Solved

Rdp via upnp

Posted on 2006-11-08
5
1,206 Views
Last Modified: 2008-02-01
To give RDP external mgt to servers and let users remotely access desktops I was using UPnP to forward firewall external IP address with port number that through upnp transates to internal IP and rdp port.
I.E. RDP to 123.241.3.85:50009  Firewall/UPnP 192.168.2.24:3389
I was recently told this very insecure (obviously hacker can try this port), but also told that most firewalls do not filter ports in this high of range (what is consequence of not filtering if this is the case?). I was trying to avoid managing Desktop vpn software (this is from XPpro to XP pro, or Xppro to win2003 server), and have had little luck configuring xp native vpn connection. Thanks, experts
0
Comment
Question by:AndykEE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
billwharton earned 250 total points
ID: 17911637
Your best bet is to use a single Windows 2003 server to give VPN access to users. You are currently using a solution that isn't very secure and not scalable.

Even better, invest in a small business firewall if that's what you have like the Cisco ASA 5505 or one from the other vendors for a few hundred bucks and that'll provide you pretty good VPN access into your network
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 17921308
Hmmm. You have to be pragmatic about these things. opening any port for any protocol is a security risk by definition as you are opening a hole in your perimeter. You need to weigh up the pro's & con's for your scenario. Limiting the addresses to known sources is one way but this does not fit in with upnp which is, of course, dynamic.

I would agree that having a device to front this traffic would likely be the best way forward; even some of the simple adsl routers will often let you enter in the source addresses that are allowed to access a protocol.
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question