AndyD Posted January 20, 2008 Share Posted January 20, 2008 I currently use Remote Desktop but wondering what other options I have. I plan on connecting to my machine while I'm away in Hong Kong for a 1 month business trip. Should I just stick with Remote Desktop? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 20, 2008 MVC Share Posted January 20, 2008 And do you tunnel this remote desktop connection thru a vpn or ssh? Or you just have remote desktop open to the public net, without only your username an password as to security? Or did you enable cert auth to the remote desktop? http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true Configuring authentication and encryption TLS authentication overview Remote Desktop Protocol (RDP) provides data encryption, but it does not provide authentication to verify the identity of a terminal server. In Windows Server 2003 Service Pack 1 (SP1), you can enhance the security of Terminal Server by configuring Terminal Services connections to use Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications. TLS is a standard protocol that is used to provide secure Web communications on the Internet or intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. The simple poor mans vpn is just a SSH tunnel -- I would suggest you setup public key auth only to the ssh server, to prevent brutefore attack attempts. Then just tunnel you remote desktop connection. Link to comment Share on other sites More sharing options...
Ianmac45 Posted January 20, 2008 Share Posted January 20, 2008 maybe i should add my question on how to do that. i've got my rdp from xp-sp2 open to the web. so, how would i secure it? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 20, 2008 MVC Share Posted January 20, 2008 You wouldn't ;) Unless you have your border device/firewall locked down to only allow access on 3389 only from trusted sources. Your remote desktop is open to anyone that could guess/bruteforce a username an password. 2k3 server allows for TLS auth, which can prevent bruteforce attack, etc. On XP the most you can do is limit which accounts, change the account names.. Setup lockout policy, change the port away from the default 3389, etc.. I would never suggest anyone present a service like remotedesktop to the public net.. Unless it is locked down to only trusted outside IPs. Or the auth method is secure -- sorry but usename an password is not a secure method ;) Which is why you would tunnel this connnection thru a vpn or ssh. Where you can use valid methods of authing the users, ie a digital certificate, etc. Something like OpenVPN or any SSH server can all you to do this quite simple for only the cost of your time to set it up. Link to comment Share on other sites More sharing options...
AndyD Posted January 21, 2008 Author Share Posted January 21, 2008 Well, 2k3 server isn't an option. I guess I'll give OpenVPN a try. Would you know of any tutorials? It's been a while but would I use remote desktop through VPN? Am I better off just paying for a web based one while I'm away? Link to comment Share on other sites More sharing options...
Recommended Posts