Solved

Do I Need a VPN to do Remote Desktop?

Posted on 2007-03-27
7
568 Views
Last Modified: 2013-11-15
Are VPN's truly necessary to do remote desktop through the Internet?
0
Comment
Question by:HKComputer
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 1

Accepted Solution

by:
runxctry earned 200 total points
Comment Utility
It is not necessary.  You can do a remote desktop without a VPN.  

It is a little complex to sniff the remote desktop traffic, and obtain valuable data from it.  So if random script kiddies are your concern, I wouldn't worry too much.  

That being said, if security is a concern, you WILL want to set up a VPN connection between the two computers.  Windows XP has a VPN utility built in.  Click network connections, new network connection, and follow the wizard.

If you are running Windows 2003 Server as the server, take the following steps to secure the connection:

====
FROM http://www.windowsecurity.com/articles/Windows_Terminal_Services.html

Using Encryption

You can use encryption to protect the data that travels between the terminal server and the terminal services client. If you fear unauthorized interception of the data as it travels between the two, you should enable encryption. RSA RC4 encryption is used; encryption can be set to one of the following three levels:

    * High: encrypts both the data sent from client to server and the data sent from server to client using a 128 bit key.
    * Medium: encrypts both the data sent from client to server and the data sent from server to client using a 56 bit key if the client is a Windows 2000 or above client, or a 40 bit key if the client is an earlier version.
    * Low: encrypts only the data sent from client to server, using either a 56 or 40 bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server.

To change the encryption level, you must be an administrator. In Programs | Administrative Tools, select Terminal Services Configuration and perform these steps:

   1. In the left console pane, select Connections.
   2. In the right details pane, right click RDP-TCP and select Properties.
   3. Click the General tab.
   4. Under Encryption level, select the desired level in the drop down box and click OK.
====


0
 
LVL 9

Expert Comment

by:rshooper76
Comment Utility
You don't nbeed a VPN to do RDP as long as you have a way to get to the computer that you want to connect to.  If you are behind a firewall, then you may need to port forward port 3389(RDP).  What a VPN will do for you is allow someone to get into the local network from anywhere on the internet.  I hope this helps.
0
 
LVL 4

Author Comment

by:HKComputer
Comment Utility
Yeah. I wasn't very descriptive in my original post. I want to run an  RDP session to an XP Pro computer that sits behind a router. I will perform the necessary port forwarding to make it work.

I was a little concerned about security but I wanted to know how risky it really is to run RDP through the Internet.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Assisted Solution

by:alexyala
alexyala earned 200 total points
Comment Utility
RDP itself has a lot of known vulnerabilities.
The best practice is to VPN into the network via VPN, then run RDP client to connect to your XP Pro computer.
This way you have a piece of mind that there is no security breach.

Surely, punching a hole in your router/firewall will allow you to connect to your computer. But if you have to do it this way, you need to at least change the port of the listening RDP.  See http://support.microsoft.com/kb/306759
To connect via different port you can use the command line mstsc /v:<servername/ip address>:<port number>
For example, change the listening port of your Windows XP pro to 33389, then you need to open the TCP port 33389 on your router/firewall to forward to your PC IP address on port 33389. From external source you connect using mstsc /v:/v:<servername>:33389 OR run mstsc, in the computer field type in your <server name/IP address>:33389

I hope this helps.
Good luck.
0
 
LVL 4

Author Comment

by:HKComputer
Comment Utility
That is very much what I was looking for. I'm a little opposed to running a VPN because I'm having trouble finding an affordable VPN solution for a single RDP connection into a small peer to peer network. I see so many VPN appliances available but I don't really understand how I can keep it simple an affordable, yet have a good solid VPN. If someone has some advice on this I'd listen. :)

As a side question, when a Server OS hosts several RDP connections, do all RDP sessions take place on the same port?
0
 

Assisted Solution

by:alexyala
alexyala earned 200 total points
Comment Utility
Surely there are some cheap VPN solutions, but you really would like to consider a solution that is reliable, robust and supported.

As the answer to your side question, when you change the listening port number for RDP for a server, it will affect all sessions. For example, if you change the port number to 33389 on the server, all the local workstations will need to be changed as well to 33389.

As an alternative (if supported by your router/firewall), you can set the incoming port to 33389 on the external, but translate the port number to 3389 to the LAN IP address (your server). This way, you don't have to change how the local workstation connect to the server.
0
 
LVL 9

Assisted Solution

by:rshooper76
rshooper76 earned 100 total points
Comment Utility
There are a lot of people that have open RDP ports.  I would not personally dp this, but it is done.  You can get a Linksys VPN solution for a little over $100.00 if you relly want to do RDP over VPN.  Changing the port like alexyala says can help with security, however the port is still open, and thus the risk is still there.  Don't get me wrong you are reducing the risk, but you are not eliminating it.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
This video demonstrates how to use each tool, their shortcuts, where and when to use them, and how to use the keyboard to improve workflow.
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now