yosmc
asked on
Best/Secure P2P File Sharing Solution?
I'm looking for an easy, yet safe way to share a couple of files with a friend of mine. We run a server (I am the webmaster, he has no clue about technical stuff) and host a couple of websites that we both live from. I want to be able to place important files (program files, how-to instructions, passwords, etc.) into a shared folder so he has access to all the relevant information when I'm not around. His machine runs Win98, mine Win2k - please note that these are just private computers, NOT servers.
One idea was to use the Microsoft Network Client to set up a real shared folder that we both have access to. The downside to this might be that - in general - it might not be a good idea to open up a private computer to networking at all if this can be avoided. (I would assume that this generally increases vulnerability, as opposed to a machine that is GENERALLY not supposed to be accessed from the outside.)
The other idea was to simply email him all this information and have it automatically sorted to some special folder within Outlook Express. (Outlook Express however isn't regarded as a safety haven either, and I would assume that information that is stored within OE is more in danger than information stored elsewhere on the computer - just thinking of possible viruses that just grab random mails and forward them to random users. Or am I wrong here?)
Some input/opinions would be appreciated! If you were in my situation, would you favor one of the two solutions, or do you have a different idea? (Please keep in mind that a solution should be simple and convenient above all, security is an issue - and the reason for this post - but we are not a Swiss bank.) Thanks!
One idea was to use the Microsoft Network Client to set up a real shared folder that we both have access to. The downside to this might be that - in general - it might not be a good idea to open up a private computer to networking at all if this can be avoided. (I would assume that this generally increases vulnerability, as opposed to a machine that is GENERALLY not supposed to be accessed from the outside.)
The other idea was to simply email him all this information and have it automatically sorted to some special folder within Outlook Express. (Outlook Express however isn't regarded as a safety haven either, and I would assume that information that is stored within OE is more in danger than information stored elsewhere on the computer - just thinking of possible viruses that just grab random mails and forward them to random users. Or am I wrong here?)
Some input/opinions would be appreciated! If you were in my situation, would you favor one of the two solutions, or do you have a different idea? (Please keep in mind that a solution should be simple and convenient above all, security is an issue - and the reason for this post - but we are not a Swiss bank.) Thanks!
Something I'm not clear on: You said you're running a web server, right? Is that a public webserver running with a server OS, a public web server running off your 2kpro box, or a private web server on your 2kpro box on your network that you both share? A little more info on that web server and whether you 2 are on the same network would be helpful.
Could of sworn I posted here already... anyway IPSEC tunnels between your windows boxes. Email can have a limit to the size of the attachment you send, and it's plain-text. You could use winzip and encrypt the attachement, but I think you'll find ipsec a safe and secure connection, basically an encrypted tunnel between your friend and you,.
http://www.securityfocus.com/infocus/1528 (more links at the bottom of that page)
www.checkpoint.com/products/smallbusiness/ downloads/safe@_ms_vpn.pdf
http://support.microsoft.com/default.aspx?scid=kb;en-us;818043
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q252/7/35.asp&NoWebContent=1
GL!
-rich
http://www.securityfocus.com/infocus/1528 (more links at the bottom of that page)
www.checkpoint.com/products/smallbusiness/ downloads/safe@_ms_vpn.pdf
http://support.microsoft.com/default.aspx?scid=kb;en-us;818043
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q252/7/35.asp&NoWebContent=1
GL!
-rich
ASKER
Werewolf, forget about the server - I was just trying to provide some background info, but the part about the server was misleading, sorry. What I'm trying to do here is between two Windows PCs that are NOT servers.
Tryware, I'm not sure if your approach really helps me. I'm not that concerned about the transfer of the data. We use secure pop and secure smtp, and while I'm aware that that's not perfectly safe, I would assume that it's safe enough for our purposes. What I'm more concerned about is the safety of the data once it's lying in an Outlook Express folder. Again, maybe that's not justified, but that's exactly one of the things I'm trying to find out. :)
Tryware, I'm not sure if your approach really helps me. I'm not that concerned about the transfer of the data. We use secure pop and secure smtp, and while I'm aware that that's not perfectly safe, I would assume that it's safe enough for our purposes. What I'm more concerned about is the safety of the data once it's lying in an Outlook Express folder. Again, maybe that's not justified, but that's exactly one of the things I'm trying to find out. :)
> " What I'm more concerned about is the safety of the data once it's lying in an Outlook Express folder"
That's exactly what http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/pubkeyox.mspx is about. There are 2 options in this: Digitally sign AND/OR encryption
***quote***
9. If you want to encrypt all e-mail that you send, select the Encrypt contents and attachments for all outgoing messages option.
***end of quote***
That's exactly what http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/pubkeyox.mspx is about. There are 2 options in this: Digitally sign AND/OR encryption
***quote***
9. If you want to encrypt all e-mail that you send, select the Encrypt contents and attachments for all outgoing messages option.
***end of quote***
Maybe consider this, but create a guest user for your friend.
