../guides
We have been approached on 2 occasions by clients asking about security of client data, particularly in respect of FCA guidelines.
The solution presented here, whilst non-trivial, could still be cost advantageous when all the advantages are viewed together.
Specifically for client data security this product offers a solution where physical security is of concern. i.e. in a serviced office where a secure comms room isn't possible.
Hosted solutions (Dropbox, Google drive) were considered, but a remote file share with large files is not conducive to a good experience for impatient users. Services that sync files are better at this, but cause concurrency issues and, if devices are stolen (or legitimately removed) and the sync function disabled confidential files are still accessible and permanetly out of reach.
Dropbox exposes previously deleted files, showing that hosted products have data retention issues.
[ http://www.theregister.co.uk/2017/01/24/dropbox_brings_old_files_back_from_dead/ ]
These options did not meet our clients' interpretation of the FCA guidelines (note: the FCA seems not to prescribe, but suggests the relevant office holders take an informed decision on what is reasonable).
We're not offering advice, only indicating what out client did.
Is low cost to acquire and remotely maintanable using dm-crypt to block level encrypt an entire partition. Keys are not stored on the device (and this any reboots are monitored and there is a level of support to recover from one).
Sharing is accomplished with Samba with full user/group permissions, accessible from Windows and Mac. Remote (off LAN) access to files is available via encrypted VPN, or direct routed IP assuming a fixed IPv4 or IPv6 address.
SIP / VoIP had/has a bad reputation for call quality. QoS, Queue Length, Latency, Jitter and Bandwidth have an effect on VoIP. There is much to be read on the subject.
Below is a real world example - business contention ADSL 2+ line:
Monitoring / reporting employees internet access, long term trend graphs
The acquision cost of the hardware is £50 - £300, starting at the higher end of a home router, but ending far below a commercial firewall product.
Once the hardware is acquired the marginal cost to add encrypted filesharing, VPN access, QoS as well as options like traffic monitoring are negligible. We run all this safely on ONE device.
Setup would depend on the precise services required.
All solutions support 1Gbit ethernet. Secondary storage speeds range between SSD and SD card depending on the hardware used.
We've not attempted this with a Raspberry Pi due to USB ethernet constraints, but in principle it would work.
Service Features
Once the need for border control is accepted, only there are only marginal cost required for additional services.
802.11Q VLAN QoS Filesharing Encryption OpenVPN Firewall