Solved

Rdp via upnp

Posted on 2006-11-08
5
1,215 Views
Last Modified: 2008-02-01
To give RDP external mgt to servers and let users remotely access desktops I was using UPnP to forward firewall external IP address with port number that through upnp transates to internal IP and rdp port.
I.E. RDP to 123.241.3.85:50009  Firewall/UPnP 192.168.2.24:3389
I was recently told this very insecure (obviously hacker can try this port), but also told that most firewalls do not filter ports in this high of range (what is consequence of not filtering if this is the case?). I was trying to avoid managing Desktop vpn software (this is from XPpro to XP pro, or Xppro to win2003 server), and have had little luck configuring xp native vpn connection. Thanks, experts
0
Comment
Question by:AndykEE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
billwharton earned 250 total points
ID: 17911637
Your best bet is to use a single Windows 2003 server to give VPN access to users. You are currently using a solution that isn't very secure and not scalable.

Even better, invest in a small business firewall if that's what you have like the Cisco ASA 5505 or one from the other vendors for a few hundred bucks and that'll provide you pretty good VPN access into your network
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 17921308
Hmmm. You have to be pragmatic about these things. opening any port for any protocol is a security risk by definition as you are opening a hole in your perimeter. You need to weigh up the pro's & con's for your scenario. Limiting the addresses to known sources is one way but this does not fit in with upnp which is, of course, dynamic.

I would agree that having a device to front this traffic would likely be the best way forward; even some of the simple adsl routers will often let you enter in the source addresses that are allowed to access a protocol.
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question