Sharing network drives through a firewall
December 17, 2008 8:12 AM Subscribe
How can I securely share files on a Windows server behind a firewall with remote users ?
We have a Sonicwall firewall box with VPN, and while this works okay for remote desktop, it's really slow for file sharing. I'm currently looking into Hamachi or sftp and welcome opinions on these solutions, but am open to other ideas that are secure and relatively easy to set up and administer. Practically all of the remote users are on Windows XP machines, though there might be a stray Vista or Apple user that needs access.
We have a Sonicwall firewall box with VPN, and while this works okay for remote desktop, it's really slow for file sharing. I'm currently looking into Hamachi or sftp and welcome opinions on these solutions, but am open to other ideas that are secure and relatively easy to set up and administer. Practically all of the remote users are on Windows XP machines, though there might be a stray Vista or Apple user that needs access.
This may be more about your internet connection (speed) than the transport method (RDC/SFTP). You most likely need a beefier upload speed. A T1 line usually costs more, but the speeds are symmetric (the same up and down), unlike DSL which is asymmetric (really fast download, slow upload).
posted by ijoyner at 10:19 AM on December 17, 2008
posted by ijoyner at 10:19 AM on December 17, 2008
Response by poster: We actually have SDSL. I just ran a test on the line and it's getting 1785kb/s down, 1886kb/s up, so that's fairly symmetrical.
posted by SteveInMaine at 11:41 AM on December 17, 2008
posted by SteveInMaine at 11:41 AM on December 17, 2008
Hamachi worked well for me for simple things, but for file sharing it basically sucked. The for-pay version might be faster, I never tried it, but file transfer over the free one was slow.
posted by caution live frogs at 12:02 PM on December 17, 2008
posted by caution live frogs at 12:02 PM on December 17, 2008
Filezilla. FTP, SFTP, FTP/SSL, etc all in one simple package with an easy to use gui. I believe you can disable the non-encrypted protocols too. You can also configure it to lock out IPs after so many failed logins and throttle bandwidth.
This may be more about your internet connection (speed) than the transport method (RDC/SFTP).
I typically find RDP file transfers to be unusually slow.
posted by damn dirty ape at 2:51 PM on December 17, 2008
This may be more about your internet connection (speed) than the transport method (RDC/SFTP).
I typically find RDP file transfers to be unusually slow.
posted by damn dirty ape at 2:51 PM on December 17, 2008
Best answer: Yes, RDC transfers are very slow.
Have you tried using the Routing and Remote Access Services component of the Windows Server and try a Windows VPN to transfer files? Since it is on the same server it may be a bit faster and still allow people to RDC like they normally would for desktop access.
FTP may be the most efficient. FileZilla can be used as the server, as well as the deployed client. Alternately, FireFTP is a Firefox extension (you do have them running Firefox, right?) that is easy to configure. You can even import/export connection settings for easy deployment. Both of these programs are cross-platform.
Finally, check/implement the QoS on the Sonicwall.
posted by ijoyner at 5:41 PM on December 18, 2008
Have you tried using the Routing and Remote Access Services component of the Windows Server and try a Windows VPN to transfer files? Since it is on the same server it may be a bit faster and still allow people to RDC like they normally would for desktop access.
FTP may be the most efficient. FileZilla can be used as the server, as well as the deployed client. Alternately, FireFTP is a Firefox extension (you do have them running Firefox, right?) that is easy to configure. You can even import/export connection settings for easy deployment. Both of these programs are cross-platform.
Finally, check/implement the QoS on the Sonicwall.
posted by ijoyner at 5:41 PM on December 18, 2008
Response by poster: I haven't really dug into the Windows Server RAS as a possibility. I'll look into this. Also, I'm surprised to see FTP touted here. While I agree that it's really easy to configure, I've always had the impression that from a security standpoint it's pretty dicey.
posted by SteveInMaine at 7:19 PM on December 18, 2008
posted by SteveInMaine at 7:19 PM on December 18, 2008
Best answer: It is because its unencrypted. But SFTP and FTPS (FTP + SSL) is just fine. Hell, SFTP isnt really FTP at all, its part of SSH and FTP in name only. FTPS is FTP married with SSL. This stuff is as secure as what you use to bank on the internet with. Pick strong passwords and enable the password lock out policy. This is the same advice youd give for any service running on the internet.
If you know the IPs or IP range of the people accessing the server you can also tell your firewall to drop traffic from anyone not on that list. You can also change what port Filezlla uses for a little security by obscurity if you cant get those IPs. I usually pick something high like 40k plus range. Most port scans dont attempt to go that high.
BTW, there's a trick to disabling unencrypted FTP in the fileizlla GUI. Leave the box with the port number for just FTP blank. Make sure to enable SSL and pick a port for it.
Good luck!
posted by damn dirty ape at 8:02 PM on December 18, 2008
If you know the IPs or IP range of the people accessing the server you can also tell your firewall to drop traffic from anyone not on that list. You can also change what port Filezlla uses for a little security by obscurity if you cant get those IPs. I usually pick something high like 40k plus range. Most port scans dont attempt to go that high.
BTW, there's a trick to disabling unencrypted FTP in the fileizlla GUI. Leave the box with the port number for just FTP blank. Make sure to enable SSL and pick a port for it.
Good luck!
posted by damn dirty ape at 8:02 PM on December 18, 2008
This thread is closed to new comments.
posted by sinfony at 10:02 AM on December 17, 2008