This discussion is locked
Jmac05r1

Q: access time capsule remotely secure?

Hello,

 

So I been browsing ideas over the internet "google" and I was wanting to access my time capsules storage device remotely.  The more and more I use file sharing the more interested I become.  I have found ways to access your storage drive from time capsule remotely.  Although what I want to know is, How secure is it? Most of the "how to's" I have found online show the your password being sent over plain text?? That can pose a huge security risk.  Anyone have any other ways to get this done remotley?

 

I have read this thread https://discussions.apple.com/thread/3699096?start=0&tstart=0 although like I mentoined. Its not to secure.

 

Thanks
J

Mac Pro, Mac OS X (10.7.2)

Posted on Jul 5, 2012 6:09 PM

Close

Q: access time capsule remotely secure?

  • All replies
  • Helpful answers

  • by LaPastenague,Helpful

    LaPastenague LaPastenague Jul 5, 2012 6:49 PM in response to Jmac05r1
    Level 9 (52,942 points)
    Wireless
    Jul 5, 2012 6:49 PM in response to Jmac05r1

    Actually icloud btmm method is using a tunnel.. ipsec and ssl.. although the details of that is never revealed.. the key part is the password to the cloud.. how secure that is I have no idea.

     

    http://support.apple.com/kb/HT4908

     

    Mostly man in the middle attacks are required and fairly rare.. it is not easy to do.

     

    VPN is the right way.. if you don't want to do it via icloud then use vpn router and bridge the TC. The vpn tunnel has very well known security levels.. ie ipsec much better than pptp.. and I doubt ipsec is going to be cracked anytime soon.

     

    It is a pity Apple doesn't allow ipsec to be available to end user.. then you could login via a tunnel direct to the TC.. but this is the way Apple does stuff.. make sure you are paying them money.. and hide anything useful you might like to bypass that.

  • by Jmac05r1,

    Jmac05r1 Jmac05r1 Jul 5, 2012 7:46 PM in response to LaPastenague
    Level 1 (0 points)
    Jul 5, 2012 7:46 PM in response to LaPastenague

    Yes, thats exactly what I started leaning towards was a VPN, although having some tough time finding a right one.  Found an Opensource software that I might play with " vyatta.org " and your right, more than likely put the TC in bridge mode off the vpn server.  Guess I have a new project to play with.  I just don't like the idea that the password is being sent over in plain text, not that I even have anything worth hacking.  Although just looking for best practices.  If you know of any good VPN's to set up let me know.

     

    Thanks for the fast response

    J

  • by LaPastenague,Helpful

    LaPastenague LaPastenague Jul 6, 2012 12:31 AM in response to Jmac05r1
    Level 9 (52,942 points)
    Wireless
    Jul 6, 2012 12:31 AM in response to Jmac05r1

    New VPN routers can be expensive and open source alternatives are usually pptp.. so I think it is worth doing a search on ebay for older commercial stuff.

     

    eg Linksys RV042 or RV082

     

    You see cisco domestic end stuff.. a lot of it is rubbish. But some is excellent.. those two have updated versions which are a few hundred $$$.. but you can pick up the older ones on ebay often for $50-80 and that is very good value. They are not particularly fast.. but will be fine for standard cable and adsl connections.

     

    Netgear, even some dlink. they all have some bombs and some good ones.. actual user reviews are often better than magazine or website reviews as people struggle with vpn.. Smallnetbuilder is one place that actually do functional tests of vpn when they test.

    VPN .. it is not easy btw.. I usually recommend people start with pptp tunnels.. which will be fine for occasional link and much easier to get going than ipsec geneally.. newer ssh are few and far between, expensive and slow. The technology is there but the processing speed needed is pretty high end.

     

    Most vpn routers will offer several ipsec and several pptp tunnels. (which is a joke of course with standard upload speeds we have).

     

    Draytek tend to be a bit above the average soho, and have good info online. Although their stuff is expensive even second hand. And a bit dated.. Still the old firmware once you get used to it is highly consistent.

     

    Otherwise you can do better with something like Mikrotik router board and load one of their OS. Or using a cheap old pc and a linux router distribution.

     

    Good fun..

    BTW this is all much easier if you have a static public IP from your ISP.. trying to work with dyndns with a constantly rotating IP will drive you nuts.