Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sharing Files over the Internet 1

Status
Not open for further replies.
ahmun

ahmun

IS-IT--Management
Jan 7, 2002
432
US
Hello All,

I'm not sure what forum to post but this sounds like a promising one.

I am trying to find solutions to how to share files over the internet.

The Scenario:
My company wants to be able to share files with its associates/sub-contractors. They are looking for the ability to have a common place to store documents (WORD, EXCEL, Etc.) where either my company or others can modify this file.

The Desired Solution:
In an ideal world, we would like to share files like the way you can share files in Windows Environment over a network.

The Catch:
Our IT department would have to give our sub-contractors a VPN Tunnel into our networ to have the ideal File share. This is unacceptable due to security risks. I'm not a network admin guru, so I'd like to find some ideas or alternatives I can present to our IT department and Management.

Some Ideas:
Since I primarily do development for database driven web-based apps, I know of some Web based forum-like applications that can be used. This is not the best solution (since we want to have a virtual folder)... I also thought of FTP, but our current web host does not open their site to windows-based ftp (where it looks like you are accessing the ftp site via windows file explorer)... and this drives me back to a web-based solution.

Is there some other ideas out there I'm not yet aware of?

Earnie Eng
 
Sort by date Sort by votes
Why don't you just host an FTP server on your end?
Behind a firewall, non-standard port, double passwords, etc.
How much more secure and controlled can you get?
If you think VPN is a security risk, then your web-based solution should totally out of the question, and certainly if it is hosted somewhere else.
If the webhost gets hacked, your files are free to take!

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
 
Upvote 0 Downvote
If the only access that the other companies need is read only, then have them access them via a browser. You can set up your firewall to allow only who you want to view them.



Blue [dragon]

If I wasn't Blue, I would just be a Dragon...
 
Upvote 0 Downvote
I would need to have both read and write access. The users would like to view it as if it was a folder in Windows where they can drag/drop...

Marc, About the FTP idea...
How secure is the FTP interface of IE? (I know I can use Internet Explorer, and type in an ftp:// address, and it will browse that ftp site as if it were a folder on your hard drive) That's the ideal GUI I would like to have set up... But my current web host doesn't allow that. Is there a way to apply your suggestion of "Behind a firewall, non-standard port, double passwords, etc." in that situation? Or... how would I, if I had my own server, break out of the Comapny firewall?

Earnie Eng
 
Upvote 0 Downvote
Have you thought about a portal site, such as Intranets.com? Although a bit pricey ($50/mo) it allows you to have a secure area to share documents, and addes personal messaging, calendar, etc.

When in doubt, deny all terms and defnitions.
 
Upvote 0 Downvote
How about CVS repository. It can be setup with internet access, plus you may also want to do version control of the files anyway. Plus it can merge changes for text file make by two different users.
 
Upvote 0 Downvote
ahmun,
What exactly do you define as your web host?
Is that your ISP? Or your website?

I got the FTP behind the firewall, on a non-standard port, so only people I let have acces to it.
 
Upvote 0 Downvote
[ul][li]Windows 2000 Server / IIS 5[/li]
[li]SQL Server 2000[/li]
[li]Windows FTP Disabled (So can't use the browser for FTP access)[/li]
[li]They are both my ISP and web host.[/li][/ul]

Earnie Eng
 
Upvote 0 Downvote
Ok, your statement This is unacceptable due to security risks vaporizes into nothing by this.
All your data is offsite, you have no FULL control, but you do find VPN a security risk?
That just does not make any sense.

At your end, you have an IP, and (I hope) a firewall.
Again, what stops you from putting a VPN or FTP server in YOUR building, NOT at your ISP?
 
Upvote 0 Downvote
sorry... Let's set up the scenario more clearly:

The IT department approached me to pick my brain and see if I have any ideas (other than VPN) where non-Employees could connect and share files. VPN is indeed, secure, against hackers, but not against the user (or any virus on the user's computer that will exploit the tunnel we hand out). We have experienced a system-wide breakdown when Blaster and TooBig came by... our network was secure, but the virus proliferated itself via one of our employee's tunnel, who had not run the correct security patchs yet. Hence, the IT dudes don't want to hand out VPN access unless it's the best and last resort.

