Accesing Pc's from outside a network.

cmdolcet
cmdolcet used Ask the Experts™
on
I have a user that would like to log onto a PC inside or network from outside. Do I just need to setup him up with a user account and let him use the RDP connection?

I am unfamiliar with the setup.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
They will need a VPN connection such as AT&T global network client and a RSA token.
Then they can RDP

Author

Commented:
pJam....when you talk about this.... you mean they need to be hooked up to the internet correct?

Commented:
Yes but they need to have a tunnel to your network.  You computers are probably on private IP numbers such as 10.x.x.x or 192.168.1.x while they are on their ISP's IP number.
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Author

Commented:
pJam yes correct...so who would setup that tunnel? me or them. I have a user account all setup thy can use.. but how do you set that up?
Top Expert 2016

Commented:
you have a public ip address that the world knows.. typically one has more than 1 machine that uses this public ip. via a router. so you have to add a NAT (network address translation) rule which will route a protocol (tcp or udp or both) and a port from outside to an ip address on the inside. i.e. RDP to 192.168.0.100
public ip (24.12.34.56) -> tcp request on port 3389 -> router -> 192.168.0.100 (machine that will use RDP
the machine with ip 192.168.0.100 will then authenticate the username and password, local firewall rule to allow tcp port 3389

creating a vpn requires more work._
Technology and Business Process Advisor
Most Valuable Expert 2013
Commented:
Creating a VPN does require more work... But it's also FAR more secure than forwarding your public IP (that opens you up to TSGrinder attacks).

You could also just have them get a subscription to GoToMyPC or similar service and let them connect with that.

Author

Commented:
Lee W I suggested that however they said this was industry standard and using GoToMyPC or Webex or Join.me or anything like that would take longer.
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

Commented:
Well, whoever they are should be fired if they have ANY critical data they want to protect and keep people out of the network.  Tell them if they aren't concerned about the security risks, just remove the  antiviirus while they're at it - since AV requires resources and firewall is all they need.

And when they look at you like you're an idiot for even suggesting it, tell them it's very similar to poking holes in the firewall / router to allow RDP and TSGrinder attacks.  IF you do this foolish thing, check your event logs - you'll start being hit daily with massive amounts of bad logins for accounts that don't exist... and HOPEFULLY, they guess RIGHT!
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

Commented:
(Don't actually do that - but maybe print this and show them this post).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial