The commute to the office is taking its toll on me. So I would like to
access FMS files remotely.

I know I can open port 5008 for TCP/IP access to office FMS sitting
begind a firewall but I'm afraid that some will figure it all out and
get to our data.  

Any body know what the safest way to do this would be?

Is Apple Remote Desktop or Timbuktu a safer bet?

TIA

Test <test@123.com> wrote:

> The commute to the office is taking its toll on me. So I would like to
> access FMS files remotely.
> 
> I know I can open port 5008 for TCP/IP access to office FMS sitting
> begind a firewall but I'm afraid that some will figure it all out and
> get to our data.  
> 
> Any body know what the safest way to do this would be?
> 
> Is Apple Remote Desktop or Timbuktu a safer bet?
> 

On Windows, GoToMyPC (gotomypc.com) works a treat. It's point to point
VPN, and very easy to set up.

On Mac, Timbuktu works quite well too.

Lynn Allen
--
Allen & Allen Semiotics        www.semiotics.com
FSA Associate       Filemaker Design & Consulting 

In article <1gulitn.1c313ee10lbqjcN%lynn@NOT-semiotics.com>, lynn@NOT-
semiotics.com says...
> Test <test@123.com> wrote:
> 
> > The commute to the office is taking its toll on me. So I would like to
> > access FMS files remotely.
> > 
> > I know I can open port 5008 for TCP/IP access to office FMS sitting
> > begind a firewall but I'm afraid that some will figure it all out and
> > get to our data.  
> > 
> > Any body know what the safest way to do this would be?
> > 
> > Is Apple Remote Desktop or Timbuktu a safer bet?
> > 
> 
> On Windows, GoToMyPC (gotomypc.com) works a treat. It's point to point
> VPN, and very easy to set up.
> 
> On Mac, Timbuktu works quite well too.
> 
> Lynn Allen

Timbuktu works fine on Windows too; cross platform.

There is also Remote Desktop built into XP. (Mini-single user-terminal 
server)

There is also VNC (cross platform), which is completely free.

I don't care for GoToMyPC its basically just paying for Remote Desktop, 
which is silly unless you have no computer skills and want to pay  
'someone else' to set it up and support it for you.

The issue with -all- of these is that they really don't solve the 
problem the OP asked about.

He's afraid opening the port will make his FM files vulnerable if 
someone 'out there' notices the port and guesses his FM login password. 
(You DID password protect your files right?)

However, using timbuktu, remote desktop, gotomypc or VNC isn't any 
safer, as in all cases someone can notice the port and guess his login 
password to those...

Overall if you open up a port in your filewall to access your 
lan/fmdata, there's an inherent risk somebody else will notice and guess 
your passwords.

You can double layer it by using something like remote desktop -and- 
password protecting FM... now there's two passwords to guess.

And you can use VPN software for encryption etc and add a 3rd layer... 
and/or use firewalls that will only accept incoming connections from 
your ip address at home etc (requires you have a static or at least 
stable ip at home though)

42 <nospam@nospam.com> wrote:

> I don't care for GoToMyPC its basically just paying for Remote Desktop,
> which is silly unless you have no computer skills and want to pay  
> 'someone else' to set it up and support it for you.
> 
> The issue with -all- of these is that they really don't solve the 
> problem the OP asked about.
> 
> He's afraid opening the port will make his FM files vulnerable if 
> someone 'out there' notices the port and guesses his FM login password.
> (You DID password protect your files right?)
> 
> However, using timbuktu, remote desktop, gotomypc or VNC isn't any 
> safer, as in all cases someone can notice the port and guess his login
> password to those...

Um. There was no open port in the firewall with GoToMyPC. None.  Not
needed.  On the other hand, you do generally have to do the firewall
dance with Timbuktu, and if you need to access more than one computer on
a network it causes some additional setup work. GoToMyPc, because you
set it up on each guest with a specific name that's registered, doesn't
have this problem.

And yes, if you're not a Windows whiz, (spelled as I intended) GTMPC is
easier than Remote Desktop.  I'm happy to pay for a simple, secure, EASY
connection to the remote computer I use it for.  Anybody who can make
something in Windows work right the first time has my undying gratitude.

You must of course use a really secure password for any outside access.
Mine is more than 12 characters, with mixed alpha & numeric.  No
guessing will work.

And the FM files as well should have a secure password.  That's a given.

If you don't want to expose your files to the world, DON'T open port
5003 for WAN access. Use some form of VPN. 

