Enable Users
All that remains is to enable remote users. To do so, create an Add Network Place shortcut for users to access in My Network Places on their client machine. Each user then needs to go to My Network Places, double click the Add Network Place shortcut, and enter the URL of the Web-DAV site. The first time a user accesses the shortcut in My Network Places, Windows Explorer will prompt for credentials; afterward, users have access to the file server as though it were a typical shared folder.
Security Concerns
How secure is this method? If you already allow VPN access that's based on a user's password, using WebDAV to enable remote access is comparable in security. The only difference is an expanded attack surface when using WebDAV, due to opening port 443. However, attackers will be able to attempt HTTP-related exploits only if they can first successfully authenticate. If you want to strengthen security, you can add a degree of obscurity by changing the HTTPS port on the Web site from 443 to a higher port number, but be aware that doing so can limit accessibility for remote users behind another company's firewall that has strict restrictions on outgoing connections. The best way to further lock down any type of Web access is to require client certificates in addition to password authentication. You can enroll users remotely by prompting them through a few Web pages. For more information about client certificates, see "Configuring SSL/TLS," April 2006, InstantDoc ID 49556.
Register
