4 Replies Latest reply on Feb 19, 2012 5:11 PM by bumper

    remote access security

    nolak37

      Title

      remote access security

      Post

      Hello,

      When I decide to open a remote database and select Favorite Hosts I can add a new host with the IP of the remote computer. This allows me to select files on that remote server to open, my question is, how secure is this?

      is the information encripted in any way?

      Is there a better way to set this up allowing for better security?

      Initially I thought you needed to have a VPN set up between offices in order to do something like this and not being a network guru i searched the web to find out how to do this. I finally set one up using the VPN feature in windows 7 only to find later that I didnt really need it.

      I find it quite disturbing not knowing this information and after googleing it I cant seem to find an answer.

      Thanks in advance for any help.

        • 1. Re: remote access security
          philmodjunk

          In filemaker, the main security kicks in once a user selects a file to open. Thus an unauthorized user may be able to see the name of one or more files in the open remote dialog, but they shouldn't be able to open the file without using a valid account name and password.

          • 2. Re: remote access security
            nolak37

            Hi Phil,
            I understand this and I guess the question I should have asked or maybe  my following question here is, how safe is the filemaker security  feature?

            My concern here is some hacker getting in and deleting,  changing, or even worst taking my information.

            I set up all the  individual accounts and made sure the passwords are not easy to guess  but im not a hacker or anything close so how would I really go about  testing this or how do i know how safe my information really is.

            • 3. Re: remote access security
              wilchin
               I have the same worry, what if your ex employee install another copy of fmp in his computer at home, and key-in the same information in open remote. Ok, you may ask me to change the username and password, what if I have a spy in my office. Username and password can be leak out at that very moment, and outsider can access the database easily. Is there a way to fixed certain pc into the "allow access " list? I just don't know how? Any pro can help?
              • 4. Re: remote access security
                bumper

                Your first line of defense is to have a pro set up firewalls and a VPN into your server. Then make sure all all accounts have strong passwords and require users change passwords every few weeks. Set the FMS to allow the user to only see the files they have privileges for (this results in a double challenge once to get into FMS and again to gain access to a file.). Create a user log in your main db that creates a record when the user logs in and back out and review the logs. Review your server logs to see who is getting in and trying to get in. Delete the accounts of former employees ASAP upon them becoming former. And lastly FM Server does provide for SSL encryption, but it does slow things down. The necessity of all of this is a function of value of the data.