Skip to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Secure transfer on LANs with PGP

BikeBoy
in Security Concepts

Featured Replies

Has anyone ever heard or implemented PGP key on FileMaker files from server to clients on large LANs?

Has anyone done SSL in that scenario? Please share the experience.

Thanks

We are using just VPN so far. It is quite OK.

  • Author

Hi Anatoli,

You're probably using VPN on the WAN, correct?

I'm concerned with LAN. I want to make sure that the data is secure as it travels on our local network, and someone sniffing the wire inside our organization can not read it.

Sorry, my mistake, I've interpreted "large LANs" like WAN frown.gif

My bad.

Just thinking -- if you encrypt the data on FM server and client will decipher it, maybe that is the way. In that case the client should have local database, not traveling across the network with keys to decipher the data.

The Server based FM file should be linked to local file via relationship, decipher and encrypt data with locally stored keys.

Just thinking.

  • Author

Oh-oh, you lost me. sorry, i need sleep, right about now:)

so, I gather there's no tried-and-true best practice to do this on FileMaker server? I wasn't sure, but you can't blame a guy for tryin'

BikeBoy said:

Oh-oh, you lost me. sorry, i need sleep, right about now:)

so, I gather there's no tried-and-true best practice to do this on FileMaker server? I wasn't sure, but you can't blame a guy for tryin'

Not as I know

If the server and clients are connected by switches only, rather than hubs, then it is not possible for an eavesdropper to intercept network traffic between the server and another user. Non Filemaker users could still be on hubs though. So, you may be able to physically configure your network to keep unauthorized users away from server traffic. This isn't a complete fix but it may help a bit. A hacker could still directly connect to the FM server and hack into it.

  • Author

BobWeaver said:

If the server and clients are connected by switches only, rather than hubs, then it is not possible for an eavesdropper to intercept network traffic between the server and another user. Non Filemaker users could still be on hubs though. So, you may be able to physically configure your network to keep unauthorized users away from server traffic. This isn't a complete fix but it may help a bit. A hacker could still directly connect to the FM server and hack into it.

Hi Bob,

Why is it that the data can't be sniffed between switches?

Also, I guess there's always a hacker possibility, but I have software firewall on the server. In addition, we're behind a corp firewall, makes me feel safe wink.gif

Any additional suggestions to improve security?

Thanks

Suppose that you have 3 computers A, B and C on the network using a hub. When A sends data to B, it is sent through the hub which broadcasts the information to all ports so both B and C get the data. Normally, C will just ignore it, because when it looks at the message header it will see that it is intended for B. However, if C is running a packet sniffer, then it can display all data which is intended for others.

Now, when the same computers are on a switch, and A sends data to B, the switch is smart enough to know which port B is connected to, and sends the data out only on B's port. If C is running a sniffer program, it will not see the data sent from A to B. It will only see data that is intended for C (if any).

Even when you interconnect switches so that the data for several computers is channeled through an uplink port, the switch at the other end will again separate out the data and direct it only to the appropriate port.

The only exception to the above, is when the destination address is unknown to the switch, such as when the switch or a new computer first comes online. When that occurs, the switch will broadcast the packet to all ports, and then see which port the response returns on. Then it will remember which port that computer is connected to for all future net traffic. Since this happens only with the first data that is sent (such as a TCP handshake), the chance of broadcasting sensitive data is very low.

Of course, this is secure only if the users cannot gain access to the switches or physically tap into someone else's another network connection. So the physical layout is important.

Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.