-1

I want to access a network folder on my Windows Server 2012 (which runs in a datacenter and has its own external IP) from the internet.

I can access the folder from the local network (using the server's local ip) without any problem, but as soon as I try to access it via the server's external IP, it doesn't work anymore (RDP does though). After some googleing the only answers to that problem seem to be "use ftp" or "use vpn", but I don't understand why I have to use a different technology, just because I'm not on the same network anymore.

Everyone seems to know perfectly well about why it is such a bad idea to expose a Windows folder to the internet. Coming from the Linux world, where you can easily and securely access servers with SSH and SFTP, I'm curious why is it considered bad practice to expose a Windows network folder to the internet? And, taking that into account, what is considered best practice for accessing a folder on a Windows server over the internet?

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
csch
  • 189
  • 1
  • 2
  • 6
  • This is a horrible idea - you will have your computer compromised via the INTERNET in minutes. – jmp242 Mar 13 '15 at 14:13
  • 1
    I wonder why we need keys on our houses. If we just had holes in our houses we could go get our laptop from inside without the extra "technology" of keys. Seriously though, no. – Reaces Mar 13 '15 at 14:14
  • 1
    @jmp242 why is better to share a folder via ftp then? In my understanding that's basically the same result. – csch Mar 13 '15 at 14:16
  • Well, you're far less likely to be attacked via FTP than windows file sharing, but you're right, you ought to use SFTP instead of FTP. Really, just use a VPN. – jmp242 Mar 13 '15 at 14:17
  • Is the protocol windows uses to authenticate, authorise and secure the usage of its shared folders so bad that you must not expose it to the internet? So it's worse than ftp? – csch Mar 13 '15 at 14:18
  • 2
    Yes. It was like this since the 90s. Try google for details... – jmp242 Mar 13 '15 at 14:40
  • @csch Exposing Windows "file sharing" to the internet also exposes a large number of other ports and services to the internet, including those used for AAA functions, which means you may as well not run a firewall at all. It has nothing to do with the security of Kerberos or other authentication schemes in use by Windows, and everything to do with the fact that SMB/Windows filesharing was designed to be used on internal networks only. – HopelessN00b Mar 13 '15 at 16:51

1 Answers1

0

Use a Virtual Private Network, maybe?

That would be the only way to do that in a secure way.

I'll suggest OpenVPN, which is the most used and most reliable VPN server/client I know of.

moebius_eye
  • 1,103
  • 7
  • 21