Nowadays, setting up new software takes minutes, if not seconds. Set-up: Hate painfully slow download speeds? Us too. Chrome Remote Desktop What makes great remote desktop software?Ī great remote access app isn’t as complex as it sounds. You can also do file transfers with either UltraVNC or RDP (just go to the "local resources" tab when making a connection. However, this does add a "layer" of sorts to RDP or VNC (FYI, VNC (UltraVNC in particular) does support dual-monitors)). The downsides to this setup is mainly the adminstration overhead. I have the ssh session locked down pretty tight (once someone logs in to the ssh server, they don't even get a true shell). So, once someone has connected to the linux box, they have setup on their ssh client to forward local ports to private ip's on the work network (including their ports). Users connect to the SSH firewall (which only has the usual http/s, etc. I control the passwords for the SSH box, and so can implement a password policy that is independent (and therefore tighter) than the AD password policy. This gives me 2 levels of logon tracking, and uses a proven connection method from the outside world. I setup an SSH session to a linux firewall I have (you could use any computer or network or device running ssh). Keep in mind that VNC does give you the ability to tack on some serious encryption, but in my experience RDP has better performance.3) Tunnel over SSH. In my experience there are a few options:1) VPN connection, already discussed.2) Port forward of RDP (or VNC if you wanted). but for remote desktop, USE REMOTE DESKTOP.My $0.75. you can easily implement it.For a very small shop needing access to one PC, I could never justify setting up a full-blown VPN solution (due to labor cost) when a simple port forward would work equally well.If they needed FILE access from outside, that'd be different. AFAIK, most VPNs will let you set a blank password if you really want it.Yarness, why don't you have control over what they set? It's called password policy. Hell, RDP even prevents a login entirely for a user with a blank password. Which, coincedentally, is about how hard the RDP is. "Hardened." Your VPN is only as hard as the easiest password. You only have to make sure your VPN system/enpoints are hardened, and usually they are designed that way. but if you have no password, good luck.quote:I like VPN then use apps (including RDP), reduces exposure. Yeah, if you can get a password, it's a whole 'nother ball of wax. I'd love to see you hax0r Windows from the logon screen with nothing but a keyboard and mouse. It is DESIGNED to be exposed to (wherever) because it's made for REMOTE ACCESS. Care to explain this futher? It's a single port. If you have a kernel or application vulnerability, it is exploitable. the problem is this exposes machines and inbound ports that shouldn't be to the internet. Just forward the port on your firewall and you are all set. Quote:Originally posted by erratick:quote:Originally posted by 1966Ford:Remote desktop uses 128 bit encryption by default. You only have to make sure your VPN system/enpoints are hardened, and usually they are designed that way.-E It might allow someone to rdp into the DMZ, but not into internal network or to other machines on the DMZ (private vlans on the DMZ right?).I like VPN then use apps (including RDP), reduces exposure. If you have a kernel or application vulnerability, it is exploitable.For a home user that patches all the time and has no valuable data on the PC or on the network, this might be an acceptable risk.The industry best practice 3 legged firewall with internal, dmz and external networks, wouldn't allow ports forwarded in to the internal network. Quote:Originally posted by 1966Ford:Remote desktop uses 128 bit encryption by default. Nmap finished: 1 IP address (1 host up) scanned in 5.359 seconds MAC Address: XX:XX:XX:XX:XX:XX (Dell Computer) (The 1645 ports scanned but not shown below are in state: closed) 100% waste of time and hassle unless you need it to be on an alternate port for some reason, running nmap against one of our domain controllers that has RDP set to a different port due to our firewall, and in 5 Seconds nmap correctly identified the port as being microsoft remote desktopnmap.exe -sS 192.168.1.2 Quote:I normally change the defualt port RDP listens on, just to prevent anyone scanning for open remote desktop servers from attempting to connect.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |