Security Precautions on a Router with VNC and RD Port Forwarding
Posted on 2008-10-04
About a month ago, I setup port-forwarding on my DSL and internal Ethernet routers to to allow for incoming UVNC traffic and RD traffic. I modified RD to utilize a non-standard port (not 3389), but UVNC is still operating with the standard VNC port numbers. All port-forwarding is directed at my server. I'm currently running Windows Server 2003 on an oldish Dell Optiplex box. (It's a little slow, but otherwise it works fine.) I'm a little concerned about security with the new setup. I could get my hands on a second Optiplex from a client for nothing, and I have the MS Action Pack, so there's no problem dropping a copy of WS03 on the second Optiplex and making it a application server in the DMZ. I'm wondering, however, if it's possible to reasonably tighten up the router security without going with a DMZ. I'm looking for recommendations for logging incoming traffic, enhancing the firewall settings, or perhaps modifying the port forwarding. One extra comment: I'm going to drop DD-WRT firmware on my Linksys WRT54G to give myself some extra options.