?
Solved

How secure are my ports that I've forwarded?

Posted on 2007-07-21
5
Medium Priority
?
182 Views
Last Modified: 2013-11-21
This is a somewhat general question.  Any assistance would be greatly appreciated.  I have a few PC's in my network that their remote desktop port number is forwarded to a router.  Thus allowing me and/or others with the correct credentials access to them from the outside world.  The device we are using for a router is very robust to include a firewall.  My question is, how safe is it that I've done the above, meaning, obviously now that port is exposed to the rest of the world but someone would have to have the password, time and ability to gain access and cause havoc, right?  Thanks in advance.
0
Comment
Question by:GTKINC
  • 2
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
dhoffman_98 earned 1000 total points
ID: 19541181
You are correct. Opening Remote Desktop to the world now means that anyone who wants to can connect to those machines and try over and over again to hack their way in. Prior to Vista (which uses RDP version 6) security in RDP was scary and had holes in it that made it insecure at best.

The solution that I use is to create a VPN tunnel connection to my network, and then once I'm essentially inside the network, I can RDP to any of the machines.
0
 
LVL 16

Assisted Solution

by:The--Captain
The--Captain earned 1000 total points
ID: 19541932
Forwarded ports are only as secure as the services hosted on those ports.

A VPN solution (as dhoffman mentions) is probably easier and more secure - just be sure you terminate the VPN connection at your edge device (firewall), rather than terminating the connection on an internal VPN machine.

Cheers,
-Jon
0
 

Author Comment

by:GTKINC
ID: 19543228
These PC's Vista and XP are running the latest version of RDP.  Of course the Vista PC ships with the latest version and we've updated the others to reflect the latest version of RDP.  Any better?
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 19543575
>Any better?

No.  The only reason people think it's better is because it hasn't been hacked yet.  Use a VPN.

Cheers,
-Jon
0
 

Author Comment

by:GTKINC
ID: 19543696
K.  Thanks for your time and efforts.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question