[ale] Web based file storage

[agcarver+ale at acarver.net (Alex Carver)]

On 7/19/2013 11:12, Mike Harrison wrote:
>> On 7/19/2013 10:27, Mike Harrison wrote:
>>> I'd be interested in knowing what their rational is, if it's internal
>>> via a VPN already?
>
> On Fri, 19 Jul 2013, Alex Carver intelligently and helpfully replied:
>
>> The server would not be accessible from the outside by VPN but from
>> inside the network there's many thousands of machines that can access
>> it including some that belong to foreign nationals.  SAMBA is strongly
>> discouraged (a case can be made on a limited basis but its use is
>> highly restricted and monitored), WebDAV is out because of security
>> circumvention, and the published suggestion is sftp/scp using keys.
>> In the end that may be the way I have to go and just set everyone up
>> with Filezilla and a set of keys and then train them on its use.
>
> Alex,
>
> Great answer, I wasn't seeing the bigger picture that it's not valid for
> inside of the network usage as well.

Yep, such is the dealings of government networks, at least here anyway. 
  There are a lot of restrictions in place and I have to navigate the 
narrow corridor between them.

>
> If I were being creative and wanted the headache of managing the certs,
> you could limit this by issuing client certs to the people that should
> be able to access it. The other systems (within normal high levels of
> security) would not even connect to the server. It'd be effectively the
> same as the sftp/scp using keys.

Yeah I'm not going to take that one on.  My job isn't the admin work, 
this is side work to try and make other work easier.