Router question
We have a Linksys router.
In order to connect to our desktop machines remotely, we're supposed to "enable remote management" on our router.
Is this a security risk if we leave it enabled?
In order to connect to our desktop machines remotely, we're supposed to "enable remote management" on our router.
Is this a security risk if we leave it enabled?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The people who need access are the users of the office computers who want to access the whole computer from home. They want to see the entire computer via MS Remote Desktop Connection. They each have a DSL/Cable connection.
My router model is BEFSR41
Thanks!
Steve
My router model is BEFSR41
Thanks!
Steve
Um - yep sh00t3r is right - remote management on the Linksys is just what it says and if you don't need it I would disable it immediately. At the very least change the port it uses to something slightly more obscure than 8080.
First I will make the assumption that the router is runing dynamic NAT meaning that you have hidden addresses behind it and one valid address on the outside. In this case you will have to enable port forwarding for TCP 3389 from outside to the IP address of the machine on the inside that you want access to.
You can only do this for one machine. The user will then connect via remote desktop to the IP address of the firewall and that will forward them to their machine. The limitation is one IP per TCP port.
If you want other machines to have access then you will either have to make their machines listen on a different TCP port to the default and change the TCP port that they use remote desktop from home with.
Instructions for changing these for terminal services are here:
http://support.microsoft.com/default.aspx?scid=187623
I could not find a way to do this with XP but may help to get you started. This way each remote desktop client can connect to each machine inside the firewall using an individual TCP port.
HOWEVER! This opens up all the inside machines to terminal services from everywhere on the Internet. I suggest you use VPN if you can...
Depending on your ISP you may have a useable public ip range. For instance most cable/dsl ISP's for small business will usually include 5 static ips. Then you can redirect the traffic from each one of these static "public" ip's towards the internal clients. So in essence you could get 5 for 5, kinda like arby's. 5 internal computers can get access by 5 outside users. More outside users would be able to access these computers if you had legitimate terminal services server but your probably using XP.
So a couple more questions...
1. Does your ISP give you more then 1 static IP?
2. Operating Systems of PCs
3. How many people need access to their computers?
If it's over 5 users you will want to think about other remote applications. Such as citrix. Citrix would provide all the functionality you need. Or a legitimate version of terminal services server.
So a couple more questions...
1. Does your ISP give you more then 1 static IP?
2. Operating Systems of PCs
3. How many people need access to their computers?
If it's over 5 users you will want to think about other remote applications. Such as citrix. Citrix would provide all the functionality you need. Or a legitimate version of terminal services server.
ASKER
Is setting up a VPN pretty complicated?
Not if you have Linksys routers/firewalls at home. Then it is really simple. If this is not an option then you will need some VPN client software. Unfortunately I do not know of a good client for connecting to Linksys machines - someone else reading might...
1. Who needs access to these desktop machines?
2. What type of access do they need? Will they just need access to files? Or will they need to see the entire computer to run applications and such (Terminal Services)?
3. What type of Internet Connection do you have? DSL/Cable, T1, etc.?
4. Model of your Linksys Router