But it sounds to me like VPN is the most secure... and we just have to ensure that when we grant access, the other end is responsible...

Bottom line, we want to share files with non-Employees.

Thanks so far for your insight... If you have any more suggestions, I'm all ears! [bigears]

Earnie Eng
 
Upvote 0 Downvote
Haven't used it in a long time, but would pcanywhere be of any usefulness...



Blue [dragon]

If I wasn't Blue, I would just be a Dragon...
 
Upvote 0 Downvote
I can appreciate the concerns of you and the IT dep. , but ultimately it is a very naieve statement of your IT dep. to but the Blaster blame on the user!
If they don't secure VPN tunnels AND all server and clients, they are the one to blame.
Never ever leave responsibility to the end-user.
Suppose they send a virus (unintentionally of course), what are going to do to them? Nothing.
But meanwhile, your LAN is compromised, and that is what you should protect. So, the solution is to protect yourself first on every single level and also protect the user against him/herself.

Now, in your case where you want to share files with non-employees, you should not go VPN of course.
You really have only 2 options, a secure FTP or a secure website. Where you located that is up to you, but if the IT dep. has that many concerns, all your stuff should be at your premises in the first place.

Suppose your webhost gets hacked? What then?

And, if you don't mind me asking, if your IT dep. approached you, then .. who and what are you to them as in, what function?

PS: PCanywhere is a nightmare to manage for non-employees, stay well clear of that one!
 
Upvote 0 Downvote
Thanks for your suggestions, Marc.

I'll definetly inform the IT department of your thoughts. I'm a web developer (newbie) in the construction industry... and our IT department consists of 2 people, and I'm just one more tech saavy guy they can bounce ideas off of.

Earnie Eng
 
Upvote 0 Downvote
Since you are a web developer (newbie), and there is absolutely nothing wrong with that, I would get very scared if your IT dep. asks YOU what THEY should do regarding secure access!
Think about that too!!
 
Upvote 0 Downvote
Have you considered Windows SharePoint Services?

I'd put an isolated (non-AD) box out in the DMZ, install Win 2003 Server, install the WSS add-on (download or from the "second CD" for Win 2003 if you have it), and enable the bare minimum services to let it run. Relocate the content virtual service port to someplace non-obvious (like 9176 instead of the default 80). Leave the admin virtual service port where it is.

Set the firewall in front of this box to allow only "content" TCP port in from the Internet. Allow only "content" TCP port, "admin" TCP port, and Terminal Services TCP port from inside your company.

Use only local machine accounts on this box, require strong passwords, etc. Don't allow Basic Authentication. If you must, then require SSL but you'll take a huge network performance hit and need a certficate.

This works best if users all have Office 2003, better with Office 2002 (XP), but will be usable by anybody with IE 5.5 or later and any Office 97 on up. Of course it handles non-Office files as well.

You get a lot more than fire sharing, and basic admin and use is almost trivial.


Without Win 2003 I'd suggest Win 2000 plus a license for Frontpage 2002. This gets you the earlier SharePoint Team Services product (on the FrontPage CD). A Win 2000 Server box is a little trickier to lock down, but still no big deal. The advantage here is that for modest needs you can use Win2K Pro instead of Server (though you lose a lot of remote admin capabilities).


Either way, try it out in-house to check it out. Don't be scared, this is a very friendly product compared to most "portal" solutions.

Don't confuse it with that expensive, bloated SharePoint Portal product.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

H
  • Question
Call Pilot 100 - # of times the phone rings before answering machine picks up
Replies
0
Views
602
Huron Oaks
H
T
  • Locked
  • Solved
Not able to log into my previous account, and there's no "Forget Password"
Replies
15
Views
1K
Chris Miller
Chris Miller
puzzledinin
  • Locked
  • Question
Aloha Potential employee theft scheme
Replies
4
Views
595
SamBones
SamBones
spamjim
  • Locked
  • Question
Unintentional sharing of form data with Microsoft
Replies
0
Views
78
spamjim
spamjim
MasterRacker
  • Locked
  • News
Internet voting failure
Replies
1
Views
73
peterlong
peterlong

Part and Inventory Search

Sponsor

Back
Top