Solved

Do I Need a VPN to do Remote Desktop?

Posted on 2007-03-27
7
571 Views
Last Modified: 2013-11-15
Are VPN's truly necessary to do remote desktop through the Internet?
0
Comment
Question by:HKComputer
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 1

Accepted Solution

by:
runxctry earned 200 total points
ID: 18803123
It is not necessary.  You can do a remote desktop without a VPN.  

It is a little complex to sniff the remote desktop traffic, and obtain valuable data from it.  So if random script kiddies are your concern, I wouldn't worry too much.  

That being said, if security is a concern, you WILL want to set up a VPN connection between the two computers.  Windows XP has a VPN utility built in.  Click network connections, new network connection, and follow the wizard.

If you are running Windows 2003 Server as the server, take the following steps to secure the connection:

====
FROM http://www.windowsecurity.com/articles/Windows_Terminal_Services.html

Using Encryption

You can use encryption to protect the data that travels between the terminal server and the terminal services client. If you fear unauthorized interception of the data as it travels between the two, you should enable encryption. RSA RC4 encryption is used; encryption can be set to one of the following three levels:

    * High: encrypts both the data sent from client to server and the data sent from server to client using a 128 bit key.
    * Medium: encrypts both the data sent from client to server and the data sent from server to client using a 56 bit key if the client is a Windows 2000 or above client, or a 40 bit key if the client is an earlier version.
    * Low: encrypts only the data sent from client to server, using either a 56 or 40 bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server.

To change the encryption level, you must be an administrator. In Programs | Administrative Tools, select Terminal Services Configuration and perform these steps:

   1. In the left console pane, select Connections.
   2. In the right details pane, right click RDP-TCP and select Properties.
   3. Click the General tab.
   4. Under Encryption level, select the desired level in the drop down box and click OK.
====


0
 
LVL 9

Expert Comment

by:rshooper76
ID: 18803793
You don't nbeed a VPN to do RDP as long as you have a way to get to the computer that you want to connect to.  If you are behind a firewall, then you may need to port forward port 3389(RDP).  What a VPN will do for you is allow someone to get into the local network from anywhere on the internet.  I hope this helps.
0
 
LVL 4

Author Comment

by:HKComputer
ID: 18805078
Yeah. I wasn't very descriptive in my original post. I want to run an  RDP session to an XP Pro computer that sits behind a router. I will perform the necessary port forwarding to make it work.

I was a little concerned about security but I wanted to know how risky it really is to run RDP through the Internet.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Assisted Solution

by:alexyala
alexyala earned 200 total points
ID: 18807533
RDP itself has a lot of known vulnerabilities.
The best practice is to VPN into the network via VPN, then run RDP client to connect to your XP Pro computer.
This way you have a piece of mind that there is no security breach.

Surely, punching a hole in your router/firewall will allow you to connect to your computer. But if you have to do it this way, you need to at least change the port of the listening RDP.  See http://support.microsoft.com/kb/306759
To connect via different port you can use the command line mstsc /v:<servername/ip address>:<port number>
For example, change the listening port of your Windows XP pro to 33389, then you need to open the TCP port 33389 on your router/firewall to forward to your PC IP address on port 33389. From external source you connect using mstsc /v:/v:<servername>:33389 OR run mstsc, in the computer field type in your <server name/IP address>:33389

I hope this helps.
Good luck.
0
 
LVL 4

Author Comment

by:HKComputer
ID: 18807685
That is very much what I was looking for. I'm a little opposed to running a VPN because I'm having trouble finding an affordable VPN solution for a single RDP connection into a small peer to peer network. I see so many VPN appliances available but I don't really understand how I can keep it simple an affordable, yet have a good solid VPN. If someone has some advice on this I'd listen. :)

As a side question, when a Server OS hosts several RDP connections, do all RDP sessions take place on the same port?
0
 

Assisted Solution

by:alexyala
alexyala earned 200 total points
ID: 18812526
Surely there are some cheap VPN solutions, but you really would like to consider a solution that is reliable, robust and supported.

As the answer to your side question, when you change the listening port number for RDP for a server, it will affect all sessions. For example, if you change the port number to 33389 on the server, all the local workstations will need to be changed as well to 33389.

As an alternative (if supported by your router/firewall), you can set the incoming port to 33389 on the external, but translate the port number to 3389 to the LAN IP address (your server). This way, you don't have to change how the local workstation connect to the server.
0
 
LVL 9

Assisted Solution

by:rshooper76
rshooper76 earned 100 total points
ID: 18820393
There are a lot of people that have open RDP ports.  I would not personally dp this, but it is done.  You can get a Linksys VPN solution for a little over $100.00 if you relly want to do RDP over VPN.  Changing the port like alexyala says can help with security, however the port is still open, and thus the risk is still there.  Don't get me wrong you are reducing the risk, but you are not eliminating it.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to configure this IP Address to my firewall 15 105
Knowb4 Compliance Manager vs Tripwire 2 77
mobile app idea 17 78
Home Router DHCP query 9 26
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Viewers will learn how to use the Hootsuite Dashboard.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question