Solved

Rdp via upnp

Posted on 2006-11-08
5
1,207 Views
Last Modified: 2008-02-01
To give RDP external mgt to servers and let users remotely access desktops I was using UPnP to forward firewall external IP address with port number that through upnp transates to internal IP and rdp port.
I.E. RDP to 123.241.3.85:50009  Firewall/UPnP 192.168.2.24:3389
I was recently told this very insecure (obviously hacker can try this port), but also told that most firewalls do not filter ports in this high of range (what is consequence of not filtering if this is the case?). I was trying to avoid managing Desktop vpn software (this is from XPpro to XP pro, or Xppro to win2003 server), and have had little luck configuring xp native vpn connection. Thanks, experts
0
Comment
Question by:AndykEE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
billwharton earned 250 total points
ID: 17911637
Your best bet is to use a single Windows 2003 server to give VPN access to users. You are currently using a solution that isn't very secure and not scalable.

Even better, invest in a small business firewall if that's what you have like the Cisco ASA 5505 or one from the other vendors for a few hundred bucks and that'll provide you pretty good VPN access into your network
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 17921308
Hmmm. You have to be pragmatic about these things. opening any port for any protocol is a security risk by definition as you are opening a hole in your perimeter. You need to weigh up the pro's & con's for your scenario. Limiting the addresses to known sources is one way but this does not fit in with upnp which is, of course, dynamic.

I would agree that having a device to front this traffic would likely be the best way forward; even some of the simple adsl routers will often let you enter in the source addresses that are allowed to access a protocol.
0

Featured Post

Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question