Remote Desktop Web Connection 5.2.3790
http://www.microsoft.com/downloads/details.aspx?FamilyID=e2ff8fb5-97ff-47bc-bacc-92283b52b310&DisplayLang=en
You must be using Internet Information Services (IIS)
Remote Desktop Web Connection 5.2.3790
http://www.microsoft.com/downloads/details.aspx?FamilyID=e2ff8fb5-97ff-47bc-bacc-92283b52b310&DisplayLang=en
You must be using Internet Information Services (IIS)
ASKER
Richrumble, if I get you right, you are basically suggesting to go for the VPN/Microsoft Network Client approach, but to make sure that both computers run Win2k so the safer L2T Protocol can be used?
Tryware, I've re-read the document you provided, but to me it's still about encrypting a mail message for transfer and decrypting it on the other side. Sorry if I'm getting someting wrong here.
Wouldn't Remote Desktop Web Connection punch a larger hole into the security of my machine than the other approaches would, given the fact that I just want to share a couple of files?
Tryware, I've re-read the document you provided, but to me it's still about encrypting a mail message for transfer and decrypting it on the other side. Sorry if I'm getting someting wrong here.
Wouldn't Remote Desktop Web Connection punch a larger hole into the security of my machine than the other approaches would, given the fact that I just want to share a couple of files?
>"What I'm more concerned about is the safety of the data once it's lying in an Outlook Express folder"
>"but to me it's still about encrypting a mail message for transfer and decrypting it on the other side"
When you encrypt your emails and attachment in outlook express, you gets the same done to the files in the outlook express folders (I'm not talking about NTFS Encrypting File System)
>"but to me it's still about encrypting a mail message for transfer and decrypting it on the other side"
When you encrypt your emails and attachment in outlook express, you gets the same done to the files in the outlook express folders (I'm not talking about NTFS Encrypting File System)
>"Wouldn't Remote Desktop Web Connection punch a larger hole into the security of my machine"
A hacker just wants to get access to your network connection card (NIC). That done through your internet connection, your computer is always vunerable in many different ways. Some of them are easy for you to deal with and others are difficult.
Using ipsec as RICHRUMBLE commented, or encrypting your email is the best solutions, because they use 128 bit encryption.
Remote Desktop Web connection could be vunerable, because it's your username and password policy, that stops the hacker.
A hacker just wants to get access to your network connection card (NIC). That done through your internet connection, your computer is always vunerable in many different ways. Some of them are easy for you to deal with and others are difficult.
Using ipsec as RICHRUMBLE commented, or encrypting your email is the best solutions, because they use 128 bit encryption.
Remote Desktop Web connection could be vunerable, because it's your username and password policy, that stops the hacker.
If you DO NOT NEED to share files across the Internet
http://grc.com/su-fixit.htm
Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal
Download the free version of Sygate personal firewall
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf
Download the free version of ZoneAlarm firewall
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za
Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm
Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
The Internet Connection Firewall Can Prevent Browsing and File Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;298804
http://grc.com/su-fixit.htm
Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal
Download the free version of Sygate personal firewall
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf
Download the free version of ZoneAlarm firewall
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za
Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm
Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
The Internet Connection Firewall Can Prevent Browsing and File Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;298804
Security Features of Internet Connection Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;q241570
Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/
One Usage of the HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/
Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2
Port scan.. Get an instant security analysis now. You dont even need to know your own IP address!
http://www.dslreports.com/scan
http://support.microsoft.com/default.aspx?scid=kb;en-us;q241570
Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/
One Usage of the HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/
Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2
Port scan.. Get an instant security analysis now. You dont even need to know your own IP address!
http://www.dslreports.com/scan
ASKER
> When you encrypt your emails and attachment in outlook express, you gets the same done to
> the files in the outlook express folders (I'm not talking about NTFS Encrypting File System)
Do you happen to have some more information on this? Because it doesn't explicitly say so in the document you provided, and I'm a little worried about losing/breaking my key and not being able to access my own email anymore. ;)
The stuff on http://grc.com/su-fixit.htm is basically the reason for this thread - I've read MANY times that "Client for Microsoft Networks" is a huge security hole. Now if it's something that I needn't worry about as long as I have a firewall (I use Zone Alarm) I still have no clue.
Does anyone have experience with Microsoft's IPSEC client for Win98? Because as I said, my friend uses Win98, so IPSEC tunneling won't work - at least not out of the box.
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp
Thanks!
> the files in the outlook express folders (I'm not talking about NTFS Encrypting File System)
Do you happen to have some more information on this? Because it doesn't explicitly say so in the document you provided, and I'm a little worried about losing/breaking my key and not being able to access my own email anymore. ;)
The stuff on http://grc.com/su-fixit.htm is basically the reason for this thread - I've read MANY times that "Client for Microsoft Networks" is a huge security hole. Now if it's something that I needn't worry about as long as I have a firewall (I use Zone Alarm) I still have no clue.
Does anyone have experience with Microsoft's IPSEC client for Win98? Because as I said, my friend uses Win98, so IPSEC tunneling won't work - at least not out of the box.
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/howto/pubkeyox.asp