Solved

SECURE Remote Access from Africa

Posted on 2015-01-05
15
76 Views
Last Modified: 2015-02-04
I will be going on a trip to South Africa later this year and so I need to find the most secure way, 100% secure way to be able to remote into my clients networks (VPN, Remote Desktop, ???). Once I am on the network I will then have to be able to work on servers and PCs for troubleshooting. Please provide best approach and what steps will be once completed. Please keep in mind that I will be on a laptop and will be going from one town to the next and as such different modes of accessing the internet, some wired but mostly wireless. I can setup this laptop to be a Windows or a Ubuntu system-thank you.
0
Comment
Question by:lionelmm
  • 7
  • 7
15 Comments
 
LVL 13

Assisted Solution

by:Andy M
Andy M earned 100 total points
ID: 40531444
To be honest both options (VPN or Remote Desktop) are valid options if setup correctly. Ensuring strong passwords and that the laptop you are using is fully protected (viruses, spyware, etc) is always a first step when connecting to client networks from a potentially unsecured public network.

For added security you could use both - dial in on a VPN then access the server via RDP (on it's internal address).

Please keep in mind that some networks may not allow VPN's to be used on them at all and the admins of those networks may not change it at your request. This can also apply to RDP connections though personally I've never come across a network yet where RDP connections are blocked.
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 400 total points
ID: 40531491
Keep in mind that the internet connections in Africa aren't the best speed-wise as far as I know, even in South Africa which is more developed than most of the rest of the continent. So be prepared for slow speeds and long waits...

Besides what has been mentioned above, secure your laptop with BIOS and HD passwords, so that when powering on you have to enter the password. Also always shut it down after use, or at least hibernate it. Don't use sleep mode. Theft is quite a big problem all over Africa and without securing the laptop with a BIOS and HD password allows the thiefs to access it's data. Those passwords can't be cracked easily (for the BIOS password you need to contact the PC manufacturer and provide proof of ownership, while the HD password can't be cracked at all unless by try and error). Further you could encrypt your disk to make it even securer.

As mentioned already, VPN is safe, or using a Remote desktop gateway which uses RDP over HTTPS is secure.
0
 
LVL 24

Author Comment

by:lionelmm
ID: 40531512
OK So let's assume I can use VPN which is the best one to use--none of my current clients have VPN setup on their networks? And then if I can't use VPN because of a limitation on a particular ISP in Africa, are you saying using the remote desktop connections feature of Windows to the clients IP address is secure and 100% safe or only if it is to a Remote desktop gateway?
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 400 total points
ID: 40531555
RDP is only safe if done via an RDP gateway (you need a windows 2008 or above server for that). Otherwise you need to go through a VPN.

VPN's are often included with routers, so you could check with your clients if they have such a router, and then setup VPN. You would then just need the VPN client software of that router on your laptop. If the clients have a Windows server installed, you can setup it's VPN capabilities. Then you should be able to connect without any additional software if you are using Windows. With Linux you'd probably need to install some additional packages, as I don't think it would be included by default on most distro's.

A further option would be to use hamachi, if that still exists, it used to be a VPN offered for free by logmein.

Then of course there's the teamviewer, which is also secure as it uses encryption. But you would probably have to get a commercial version, as the free version is only for personal use.
0
 
LVL 24

Author Comment

by:lionelmm
ID: 40531760
OK that is a lot of good information. If this was you what is the first (and best) way you would try first?
0
 
LVL 87

Expert Comment

by:rindi
ID: 40531793
I'd probably go for the teamviewer, as you don't need to do much configuration. The PC you want to connect to just needs the utility loaded, and you need to know the connection code and security code or password for it. Normally you also don't need to open any hardware firewall ports, you just have to allow it on the windows firewall of the PC. Besides that it runs under Windows and Linux, and the windows version can also be a home version, which isn't the case with remote desktop. But of course there is also a "disadvantage". You get the logged in user's desktop, and the user sees what you are doing and can also interfere with your actions. This is very good if you need to show a user how to do things, but it can be a problem if you want to do something "silently".
0
 
LVL 24

Author Comment

by:lionelmm
ID: 40531816
OK that makes sense but that is also a $795 solution-what would be your next best option then. I will keep TeamViewer in the background a potential solution--I already use it to access my PC at home.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 87

Expert Comment

by:rindi
ID: 40531863
That depends on the infrastructure at your clients. If they have routers with VPN, use that. If they have servers set them up for VPN access, or set them up for the RDP gateway. But I have no idea whether for that you need any additional licensing.
0
 
LVL 24

Author Comment

by:lionelmm
ID: 40541999
OK I have checked the routers to my clients and only one has a router that allows VPN (Netgear). I was able to setup VPN and installed the software they suggested (OpenVPN) and I can "connect" the software--shows connected in Control panel network connections but what then--how to I use that to gain access to systems after that? Plus since none of the others have a capable router and I would prefer having the same setup in all locations so that may mean going the Windows route. Whatever would be the most secure way so I can connect to a "server" and from there remote desktop to check on systems on that network. Would each server have to have a public IP or can I use port forwarding on the current routers (which already ahve a public IP) to the internal VPN "server".
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 400 total points
ID: 40542059
Once you have established a VPN connection you get an IP of your clients internal LAN and you can start a remote desktop connection to those devices that have remote desktop enabled like when you are directly on that remote LAN.

I personally haven't used m$ servers for this. So I don't know how it is best configured. But you do need either a static IP or use something like DynDNS to connect to them.

For VPN you need to add the network policy and access services, and the routing and remote access services roles. the following technet link may help in getting it going:

http://technet.microsoft.com/en-us/library/cc725734%28v=ws.10%29.aspx

If you want to use the remote desktop gateway method, there is also a technet tutorial to get that going:

http://technet.microsoft.com/en-us/library/dd983941%28v=ws.10%29.aspx
0
 
LVL 24

Author Comment

by:lionelmm
ID: 40555095
I have done a lot of reading on this and I am still somewhat is the dark; read your suggestions above too. While stumbling around I found that there are VPN services that I can buy right and connect to the internet with a secure connection. While in Africa could I then use that same VPN service to establish a secure internet connection and then use that to remote desktop into my clients PCs and Servers as needed? Would that be a secure solution? That way I don't have to setup VPNs on all my clients (and have to either buy additional hardware or setup additional Windows services?)? Good idea or no? Thanks.
0
 
LVL 87

Accepted Solution

by:
rindi earned 400 total points
ID: 40555116
Yes it would work, but why pay extra for something you already have and which would only require setting up in the case of an m$ Server OS? A 3rd party VPN would be a similar solution to using Teamviewer or hamachi I suggested earlier. Hamachi used to be free, but I don't know whether it still is, or if it is free, whether you can then use it in a commercial environment.

https://secure.logmein.com/products/hamachi/download.aspx
0
 
LVL 24

Author Comment

by:lionelmm
ID: 40571442
I checked out the hamachi and it looks promising because ti is so simple (or so it seems)--so my thought is to run the software on my laptop and add one server from each client to my network in hamachi and that should allow me to securely connect to an encrypted network. Am I on the right track? I plan to test it this weekend on my laptop and once of the servers.
0
 
LVL 87

Expert Comment

by:rindi
ID: 40571458
It's several years I last used hamachi, I found it rather complicated and slow then. But things might (and probably) have changed in the years since then.
0
 
LVL 24

Author Closing Comment

by:lionelmm
ID: 40589108
thanks for all the helpful advice--don't have it working yet--life has gotten in the way but I think you have provided enough info for me to get it working when I have more time.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now