Score:0

Is it secure? Owncloud in DMZ and refer to internal fileserver

cn flag

Is this a secure setup?

Having an (linux based) Owncloud Server, with Let's-Encrypt SSL Certificate. This server provides shares to the clients, which are SMB connections to an internal File Server

The connection is as follows:

  • DNS Entry --> points to private, public IPv4 Address.

  • This address has an open port in the firewall, forwarding to the IP in DMZ. HTTPs and WWW are allowed

  • The SMB connection directs to an internal File server, which is in the internal network segment. only port 445 TCP is allowed

  • connections are HTTPs

Necessary maintenance:

  • update owncloud
  • update the linux server and file server
  • maintain the firewall

of course as well:

  • monitoring and backup
  • awarenes of users and admins (maybe most critical point)
diya avatar
la flag
Your maintenance plan is missing backups and monitoring. - And note that security depends as much, if not more on configuration, the behaviour of your admins & users than it does on infrastructure design. A valid TLS certificate *for example* does not mitigate keeping the default admin password unchanged.
cn flag
You are right, of course! We are doing that, but I missed listing it... but the infrastructure design as such is safe?
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.