doesn’t update or prompt for updates automatically (the client does) so it needs regularly checking for updates. It also worth remembering FTP isn’t encrypted, so using public networks can be a worry (though no more than email).
Gina Trapani’s clear to use guide to setting up the server is here. For security reasons I also recommend removing details of the server name from the welcome message, replace it with ‘Unauthorised Access prohibited’. Do not include a company name. Also note that logging is disabled by default. Enable it. If your net connection doesn’t provide a fixed IP use as a Dynamic DNS service as I’ve mentioned before in the second from last para..
With the minimum firewall fiddling, that is enabling forwarding ports 20 and 21 to the server via Windows’ and the router’s firewall (which also means giving the server a fixed local IP address) clients will only manage to connect in ‘active mode’. To force them to do so open FileZilla Client’s Site Manager on the File menu, This is where connection details are managed. Enable Active mode on the connection’s transfer settings tab. More details of the difference between active and passive mode are here.
A nice bonus of FTP (though often less reliable than using the client) is the ability to access the server via web browser. Connect using the format: ftp://USERNAME:PASSWORD@HOSTNAME.X.Y Obviously replacing HOSTNAME, USERNAME and HOSTNAME.X.Y with the appropriate details. There’s also of course the ever trusty and pervasive command line FTP client.
Happy season to all, now back to face-stuffing.
Even the lowest risk user is at a much greater risk of when working from home. They may only use their PC for work, not visit porn sites (the quickest way to infect PC with malware), and have no idea how to install applications, but if you can’t keep an eye on the PC, updates may be missed or anti-virus and firewall failures go unnoticed. And who’s using it? Well meaning house guests with access to the PC are I find, a frequent cause of malware. Teenagers are the worst, it’s not a surprise they are they are malware makers favourite target. Kids know enough to get infected via infested peer to peer files sharing applications, free games, porn sites, fake security software, pirated applications and files swapped with friends. Few know enough to know what is and isn’t risky.
Because most remote users only want to access their files my favoured and free FTP solution is the free open source FileZilla server and client. Using FTP to transfer files may be mildly less convenient than saving to a drive letter, it is though inherently much safer.
FileZilla Server isn’t perfect. The server doesn’t update or prompt for updates automatically (the client does) so it needs regularly checking for updates. It also worth remembering FTP isn’t encrypted, so using public networks can be a worry (though no more than email).
Gina Trapani’s clear to use guide to setting up the server is here. For security reasons I also recommend removing details of the server name from the welcome message, replace it with ‘Unauthorised Access prohibited’. Do not include a company name. Also note that logging is disabled by default. Enable it. If your net connection doesn’t provide a fixed IP use as a Dynamic DNS service as I’ve mentioned before in the second from last para..
With the minimum firewall fiddling, that is enabling forwarding ports 20 and 21 to the server via Windows’ and the router’s firewall (which also means giving the server a fixed local IP address) clients will only manage to connect in ‘active mode’. To force them to do so open FileZilla Client’s Site Manager on the File menu, This is where connection details are managed. Enable Active mode on the connection’s transfer settings tab. More details of the difference between active and passive mode are here.
A nice bonus of FTP (though often less reliable than using the client) is the ability to access the server via web browser. Connect using the format: ftp://USERNAME:PASSWORD@HOSTNAME.X.Y Obviously replacing HOSTNAME, USERNAME and HOSTNAME.X.Y with the appropriate details. There’s also of course the ever trusty and pervasive command line FTP client.
Happy season to all, now back to face-stuffing.
Previous
