Tags:

Secure remote access to home PC
September 6, 2010 12:21 PM   Subscribe

How can I set up secure remote access to my home computer?

I would like to be able to get to my media files on my home computer from remote locations. There is, however, a catch. My husband is extremely concerned about security, even though I keep telling him that we aren't storing nuclear missile launch codes on my computer. At least, not that I know of.

(Yes, I know he's right to be concerned about it.) :-)

I don't care about being able to see my desktop, control it remotely, etc. All I want to be able to do is login to my computer from someplace like my laptop or my parents' computer, grab a random media file, and pull it over.

Stuff I've considered:
  • Remote desktop - Doesn't meet the security requirements. Or, if it's gotten more secure lately, I don't know about it.
  • GoToMyPC and the like - See above.
  • Streaming - Tried it. Security concerns aside, our upspeed sucks as far as a consistent connection.
  • Storing media in the cloud - My collection is pretty big, at least when it comes to considering remote storage. I want to have the option of getting to the whole thing. Otherwise, I would just dump stuff on a 16GB USB drive and be done with it.
I'm digging into other options, such as setting up a home VPN, but I'm not fluent in Network. Half of what I'm finding seems to be from around 2006, and I'm not equipped to judge what's out there. I know enough to be dangerous: I can say "Yes, a home VPN is a great idea!" but wouldn't be able to say "No, don't get that one, it will open you up to hordes of zombie bots!"

Has anyone else set up something like this? What are the most secure options? Recommendations for specific software/hardware are welcome.
posted by CrazyGabby to computers & internet (14 answers total) 10 users marked this as a favorite
 
ssh/sftp?

It's build into MacOS. I don't know what your Windows options are; I used to implement it in Cygwin.
posted by mr_roboto at 12:26 PM on September 6, 2010 [1 favorite]


You may want to look at Hamachi, which is a private VPN solution that's really easy to set up. It's a point-to-point encrypted VPN, and so you should be quite secure.
posted by haykinson at 12:30 PM on September 6, 2010 [3 favorites]


Dropbox might be an option for you if you're willing to pay for it. The free version only gives you 2Gb, but for about 10 bucks a month you get 50Gb of storage. It allows you to store the contents of a folder on your home computer in the cloud so you can access it from anywhere.

Otherwise I'd just go with ssh or htp as mentioned above. Stupid easy to set up on a mac or linux machine, but also doable through windows.
posted by auto-correct at 12:40 PM on September 6, 2010


There are a variety of freeware SFTP servers available for Windows. Choose one and set it up carefully, and it should cover all your bases.
posted by lefty lucky cat at 12:45 PM on September 6, 2010


What exactly is the security requirement? Do you not want to open up any ports?
posted by smackfu at 12:53 PM on September 6, 2010


A VPN would be overkill for this.

Get a some network storage (NAS) with secure access; Western Digital has the MyBook series of drives, I've got one with sftp - it's not exactly enterprise grade but I think it would be perfect for your needs.

You need to set the NAS up with a static IP in your home network, and configure your router to forward appropriate ports to it.

You will also need either a static external IP, so you can get to your PC from the outside (costs money), or a dynamic DNS service such as OpenDNS (free as far as I know).

Other than that, it never hurts to follow prudent security practices: Set it up to listen to a non-standard port (not real security but it helps) disable default accounts, use secure passwords and rotate them frequently etc.
posted by Dr Dracator at 1:02 PM on September 6, 2010


As an adjunct, if you do have sensitive data on your computer that you will not be accessing from a remote location, get that stuff encrypted if you haven't already. Truecrypt is free, secure and easy to use. If you're going to be allowing remote access to your PC, this additional security step is a no-brainer.
posted by lefty lucky cat at 1:10 PM on September 6, 2010


Okay, there are two concerns you have to deal with.

#1: Local network security. Your husband is concerned that, if you open any ports (if you're not tech savvy, think windows or doors) into your local network, then anything on your local network will be exposed to anyone doing random port scans (think walking down the street looking for open windows or doors) on your network. As someone like your husband who has set such a thing up securely, you'd be amazed how often home network get scanned by automated port scans. It's kind of distressing once you see the amount of and nature of the traffic.

#2: Your computer security. Your husband is concerned that, if someone's already on the local network through open ports, you might accidentally be sharing more than you intended (very easy to do local desktop computer security badly.)

So there are two fundamental strategies for addressing this:

The first is to set up a VPN for local network access, and set your computer sharing properly. That's going to take a lot of work and potentially expense, and when you try to grab a file using your parent's computer you may need to spend twenty minutes installing software and setting up port forwards. In short, it's going to suck. So let's put that off the table.

The second is to set up a shared drive at home, on a machine that allows SSH/SCP access, and get in the habit of keeping all of your files (that is, those you'd like to share) on that machine. Once you've set up a single port through which external users can get to that SSH/SCP machine (and only that machine), you'll have an easier time installing a single app on your parent's machine (and more importantly, not having to worry about port forwarding and such on their computer.) Downside? You'll only have access to those files you keep on that machine, and when you're accessing those files at your house through your desktop computer, they'll take longer to get (you won't notice it for a single file, but if you're syncing 4,000 songs to a new ipod, you're going to notice.)

