Question:
What would be needed to design an SFTP that can be accessed from outside of a LAN?
2009-09-13 13:22:20 UTC
Hello, I have never asked a question online before. I usually just research the answer for myself, but here it goes. My mother owns a business in the medical field. She needs to find a way to transfer files between her employees and herself that is HIPAA compliant for confidentiality reasons. I have already researched this and the best way is through SFTP. We already have a small network setup with a server and computers. I would like to know how to make an SFTP that my mother and employees can access from outside our network. She has hired somebody to make an SFTP before but we have too many problems with it. It can be accessed within our network but not from an employee 45 miles away. My mother uploads the files and her employees then download them. My mother is always on the road so she would like to be able to upload them from anywhere. I was thinking of maybe using FileZilla. Another option I was thinking was to have them VNC to the server or just use remote desktop. Dont know which is more secure a VPN or SFTP. Your opinions are much appreciated and I thank you in advance.
Three answers:
2009-09-13 15:23:37 UTC
Filezilla makes it fairly easy to make both an FTPS server and connect to it. If your internet connection where the server is does NOT have a static IP address, then you will have to look into Dynamic DNS. You will have to forward ports on your router to the server for FTPS.



Transferring the files securely is one step. You need to make sure each user cannot read other's uploaded files unless their job requires it, and its best to use Public Key encryption (such as PGP) on the files themselves for added security, HIPPA is a pain in the rear, but this is a step in the right direction.



I recommend AGAINST VPN for untrusted/home computers. You cannot control the access to these machines, and connecting via VPN is almost the same as connecting via an ethernet jack at the office. VPN access should only be granted to corporate owned laptops with proper user restrictions and AV/Spyware protection installed in compliance with a company IT policy. FTPS provides a layer of protection by only granting them access to ONE service, that is particularly designed to be secure against attacks/public access.
Anon
2009-09-13 20:32:36 UTC
I would use VPN. SFTP uses encryption and so does VPN. VPN will also allow less ports that need to opened and you could also have multiple authentication mechanisms. With VPN, you could have the preshared key as well as a user-name and password, and then you could also require a user-name and password to access where the data is stored. This would allow more security and more levels of logging. So you know who and when they access data.
WhoKnows?
2009-09-13 20:29:27 UTC
I think Google Apps is HIPPA compliant? That would save you a huge deal of time.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...