 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion Groups Database Servers DB2InformixIngresMS SQLOraclePervasive.SQLPostgreSQLProgressSybaseDesktop Databases FileMakerFoxProMS AccessParadoxGeneral General DB TopicsDatabase TheoryRelated Topics Java Development.NET DevelopmentVB DevelopmentMore Topics ... |
Database Forum / FileMaker Topics / August 2008Port 5003. IWP. Security.
They all rhyme, but do they play nice? I'm ignorant about internet security, and have been hearing some alarming claims regarding opening ports for Filemaker access. The latest was someone who said that "all the 5000 series ports are especially vulnerable and prone to attack." He also said that accessing a system via VPN is "just as bad." His suggested solution for secure remote access was GoToMyPC or equivalent. I just have a hard time believing that it's impossible to (responsibly) use Filemaker's own protocols for sharing data over the web, but I'm completely at sea here. Can I get some help? I develop on a mac, FM 9 Adv., work with both Mac and PC networks, served with FM Server 8 and 9. Small clients, no IT departments. many thanks for any input... Lanse > They all rhyme, but do they play nice? I'm ignorant about internet > security, and have been hearing some alarming claims regarding opening > ports for Filemaker access. The latest was someone who said that "all > the 5000 series ports are especially vulnerable and prone to attack." > He also said that accessing a system via VPN is "just as bad." Whoever said that doesn't know what they are talking about. > His > suggested solution for secure remote access was GoToMyPC or > equivalent. Its decent. But way over priced for what you get. I guess its simple and anyone can figure it out, but if your a filemaker developer you should be able to figure out configuring RDP or VNC; its hardly rocket science. > I just have a hard time believing that it's impossible to > (responsibly) use Filemaker's own protocols for sharing data over the > web, but I'm completely at sea here. > Can I get some help? Start with: http://www.filemaker.com/downloads/documentation/fm8_security.pdf A 'remote desktop' solultion (a la gotomypc) is preferable securitywise because only the screen data crosses the network not all the actual the database traffic, it also has the benefit of being faster in most cases. However a properly setup VPN is fine from a security point of view. The secure connections feature of FM server are also to my knowledge fine, although I wouldn't rely solely on this over a WAN link because it DOES mean your FM server can be attacked directly from the internet and makes it vulnerable to denial of service and other attacks, even if they can't get your data, they can disrupt your server potentially. So you have to weight that risk. If you use a VPN, the worst they can do is bring down your VPN server. If I were exposing 5003 to the internet, I'd at the very least enable encryption and set up a firewall to restrict the range of ip addresses that it would accept connections from to a whitelist. Of course it really depends on how paranoid you are, and how valuable your data is, and what the impact of a security breach would be, to assess how many layers and what kind of security you need. -Dave |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.