We help IT Professionals succeed at work.

Security Precautions on a Router with VNC and RD Port Forwarding

jdana asked
Last Modified: 2012-05-05
About a month ago, I setup port-forwarding on my DSL and internal Ethernet routers to to allow for incoming UVNC traffic and RD traffic.  I modified RD to utilize a non-standard port (not 3389), but UVNC is still operating with the standard VNC port numbers.  All port-forwarding is directed at my server.  I'm currently running Windows Server 2003 on an oldish Dell Optiplex box.  (It's a little slow, but otherwise it works fine.)  I'm a little concerned about security with the new setup.  I could get my hands on a second Optiplex from a client for nothing, and I have the MS Action Pack, so there's no problem dropping a copy of WS03 on the second Optiplex and making it a application server in the DMZ.  I'm wondering, however, if it's possible to reasonably tighten up the router security without going with a DMZ.  I'm looking for recommendations for logging incoming traffic, enhancing the firewall settings, or perhaps modifying the port forwarding.  One extra comment: I'm going to drop DD-WRT firmware on my Linksys WRT54G to give myself some extra options.  
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
This one is on us!
(Get your first solution completely free - no credit card required)


Thanks guys,

Great responses.  I have a couple followup questions:

>> valheru_m: The VNC port modification seems like a great idea.  I'll look into modifying my UVNC SC tool to utilize a non-standard port.  (I'd be surprised if I can't configure it to do such a thing.)  I have a Ukrainian buddy who described the exact same thing you did: "forward port 5010 on the outside to port 5000 on the inside."  Is there a name for that type port forwarding?  He had a Russian phrase for it, but that didn't do me a lot of good. I also appreciate the candid feedback on OpenWRT.  For someone like me, whose really just learning the nuances of routers, I don't think the command-line interface is a good idea.

>> Pugglewuggle: I think the Cisco ASA 5505 is probably a appropriate for my needs.  Does Cisco make a router that offers close to the same functionality as the ASA 5505 that's not as expensive?
This one is on us!
(Get your first solution completely free - no credit card required)

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.