As for software recommendations: if you or your husband do not already know what SSH/SCP is, neither of these solutions are likely to work for you, and you should either be prepared to plan ahead (and bring files you might need remotely with you on a thumb drive), or be prepared to give up/fumble your way into a solution that exposes your local computers to stupid, pointless attacks by script kiddies.
posted by davejay at 1:50 PM on September 6, 2010


I'm gonna agree with auto-correct and recommend Dropbox, if you don't mind paying a little money. All these other solutions, with sftp and Hamachi and things will certainly work, but they all have significant downsides. Hamachi is awesome, but you need to have it installed on the computer you're accessing from, which is kind of a pain if you're over at your parents house and just want to access a file.

Running an sftp server on your computer is doable, sure, but it can be really tricky to configure everything (you have to set it up to run as a service, you have to configure your router to give your computer a static IP and forward ports properly) and can be equally tricky to access. Just as an example, if you don't want to memorize the IP of your computer, or if it changes all the time (which it does), you have to set up some Dynamic DNS, which also isn't completely trivial. Getting all that stuff to play along nicely with each other can be a pain.

A NAS on your local network is smoother, but it still has many of the same problems (notably the router configuration and dynamic DNS problems). Also, they're not all that cheap, in my (very limited) experience.

In comparison, a monkey could use Dropbox. You sign up for an account, and you install a client on your computer that adds a "Dropbox" folder. You simply move stuff in there, it's automatically synched, and you can then easily access it from anywhere in the world. The web service uses SSL, and I'm assuming the client also uses good encryption. Pick a good password, and it's pretty secure. It also has added benefits like an iPhone client.

It's just so much easier than all the other solutions. It's free to try and takes about five minutes to get started, so at least try it out. And ten bucks a month ain't a whole lot.
posted by gkhan at 2:04 PM on September 6, 2010


If you don't wish to use Dropbox or other cloud services, you might consider an outright hosting service. You can find plenty of possibilities. I use Dreamhost. With Dreamhost I have unlimited storage and traffic per month for $11/month. I'd still need to get my collection to my host (virtual, which means I share with other users) and figure out what server to set up (unix-variety in my case) to do what I want, but once the collection was out there, I wouldn't need to protect my network from intrusions - Dreamhost would have to protect their servers (and I'd need to backup/secure what I had there to my specs).

This would take some work to figure out but given that your husband is the one with the high standards, maybe he could do some of it for you?
posted by kalessin at 2:37 PM on September 6, 2010


This doesn't answer your question but have you considered an external hard drive?
Most run about $150 dollars for 1.5 teribytes. Which should be large enough for any media files, plus the transfere rate would be much faster. Most are quite compact too. My Western Digital 1.5 teribite drive is about the size of 2 fat wallets next to each other.

All you have to do is plug it into your computer copy everything onto it and your all set. Instant access to your computers media files and you don't even need internet.
posted by Takeyourtime at 3:19 PM on September 6, 2010


Thank you all so much for taking the time to respond! These were all really helpful as far as seeing what our options are. SSH is likely the best route if I'm dead set on keeping everything locally, but I'm probably going to give the portable hard drive and/or Dropbox a shot for now, since it's a heck of a lot quicker to see if that'll do what I need. If not, we can try setting up the shared drive. (Luckily, while we don't have hands-on experience with it, we at least know what it is and what it's for, while the home VPN scenario was about one step too far - for me, at least.)

Thanks again!
posted by CrazyGabby at 3:53 PM on September 6, 2010


If your upload speed sucks too bad for streaming, it also sucks too bad to for transferring large media files off your home machine via the Internet. The portable hard drive is your best option. Get one the same size as the hard drive on your home box, and use something like rsync or Robocopy to keep its contents identical - now you have not only portable data but a backup.
posted by flabdablet at 6:41 PM on September 6, 2010 [1 favorite]


Even if it won't help you much with your movies and music, though, a ssh server is a handy thing to have lying about the the occasional transfer of smaller things. I use a ssh server on the box at home and keep a portable version of the PuTTY suite on a stick in my pocket. I use a Linux box running the OpenSSH daemon, which also includes a SOCKS proxy - handy for when I want to do secure Web browsing from out-and-about. There are various easily-found guides available for setting up OpenSSH on Windows with Cygwin. I've also used this native Windows ssh daemon successfully on a customer machine.

I registered a free domain name for myself at dyndns,org, then told my ADSL router's Dynamic DNS facility to keep it up to date; so far this has Just Worked, across three changes of ISP.

I generated a random number between 30000 and 50000, and told my router to redirect that port on my public IP address to port 22 on the private LAN address of the ssh server box. Using a random port number like this is pure security-by-obscurity, but it does actually mean that the network log on my ssh server has not, in three years operation, recorded a connection attempt I couldn't identify as one of mine. It also means that I can connect to my home from my workplace, because although the upstream firewall gratuitously blocks outgoing connections on port 22, everything above port 1024 is wide open.
posted by flabdablet at 7:16 PM on September 6, 2010 [3 favorites]


« Older What are your favorite art mag...   |  I'm a web developer with enoug... Newer »
This thread is closed to new comments.