[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Best/Secure P2P File Sharing Solution?

Posted on 2004-04-01
Medium Priority
Last Modified: 2013-12-04
I'm looking for an easy, yet safe way to share a couple of files with a friend of mine. We run a server (I am the webmaster, he has no clue about technical stuff) and host a couple of websites that we both live from. I want to be able to place important files (program files, how-to instructions, passwords, etc.) into a shared folder so he has access to all the relevant information when I'm not around. His machine runs Win98, mine Win2k - please note that these are just private computers, NOT servers.

One idea was to use the Microsoft Network Client to set up a real shared folder that we both have access to. The downside to this might be that - in general - it might not be a good idea to open up a private computer to networking at all if this can be avoided. (I would assume that this generally increases vulnerability, as opposed to a machine that is GENERALLY not supposed to be accessed from the outside.)

The other idea was to simply email him all this information and have it automatically sorted to some special folder within Outlook Express. (Outlook Express however isn't regarded as a safety haven either, and I would assume that information that is stored within OE is more in danger than information stored elsewhere on the computer - just thinking of possible viruses that just grab random mails and forward them to random users. Or am I wrong here?)

Some input/opinions would be appreciated! If you were in my situation, would you favor one of the two solutions, or do you have a different idea? (Please keep in mind that a solution should be simple and convenient above all, security is an issue - and the reason for this post - but we are not a Swiss bank.) Thanks!
Question by:yosmc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Expert Comment

ID: 10732276
Step-by-Step Guide to Public Key Features in Outlook Express 5.0 and Above - Short white paper from Microsoft on configuration ofOutlook Express 5.0 with regards to the use of certificates and encryption/signing of mails. 2 pages.

Expert Comment

ID: 10742374
Something I'm not clear on:  You said you're running a web server, right?  Is that a public webserver running with a server OS, a public web server running off your 2kpro box, or a private web server on your 2kpro box on your network that you both share?  A little more info on that web server and whether you 2 are on the same network would be helpful.
LVL 38

Expert Comment

by:Rich Rumble
ID: 10747646
Could of sworn I posted here already... anyway IPSEC tunnels between your windows boxes. Email can have a limit to the size of the attachment you send, and it's plain-text. You could use winzip and encrypt the attachement, but I think you'll find ipsec a safe and secure connection, basically an encrypted tunnel between your friend and you,.
http://www.securityfocus.com/infocus/1528 (more links at the bottom of that page)
www.checkpoint.com/products/smallbusiness/ downloads/safe@_ms_vpn.pdf
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.


Author Comment

ID: 10747678
Werewolf, forget about the server - I was just trying to provide some background info, but the part about the server was misleading, sorry. What I'm trying to do here is between two Windows PCs that are NOT servers.

Tryware, I'm not sure if your approach really helps me. I'm not that concerned about the transfer of the data. We use secure pop and secure smtp, and while I'm aware that that's not perfectly safe, I would assume that it's safe enough for our purposes. What I'm more concerned about is the safety of the data once it's lying in an Outlook Express folder. Again, maybe that's not justified, but that's exactly one of the things I'm trying to find out. :)
LVL 12

Expert Comment

ID: 10747734
> "  What I'm more concerned about is the safety of the data once it's lying in an Outlook Express folder"

That's exactly what http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/pubkeyox.mspx is about. There are 2 options in this: Digitally sign AND/OR encryption

9.  If you want to encrypt all e-mail that you send, select the Encrypt contents and attachments for all outgoing messages option.
***end of quote***

LVL 12

Expert Comment

ID: 10747795
Maybe consider this, but create a guest user for your friend.

Remote Desktop Web Connection 5.2.3790

You must be using Internet Information Services (IIS)


Author Comment

ID: 10747848
Richrumble, if I get you right, you are basically suggesting to go for the VPN/Microsoft Network Client approach, but to make sure that both computers run Win2k so the safer L2T Protocol can be used?

Tryware, I've re-read the document you provided, but to me it's still about encrypting a mail message for transfer and decrypting it on the other side. Sorry if I'm getting someting wrong here.

Wouldn't Remote Desktop Web Connection punch a larger hole into the security of my machine than the other approaches would, given the fact that I just want to share a couple of files?
LVL 12

Expert Comment

ID: 10749074
>"What I'm more concerned about is the safety of the data once it's lying in an Outlook Express folder"
>"but to me it's still about encrypting a mail message for transfer and decrypting it on the other side"

When you encrypt your emails and attachment in outlook express, you gets the same done to the files in the outlook express folders (I'm not talking about NTFS Encrypting File System)

LVL 12

Expert Comment

ID: 10749111
>"Wouldn't Remote Desktop Web Connection punch a larger hole into the security of my machine"

A hacker just wants to get access to your network connection card (NIC). That done through your internet connection, your computer is always vunerable in many different ways. Some of them are easy for you to deal with and others are difficult.

Using ipsec as RICHRUMBLE commented, or encrypting your email is the best solutions, because they use 128 bit encryption.

Remote Desktop Web connection could be vunerable, because it's your username and password policy, that stops the hacker.
LVL 12

Expert Comment

ID: 10749125
If you DO NOT NEED to share files across the Internet

Getting a personal Firewall

Download the free version of Sygate personal firewall

Download the free version of ZoneAlarm firewall

Comparative reviews of personal firewall software:

Firewall Product Selector - Choose yourself which one to compare

The Internet Connection Firewall Can Prevent Browsing and File Sharing

LVL 12

Expert Comment

ID: 10749133
Security Features of Internet Connection Sharing

Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp

One Usage of the HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.

Port scan.. Get an instant security analysis now. You dont even need to know your own IP address!

LVL 12

Expert Comment

ID: 10749178

Author Comment

ID: 10764746
> When you encrypt your emails and attachment in outlook express, you gets the same done to
> the files in the outlook express folders (I'm not talking about NTFS Encrypting File System)

Do you happen to have some more information on this? Because it doesn't explicitly say so in the document you provided, and I'm a little worried about losing/breaking my key and not being able to access my own email anymore. ;)

The stuff on http://grc.com/su-fixit.htm is basically the reason for this thread - I've read MANY times that "Client for Microsoft Networks" is a huge security hole. Now if it's something that I needn't worry about as long as I have a firewall (I use Zone Alarm) I still have no clue.

Does anyone have experience with Microsoft's IPSEC client for Win98? Because as I said, my friend uses Win98, so IPSEC tunneling won't work - at least not out of the box.


Accepted Solution

Computer101 earned 0 total points
ID: 11472167
PAQed, with points refunded (250)

E-E Admin

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question