Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What's the most secure way to remote desktop to server/workstation?

Posted on 2009-02-10
31
Medium Priority
?
730 Views
Last Modified: 2013-11-21
I know there are a lot of free or paid software can do this. RDP, VNC, Logmein.... What's the most secure way to remote desktop to server/workstation and I also concern about connection speed...
0
Comment
Question by:bubuko
  • 11
  • 9
  • 4
  • +3
31 Comments
 
LVL 13

Expert Comment

by:leegclystvale
ID: 23606817
I think you'll find connecting using a VPN is probably the most secure. It does have an overhead as it encrypts the data and also encapsulates the packets adding an overhead. It is a case of trade-offs for security against performance, but depending on what you're running, it may be fast enough and secure enough. That's my opinion in my limited experience of this
0
 
LVL 5

Expert Comment

by:motley74
ID: 23606909
I assume you are wanting to connect from outside your network, if this is the case then I agree with the above post that you should use a VPN connection to connect to the network and then use the built-in RDP client for the Remote Desktop connection.
0
 
LVL 9

Expert Comment

by:acroment
ID: 23606917
Of the ones you've listed, I would say that logmein is very secure. it uses 256bit SSL encription. It also is very user friendly and has multipule layers of password protection.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 

Author Comment

by:bubuko
ID: 23607224
But VPN is too slow. And logmein... I think it's passing through their server, I am wondering it's really secure.
Any one know ssh connection? or any better solution?
0
 
LVL 9

Expert Comment

by:acroment
ID: 23607674
I've only used SSH for linux/unix systems. I am not sure of a faciility to remote control a windows machine with SSH.

You can certainly question the security of LogMeIn - but like I said, it is the most secure solution you listed, and free for that matter.

I'd also comment that with some confidence I can say that form what I've seen of their applicaiton they don't cache any login information. So, although you sign into their website, you still need to have a login to the pc/server you want to control.
0
 

Author Comment

by:bubuko
ID: 23608164
thanx acroment!! But for a business environment, do you really think this is good to go through someone's server? Is there really no better option out there?
0
 
LVL 5

Expert Comment

by:motley74
ID: 23608284
If you are looking for an SSH alternative for Windows check out the following...
http://sshwindows.sourceforge.net/
Also, VPN shouldn't be too slow if you have decent network equipment like a good VPN router.
0
 
LVL 4

Accepted Solution

by:
AdamsConsulting earned 400 total points
ID: 23608792
I would recommend installing a VPN solution on your network gateway for the most security. I have also used SSH. If your network gateway is runing UNIX/Linux and SSH, you can easily set up a SSH user that has port forwarding permissions. You can use putty (a free SSH client) on Windows to establish your SSH connection to the remote gateway and then you basically connect to your own IP address for the remote desktop. This is faster than most VPN applications, especially if you enable compression in putty, but not as secure.

For VPN, I recommend ssl-explorer, which can be installed on a Linux or Windows gateway and includes two free licenses:

http://www.spamstopshere.com/blog/2008/10/21/an-easy-software-ssl-vpn-solution-for-linux/
0
 
LVL 13

Expert Comment

by:leegclystvale
ID: 23608889
As far as logmein goes, you can get a pro version (I forget what it's called, but you need to pay free it)  that means you don't have to login to their server. No such thing as a free lunch!
0
 

Author Comment

by:bubuko
ID: 23616123
Thank you very much! I checked my router which is a linksys dd-wrt version. There is a option to setup vpn server and client. Since I never done this, how can I accomplish this?
Is this like 1 router act as server, the other remote router act as client?
Which ip should I enter here? the router's public ip?
pptp.JPG
0
 
LVL 4

Expert Comment

by:AdamsConsulting
ID: 23617558
There you go then, just use the PPTP VPN capabilities of your router. If the speed doesn't meet your needs, you can try another method.

You can find instructions here:

Setting up your router:

http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration

Setting up your client:

http://www.dd-wrt.com/wiki/index.php/VPN_%28tutorial%29
0
 
LVL 2

Assisted Solution

by:adamhealy
adamhealy earned 400 total points
ID: 23645164
I am few days late and there are already been some pretty good ideas past but I thought I would chime in.

I don't like the VPN solution bc as someone stated, it is overhead intensive. I use a SOCKSv5 proxy through a loop back with Putty connecting into my dd-wrt router. I then set the remote machine to resolve local DNS and I am in to my local network with everything over SSH. I can even access unencrypted assets on my local network but they are tunneled to my remote location via SSH, everything's encrypted and authenticated.

http://www.virtualroadside.com/blog/index.php/2007/04/12/dynamic-socks-proxy-using-putty/
http://vectrosecurity.com/content/view/67/26/
(These directions aren't perfect but should get you going. Let me know if you need a step-by-step on how this works.)

If you go with a VPN and while I don't know your budget I have found when a VPN is NEEDED in a soho environment I typically go with a Soekris communications board w/ m0n0wall and purchase the additional VPN offload board.

http://www.soekris.com/net4501.htm
http://www.soekris.com/vpn1401.htm
http://m0n0.ch/wall/

0
 
LVL 5

Assisted Solution

by:motley74
motley74 earned 200 total points
ID: 23645339
Since you already have DD-WRT on your router than I would suggest trying that method first as you already have everything it takes to implement it (just follow the uinstructions at the links provided by AdamsConsulting) and it may work well enough for your needs.
I have used DD-WRT with my Linksys WRT54G for over 3 years as well as on several other routers that I have setup for people (mostly Linksys) and it never gives me any troubles like the stock firmware did and it works well for applications such as this.
The solution provided by adamhealy looks like it would work as well but requires a bit more configuration and looks fairly complicated depending on what applications you need to use and how many different machines on the local network you want to connect to.
0
 

Author Comment

by:bubuko
ID: 23654175
Hi AdamsConsult& thank you for the tip. I followed the instrcution, but when I connect from client... I always get error 800... cannot establish vpn.

