File Up load solution

leigh_boy

leigh_boy

leigh_boy

Associate
Joined
12 Sep 2012
Posts
1,908
Location
East Sussex
hello chaps i need some help with a solution.
my users need to upload files to be able to share them with there clients.
ideal hosted localy, cheap, on a secoundary connection with as little risk as possiable to potential hackers to get to our other data.
has any 1 else dealt with somethign like this before?
even better if i could give every user a folder that also requires authentication.
my only thought was to use IIS.
 
How secure does the "shared" data need to be? Does it need 2 factor authentication?

You could use an SFTP server. Put it off your network, or at the very least in your DMZ. Your users use SFTP to put the files up, and the client uses SFTP to download. Separate credentials for users.
 
blueboy2001 said:
How secure does the "shared" data need to be? Does it need 2 factor authentication?

You could use an SFTP server. Put it off your network, or at the very least in your DMZ. Your users use SFTP to put the files up, and the client uses SFTP to download. Separate credentials for users.
Click to expand...

il have a lookin to that, i just tried out owncloud and seems ideal but again the US wont allow it even if we just use it from uk users.
 
mrbell1984 said:
Everyone likes to do it the hard way or so it seems people on this forum always go for the harder option no matter how many times people are told to do it the easy way and advice given tends to get ignored. :D
Click to expand...

If you read leigh_boy's reply, you'd realise his hands are tied with regards to using a commercial 'cloud' based service. Secondly, the 'easy' option isn't always the best option and in majority of cases, especially when dealing with sensitive data, it isn't an option at all.


leigh_boy - If the clients aren't completely incompetent then, as blueboy2001 mentions, SFTP is one of your better options, adding two-factor if need be. Just make sure the server is locked down and keep on top of account access.
 
visibleman said:
If you read leigh_boy's reply, you'd realise his hands are tied with regards to using a commercial 'cloud' based service. Secondly, the 'easy' option isn't always the best option and in majority of cases, especially when dealing with sensitive data, it isn't an option at all.


leigh_boy - If the clients aren't completely incompetent then, as blueboy2001 mentions, SFTP is one of your better options, adding two-factor if need be. Just make sure the server is locked down and keep on top of account access.
Click to expand...

In this day and age, forcing people to use SFTP is pretty rubbish, I'd be ****ed if our suppliers required it. There are plenty of good web GUIs which can be tacked onto storage to enable this (and you can put two factor auth on anything).

I'd still recommend third party for a wealth of reasons...
 
visibleman said:
If you read leigh_boy's reply, you'd realise his hands are tied with regards to using a commercial 'cloud' based service. Secondly, the 'easy' option isn't always the best option and in majority of cases, especially when dealing with sensitive data, it isn't an option at all.


leigh_boy - If the clients aren't completely incompetent then, as blueboy2001 mentions, SFTP is one of your better options, adding two-factor if need be. Just make sure the server is locked down and keep on top of account access.
Click to expand...

His hands are being tied by people that are setting daft rules though - quite often you see people saying no to 3rd party services because they deem the cloud to be insecure, yet are happy for something to be hosted onsite yet still accessible externally because it's assumed that this is more secure purely because it isn't 'cloud'.

I can totally understand having security requirements, but there's no reason a 3rd party hosted option can't meet these requirements. No offence to the OP but I'd put money on a box.net type service being inherently more secure than someone's first experience of rolling their own. Which makes the "NO CLOUD!" argument totally dead in the water.
 
Last edited:
Caged said:
His hands are being tied by people that are setting daft rules though - quite often you see people saying no to 3rd party services because they deem the cloud to be insecure, yet are happy for something to be hosted onsite yet still accessible externally because it's assumed that this is more secure purely because it isn't 'cloud'.

I can totally understand having security requirements, but there's no reason a 3rd party hosted option can't meet these requirements. No offence to the OP but I'd put money on a box.net type service being inherently more secure than someone's first experience of rolling their own. Which makes the "NO CLOUD!" argument totally dead in the water.
Click to expand...
100% agreed. Running your own *anything* on the open Internet is risky, and you have to stay on top of patching to make sure you aren't exposed.
 
I've worked with people who don't want to externally host anything because they think that it's not secure and someone will steal their blog posts (for example), but see no issue punching a hole through a firewall straight into a domain-joined web server on the corporate network. It's total insanity to have such a black and white view of the subject. At best you pay a lot more than you have to trying to secure an on-site solution, at worst you do it wrong and compromise your data.
 
Caged said:
His hands are being tied by people that are setting daft rules though....
Click to expand...

True and i agree. But unfortunately typical management politics tends to come into play and in most cases you're unlikely to persuade management unless your preferred solution is dramatically cheaper, in which case they tend to be a bit more lenient to the idea especially when dealing with IT :P - so you either work with the constraints or sit there in stalemate.

Either way, i'm sure leigh_boy has got it covered and will provide a number of solutions for his proposal (obviously adding weighting to his preferred choice ;)).


bigredshark said:
In this day and age, forcing people to use SFTP is pretty rubbish....

There are plenty of good web GUIs which can be tacked onto storage to enable this.
Click to expand...

Sure, SFTP is not an elegant solution and it's certainly not for everyone but it is a well tested, secure (if done right) solution that's simple to set up and relatively easy to manage.

As for web GUI's, can you list a few?

OwnCloud (and variants) is about the only product i can think of but security would be my worry.
 
We use Serv-U with their Gateway product (Basically a proxy that sits in the DMZ which ensures no data is ever stored in the DMZ and no client connections ever traverse the DMZ).
 
Pydio, formerly Ajaxplorer, will do exactly what you want. http://pyd.io/

Point it internally to whatever storage you want to use and off you go. It's a good alternative to WebDAV. It also has LDAP / AD Authentication.

It's up to them to make a call on what security they are or aren't happy with. Being judicious with port openings for DMZ-based services is very important.
 
Last edited:
Yamahahahahaha said:
Pydio, formerly Ajaxplorer, will do exactly what you want. http://pyd.io/

Point it internally to whatever storage you want to use and off you go. It's a good alternative to WebDAV. It also has LDAP / AD Authentication.

It's up to them to make a call on what security they are or aren't happy with. Being judicious with port openings for DMZ-based services is very important.
Click to expand...

Thank you so much for this. I was using WebDAV for stuff but people just couldn't get the hang of it. This should hopefully stop people trying to use SMB over a VPN and complaining about performance.
 
Caged said:
Thank you so much for this. I was using WebDAV for stuff but people just couldn't get the hang of it. This should hopefully stop people trying to use SMB over a VPN and complaining about performance.
Click to expand...

Haha, while we have generally moved to web based apps for most things there is one of our IP management spreadsheets at work which lives on a file server two continents away from me, it's over our own 10Gig+ network but SMB with 160ms latency sucks in a big way no matter how much bandwidth you have...

That's going away this quarter though thank god...
 
You must log in or register to reply here.
Back
Top Bottom