Temporary FTP Server - Security

I have a client who is a consultant and uses one box with WinXP on it.
It has SP2 and all updates. He lives in the US and is working on a
large project in Kuwait. Him and another in Kuwait need a way to
transfer 50MB files to each other. This is only going to be temporary
(for a few months). My client is not a member of a domain or
workgroup. How secure is it to setup Filezilla Server on his computer
(and on the one in Kuwait) and share a single directory with the 50MB
files. I'd remove anony. access, enable auditing, and secure the
folder with NTFS permissions. He currently has DSL service and is
behind a router. He has a dynamic IP. I'd use DynDNS to track the
dynamic IP. I'd use a non-standard port for FTP transfers.

Is this a good idea; or am I taking unnecessary risks?

Am I better to have a separate box behind the router for this? I could
then choose Win or a Linux distro. This is only temporary and while
money is not important, it is important because it is temporary.

Or

Would I be better off using a service like Basecamp?

Any suggestions are welcome!

Re: Temporary FTP Server - Security

nousenetspam@gmail.com wrote:
> How secure is it to setup Filezilla Server on his computer
> (and on the one in Kuwait) and share a single directory with the 50MB
> files.

Very secure if you use FTP over SSL and verify the certificate by telephone.

> I'd remove anony. access, enable auditing, and secure the
> folder with NTFS permissions.

This won't help against someone passively snooping the login credentials
and loggging in, yet not minding about active attacks.

> I'd use a non-standard port for FTP transfers.

Doesn't matter.

> Is this a good idea; or am I taking unnecessary risks?

Either you were forgetting or omitting the obvious: need for encryption,
integrity and authentication.

> Would I be better off using a service like Basecamp?

You can use any kind of file/webspace provided by some dotcom bubblers
as long as encryption and digital signatures are used.

Re: Temporary FTP Server - Security

50 MB, multiple files both ways... To me, it sounds like a lot of
exchanges.

Regarding Internet access, are there special rules in Kuwait to enforce
a form of censorship/control? Are there firewalls/proxies/filters at
ISP level, etc...?

If the guy is not already in Kuwait or he doesn't already have an
Internet access, you should learn what are the documents the ISP asks
for. It could well be for instance that some connectivity requires
residency or something else...

Re: Temporary FTP Server - Security

nousenetspam@gmail.com wrote:

> I have a client who is a consultant and uses one box with WinXP on it.
> It has SP2 and all updates. He lives in the US and is working on a
> large project in Kuwait. Him and another in Kuwait need a way to
> transfer 50MB files to each other. This is only going to be temporary
> (for a few months).
....
> Or
>
> Would I be better off using a service like Basecamp?
>
> Any suggestions are welcome!


You know, sneakernet is still up and running, sometimes via thumb drive over
UPS-Net.

Ha-ha, only serious.

Re: Temporary FTP Server - Security

Ha-ha, funny. I nearly came to the same conclusion.

Re: Temporary FTP Server - Security

Ludovic Joly wrote:

>
> Ha-ha, funny. I nearly came to the same conclusion.

I suppose that's what they refer to as 'virtual' humor?