The setting I did in the v24 sp1 are:
Enable PPTP Server
Server IP:192.168.1.1 (I also tested with 192.168.1.2...same error message)
client IP range: 192.168.1.100-120 (I also disabled DHCP in setup)
CHAP-Secrets: myname * 1234 *
--------------------------------------------------------------------------------------------------------
Run "sed -i -e 's/mppe .*/mppe required,stateless/' /tmp/pptpd/options.pptpd" in command
Disabled loopback
DMZ not enabled
-------------------------------------------------------------------------------------------------------


0
 
LVL 4

Expert Comment

by:AdamsConsulting
ID: 23654608
You need the public IP address of the router and the public IP address of the client in those fields. What you're entering is a private non-routeable IP address. You need the IP address that you use that is actually on the Internet.
0
 

Author Comment

by:bubuko
ID: 23654707
Please refer to my screenshot above:

Server IP: now I entr my static public ip
client IP range: 192.168.1.100-120 -> do you mean here I have to enter public ip???
CHAP-Secrets: myname * 1234 *

And I just tried with this setting.. still same error message

And Do you also mean I have to configure PPTP client section?? But the client is connecting using MS-xp built-in VPN software
0
 

Author Comment

by:bubuko
ID: 23654777
Just un update, i read the tutorial again, Server IP should be

"Local IP of the PPTP Server. This should be almost the Local LAN IP.".... It shouldn't be the public ip I think.
0
 
LVL 4

Expert Comment

by:AdamsConsulting
ID: 23654885
The Server IP should be the public Internet IP address of your Linksys router. The Client IP should be the public Internet IP address of the client. Don't fill out the PPTP Client section. Local does not mean private, it means your IP address and not the IP address of the other party. The IP address of the other party is the Client.
0
 

Author Comment

by:bubuko
ID: 23655003
This is what I hev now:

Server IP: my public static ip of my router.
Client IP(s): Remote client's public ip
CHAP-Secrets: myname * 1234 *

Still not working.. same error message.
0
 
LVL 4

Expert Comment

by:AdamsConsulting
ID: 23655952
Try from another client to rule out problems with the client.

Honestly, I don't think we're going to be able to resolve this further without you providing real IP addresses, as I'm not sure that you have things configured correctly.

I would say that perhaps you should just use SSH.
0
 

Author Comment

by:bubuko
ID: 23656701
That's weired... but do you think it's the firewal?? Do I have to open any port?
0
 
LVL 9

Expert Comment

by:acroment
ID: 23657952
With log me in, you would have this setup already.
https://secure.logmein.com/security.asp
0
 
LVL 2

Expert Comment

by:adamhealy
ID: 23658888
The SSH option I suggested is much easier than this, is very configurable, and doesn't require a third party service.

I use it all the time...if you have issues setting it up let me know and I can still assist.
0
 
LVL 4

Expert Comment

by:AdamsConsulting
ID: 23663354
I believe that dd-wrt will open the hole in the firewall when you enable the PPTP server. But you still need to open a hole in your firewall on the client. The SSH tunnel may be easier for you, as we wouldn't have to try to get this configuration correct and rely on your actually trying to test this correctly.
0
 

Author Comment

by:bubuko
ID: 23663398
"I believe that dd-wrt will open the hole in the firewall when you enable the PPTP server. But you still need to open a hole in your firewall on the client."

What's the port do I need to open in client? I didn't open any..
0
 
LVL 5

Expert Comment

by:motley74
ID: 23665303
I believe the ports for VPN are 10000 UDP and 500 UDP.  You could try opening these ports to see if it corrects the issue.
0
 
LVL 4

Expert Comment

by:AdamsConsulting
ID: 23673671
You show the allowed sender list named "GM", but then you show that you enabled the "Consultants" sender list. If you want to allow e-mail from the GM sender list, you need to enable it also. Additionally, you show that you enabled the Consultants list for the SMTP Scan Job, but make sure that you have it enabled for the MTA Scan Job also.

If it still doesn't work after correcting those issues, please explain how you are testing it and what results you are getting.
0
 
LVL 4

Expert Comment

by:AdamsConsulting
ID: 23673712
Sorry guys, wrong question. Please disregard previous response.
0
 
LVL 4

Expert Comment

by:AdamsConsulting
ID: 23673745
bubuko, try taking your client firewall down completely (briefly) just to rule it out as the culprit first. Or optionally log all dropped packets and look in your log to see if any VPN traffic is being dropped.
0
 

Author Comment

by:bubuko
ID: 23687439
Just an update. Today I tired the client connection at different place. Surprisingly, I was able to make vpn connection to my router.

But it was not like what AdamsConsult& said, I need to use private ip of the router in server and for the client, it should be private address that are assigned to client when client connected to VPN.


I don't know why I was not able to make it at other place.... maybe because I was doing that through logmein and teamviewer?? anyone can answer this question?
0
 

Author Comment

by:bubuko
ID: 23688594
Hi adamhealy, I am also trying the SSH method, could you please take a look here?
I am not sure how you can do it with dd-wrt..

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24160684.html
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question