Port 5003. IWP. Security.

They all rhyme, but do they play nice? I'm ignorant about internet
security, and have been hearing some alarming claims regarding opening
ports for Filemaker access. The latest was someone who said that "all
the 5000 series ports are especially vulnerable and prone to attack."
He also said that accessing a system via VPN is "just as bad." His
suggested solution for secure remote access was GoToMyPC or
equivalent. I just have a hard time believing that it's impossible to
(responsibly) use Filemaker's own protocols for sharing data over the
web, but I'm completely at sea here.

Can I get some help?

I develop on a mac, FM 9 Adv., work with both Mac and PC networks,
served with FM Server 8 and 9. Small clients, no IT departments.

many thanks for any input...

Lanse

On Aug 25, 6:42*pm, lansingoogle wrote:
> They all rhyme, but do they play nice? *I'm ignorant about internet
> security, and have been hearing some alarming claims regarding opening
> ports for Filemaker access. *The latest was someone who said that "all
> the 5000 series ports are especially vulnerable and prone to attack."
> He also said that accessing a system via VPN is "just as bad."

Whoever said that doesn't know what they are talking about.

> *His
> suggested solution for secure remote access was GoToMyPC or
> equivalent.

Its decent. But way over priced for what you get. I guess its simple
and anyone can figure it out, but if your a filemaker developer you
should be able to figure out configuring RDP or VNC; its hardly rocket
science.

> *I just have a hard time believing that it's impossible to
> (responsibly) use Filemaker's own protocols for sharing data over the
> web, but I'm completely at sea here.

> Can I get some help?

Start with:
http://www.filemaker.com/downloads/d...8_security.pdf

A 'remote desktop' solultion (a la gotomypc) is preferable
securitywise because only the screen data crosses the network not all
the actual the database traffic, it also has the benefit of being
faster in most cases.

However a properly setup VPN is fine from a security point of view.

The secure connections feature of FM server are also to my knowledge
fine, although I wouldn't rely solely on this over a WAN link because
it DOES mean your FM server can be attacked directly from the internet
and makes it vulnerable to denial of service and other attacks, even
if they can't get your data, they can disrupt your server potentially.
So you have to weight that risk. If you use a VPN, the worst they can
do is bring down your VPN server.

If I were exposing 5003 to the internet, I'd at the very least enable
encryption and set up a firewall to restrict the range of ip addresses
that it would accept connections from to a whitelist.

Of course it really depends on how paranoid you are, and how valuable
your data is, and what the impact of a security breach would be, to
assess how many layers and what kind of security you need.

-Dave