Solved

Do I Need a VPN to do Remote Desktop?

Posted on 2007-03-27
7
578 Views
Last Modified: 2013-11-15
Are VPN's truly necessary to do remote desktop through the Internet?
0
Comment
Question by:HKComputer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 1

Accepted Solution

by:
runxctry earned 200 total points
ID: 18803123
It is not necessary.  You can do a remote desktop without a VPN.  

It is a little complex to sniff the remote desktop traffic, and obtain valuable data from it.  So if random script kiddies are your concern, I wouldn't worry too much.  

That being said, if security is a concern, you WILL want to set up a VPN connection between the two computers.  Windows XP has a VPN utility built in.  Click network connections, new network connection, and follow the wizard.

If you are running Windows 2003 Server as the server, take the following steps to secure the connection:

====
FROM http://www.windowsecurity.com/articles/Windows_Terminal_Services.html

Using Encryption

You can use encryption to protect the data that travels between the terminal server and the terminal services client. If you fear unauthorized interception of the data as it travels between the two, you should enable encryption. RSA RC4 encryption is used; encryption can be set to one of the following three levels:

    * High: encrypts both the data sent from client to server and the data sent from server to client using a 128 bit key.
    * Medium: encrypts both the data sent from client to server and the data sent from server to client using a 56 bit key if the client is a Windows 2000 or above client, or a 40 bit key if the client is an earlier version.
    * Low: encrypts only the data sent from client to server, using either a 56 or 40 bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server.

To change the encryption level, you must be an administrator. In Programs | Administrative Tools, select Terminal Services Configuration and perform these steps:

   1. In the left console pane, select Connections.
   2. In the right details pane, right click RDP-TCP and select Properties.
   3. Click the General tab.
   4. Under Encryption level, select the desired level in the drop down box and click OK.
====


0
 
LVL 9

Expert Comment

by:rshooper76
ID: 18803793
You don't nbeed a VPN to do RDP as long as you have a way to get to the computer that you want to connect to.  If you are behind a firewall, then you may need to port forward port 3389(RDP).  What a VPN will do for you is allow someone to get into the local network from anywhere on the internet.  I hope this helps.
0
 
LVL 4

Author Comment

by:HKComputer
ID: 18805078
Yeah. I wasn't very descriptive in my original post. I want to run an  RDP session to an XP Pro computer that sits behind a router. I will perform the necessary port forwarding to make it work.

I was a little concerned about security but I wanted to know how risky it really is to run RDP through the Internet.
0
Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

 

Assisted Solution

by:alexyala
alexyala earned 200 total points
ID: 18807533
RDP itself has a lot of known vulnerabilities.
The best practice is to VPN into the network via VPN, then run RDP client to connect to your XP Pro computer.
This way you have a piece of mind that there is no security breach.

Surely, punching a hole in your router/firewall will allow you to connect to your computer. But if you have to do it this way, you need to at least change the port of the listening RDP.  See http://support.microsoft.com/kb/306759
To connect via different port you can use the command line mstsc /v:<servername/ip address>:<port number>
For example, change the listening port of your Windows XP pro to 33389, then you need to open the TCP port 33389 on your router/firewall to forward to your PC IP address on port 33389. From external source you connect using mstsc /v:/v:<servername>:33389 OR run mstsc, in the computer field type in your <server name/IP address>:33389

I hope this helps.
Good luck.
0
 
LVL 4

Author Comment

by:HKComputer
ID: 18807685
That is very much what I was looking for. I'm a little opposed to running a VPN because I'm having trouble finding an affordable VPN solution for a single RDP connection into a small peer to peer network. I see so many VPN appliances available but I don't really understand how I can keep it simple an affordable, yet have a good solid VPN. If someone has some advice on this I'd listen. :)

As a side question, when a Server OS hosts several RDP connections, do all RDP sessions take place on the same port?
0
 

Assisted Solution

by:alexyala
alexyala earned 200 total points
ID: 18812526
Surely there are some cheap VPN solutions, but you really would like to consider a solution that is reliable, robust and supported.

As the answer to your side question, when you change the listening port number for RDP for a server, it will affect all sessions. For example, if you change the port number to 33389 on the server, all the local workstations will need to be changed as well to 33389.

As an alternative (if supported by your router/firewall), you can set the incoming port to 33389 on the external, but translate the port number to 3389 to the LAN IP address (your server). This way, you don't have to change how the local workstation connect to the server.
0
 
LVL 9

Assisted Solution

by:rshooper76
rshooper76 earned 100 total points
ID: 18820393
There are a lot of people that have open RDP ports.  I would not personally dp this, but it is done.  You can get a Linksys VPN solution for a little over $100.00 if you relly want to do RDP over VPN.  Changing the port like alexyala says can help with security, however the port is still open, and thus the risk is still there.  Don't get me wrong you are reducing the risk, but you are not eliminating it.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question