Lynn Allen
--
Allen & Allen Semiotics        www.semiotics.com
FSA Associate       Filemaker Design & Consulting   

In article <1gum1dm.nw5s1z13107wnN%lynn@NOT-semiotics.com>, lynn@NOT-
semiotics.com says...
> 42 <nospam@nospam.com> wrote:
> 
> > I don't care for GoToMyPC its basically just paying for Remote Desktop,
> > which is silly unless you have no computer skills and want to pay  
> > 'someone else' to set it up and support it for you.
> > 
> > The issue with -all- of these is that they really don't solve the 
> > problem the OP asked about.
> > 
> > He's afraid opening the port will make his FM files vulnerable if 
> > someone 'out there' notices the port and guesses his FM login password.
> > (You DID password protect your files right?)
> > 
> > However, using timbuktu, remote desktop, gotomypc or VNC isn't any 
> > safer, as in all cases someone can notice the port and guess his login
> > password to those...
> 
> Um. There was no open port in the firewall with GoToMyPC. None.  Not
> needed. 

Quite right. My oversight. With GoToMyPC you -just- need to guess the 
login information. I hardly see that as an advantage though. ;)

> On the other hand, you do generally have to do the firewall
> dance with Timbuktu, and if you need to access more than one computer on
> a network it causes some additional setup work. GoToMyPc, because you
> set it up on each guest with a specific name that's registered, doesn't
> have this problem.
> 
> And yes, if you're not a Windows whiz, (spelled as I intended) GTMPC is
> easier than Remote Desktop.

Opening a port on the pervasive linksys/smc/dlink firewalls out there is 
a 5 minute job that *any* pc-tech can do, for a small one time fee.

On more advanced enterprise firewalls from cisco et al, sure the 
complexity goes up... but if you are running those you've got a 
relationship with someone who can set it up for you too.

>  I'm happy to pay for a simple, secure, EASY
> connection to the remote computer I use it for. 

Paying $20/mo *indefinately* to free yourself from a minor technical 
detail seems insane to me.  There are situations where gotomypc makes 
sense, but easily half the people using it would be equally served by 
remote desktop or vnc or timbuktu or pcanywhere at a fraction of the 
price. Even dynamic ips are easily handled via dynanmic dns hosts.

Would you rent a $60.00 inkjet printer for 20.00 bucks a month if I came 
to your office and set it up for you? I wouldn't, nobody would!

The bottom line is that remote desktop is practically free and can 
generally be set up by a qualified tech in under an hours labour.

GoToMyPC's success in the soho market is predicated on the fact that 
most people don't know how inexpensive and easy it really is. If they 
knew it was built into their PCs and could be setup in under an hour 
(often in under 10 minutes)...

But what consulting firm is going to chase the market for 'setting up 
single user remote desktop for $60.00'?  Meanwhile gotomypc has 
television ads...

> Anybody who can make
> something in Windows work right the first time has my undying gratitude.

Remote desktop works like a champ. You've already paid for it and its 
already installed. You click a checkbox in windows to turn it on, and 
open a port in the firewall. Buying, downloading, and installing 
GoToMyPC is as likely as not more actual work.

Don't misunderstand me, I have nothing against GoToMyPC per se, its a 
great tool that can be used to traverse difficult firewall situations 
particularly when the ability to have a port opened is simply 
unavailable...(e.g. in some corporate environments, in some school 
environments, etc) and then $20/mo for a working solution is good 
value... but for the average soho... its not.
 
> You must of course use a really secure password for any outside access.
> Mine is more than 12 characters, with mixed alpha & numeric.  No
> guessing will work.
 
> And the FM files as well should have a secure password.  That's a given.

On this we a agree.
 
> If you don't want to expose your files to the world, DON'T open port
> 5003 for WAN access. Use some form of VPN. 

If the concern is that somebody is going to guess the login creditials. 
VPNs aren't any more secure, unless you have rules in place to limit 
where incoming connections can come from (but that hampers your ability 
to use it in hotels, via cellular networks, and generally undermines the 
usefulness of its ability to support mobile users. Fixed remotes work, 
but mobile users ... not so much.)

The primary value of a VPNs in this scenario is that they prevent the 
data from being seen in transit, because its encrypted. And yes, they 
also provide a password protected barrier to your LAN, but sharing a 
password protected filemaker database via port 5003 is an equivalent 
barrier. Layering a VPN on top of filemaker doubles the number of 
barriers but doesn't really increase the inherent security of the 
system.

42 <nospam@nospam.com> wrote:

> The primary value of a VPNs in this scenario is that they prevent the
> data from being seen in transit, because its encrypted. And yes, they
> also provide a password protected barrier to your LAN, but sharing a 
> password protected filemaker database via port 5003 is an equivalent 
> barrier. Layering a VPN on top of filemaker doubles the number of 
> barriers but doesn't really increase the inherent security of the 
> system.

Sorry, this isn't entirely true. Because of certain facts about FM 6 and
earlier version password challenges, exposing your files even this far
is a much more significant risk than access through a VPN.

At least an intruder has to guess or penetrate the VPN access FIRST
before they get access to the FM files.  The encryption is an additional
plus, but the primary barrier is the initial access.

Lynn Allen
--
Allen & Allen Semiotics        www.semiotics.com
FSA Associate       Filemaker Design & Consulting 

In article <060420051159311332%test@123.com>, Test <test@123.com> wrote:

> The commute to the office is taking its toll on me. So I would like to
> access FMS files remotely.
> 
> I know I can open port 5008 for TCP/IP access to office FMS sitting
> begind a firewall but I'm afraid that some will figure it all out and
> get to our data.  
> 
> Any body know what the safest way to do this would be?
> 
> Is Apple Remote Desktop or Timbuktu a safer bet?
> 
> TIA

Thank you both for your fantastic feedback!

In short, sounds to me like I will be loging in via Timbuktu to access
an 'on-site' machine (Password 1) , controling that machine, and loging
in to FM (Password 2), while only accepting my static ip address
through the firewall.

Sounds pretty secure to me.

Thanks a million.

In article <1gund76.1ymyemn1w7yxfkN%lynn@NOT-semiotics.com>, lynn@NOT-
semiotics.com says...
> 42 <nospam@nospam.com> wrote:
> 
> > The primary value of a VPNs in this scenario is that they prevent the
> > data from being seen in transit, because its encrypted. And yes, they
> > also provide a password protected barrier to your LAN, but sharing a 
> > password protected filemaker database via port 5003 is an equivalent 
> > barrier. Layering a VPN on top of filemaker doubles the number of 
> > barriers but doesn't really increase the inherent security of the 
> > system.
> 
> Sorry, this isn't entirely true. Because of certain facts about FM 6 and
> earlier version password challenges, exposing your files even this far
> is a much more significant risk than access through a VPN.

> At least an intruder has to guess or penetrate the VPN access FIRST
> before they get access to the FM files.  The encryption is an additional
> plus, but the primary barrier is the initial access.

Absolutely. I agree that a VPN is generally more secure than direct 
access. However, its just as vulnerable to "somebody noticing it and 
guessing the passwords" as direct access is.

If I led the OP to beleive they were equivalent, that would be 
incorrect. They are only equivalent with respect to that particular 
threat.

That said, its my view that the risk is VASTLY greater that you'll be 
compromised by a spyware/keylogger while entering your user/password at 
the gotomypc website, for example, than that 'black hat crackers' armed 
with packet sniffers are looking for your plaintext passwords through 
compromised ISP routers, ESPECIALLY if you use other peoples computers. 
(in schools, labs, friends homes, hotels, cafes, etc) many of which are 
compromised or even intentionally monitored.

IME most packet sniffer attacks on low profile systems (the average 
soho) are perpetrated by insiders (staff/employees & their children).

In article <070420051329377093%test@123.com>, test@123.com says...
> In article <060420051159311332%test@123.com>, Test <test@123.com> wrote:
> 
> > The commute to the office is taking its toll on me. So I would like to
> > access FMS files remotely.
> > 
> > I know I can open port 5008 for TCP/IP access to office FMS sitting
> > begind a firewall but I'm afraid that some will figure it all out and
> > get to our data.  
> > 
> > Any body know what the safest way to do this would be?
> > 
> > Is Apple Remote Desktop or Timbuktu a safer bet?
> > 
> > TIA
> 
> Thank you both for your fantastic feedback!
> 
> In short, sounds to me like I will be loging in via Timbuktu to access
> an 'on-site' machine (Password 1) , controling that machine, and loging
> in to FM (Password 2), while only accepting my static ip address
> through the firewall.
> 
> Sounds pretty secure to me.

Yes. That should prove quite secure, and will probably perform quite 
admirably too if your database layouts aren't too graphics heavy.