build a home lab environment and securely being able to rdp to the server(s)

Hello Experts, i recently purchased a used server for building a home lab environment. i would like to install win 7 professional as the servers main OS, then install vmware workstation for my virtual machines for sharepoint, exchange, AD practice. I know i can set up remote access to this server by allowing rdp access from my home router (configuring port forwarding), then rdp from public internet using my home servers public IP. I've already tried this and the server was infected with ransomware. Can anybody tell me how i can make this as secure as possible while on a budget?
Newguy 123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
You realize your plan doesn't make a lot of sense, right?

Why would you use Windows 7 on a server class machine when Windows SERVER or ESXi is what that machine was designed to run?

You have the Server license/trial version, LEARN it.  Install Server and run Hyper-V instead of VMWare Workstation.  Or Install ESXi instead of VMWare Workstation and Windows 7.  Either option makes more sense.

Opening RDP to the public is unwise.  Setup a VPN.  I use an Untangle router which includes VPN capablities.  Fairly easy to setup, FREE, can run in a VM on the server or use an OLD PC laying around with a second NIC.

IF you were infected with ransomware, it was probably because you were using weak security - poor passwords, didn't rename the administrator account and who knows what else.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alexey KomarovChief Project EngineerCommented:
Hi,
You can use OpenVPN to connect to a home network, some routers have such functionality.
You can use a firewall to grant access only to trusted public IP addresses.
You can use port forwarding to a non-standard port, this will make it difficult for viruses to discover an open RDP port.
Do not use weak passwords and  install the latest security updates.
0
Mal OsborneAlpha GeekCommented:
Yep, Window Server, HyperV edition and ESXi are both available FREE, so would be silly to install Windows 7 and VMware workstation.

IF you open RDP to the outside world, in a day or a week or a month, script kiddies will find it and you will be hammered with attempts at guessing your password. If you have a weak password it will probably be found, if not you will start have account lockouts. Even wth strong passwords, you really need to either restrict incoming connection to a couple of IP addresses you know, or run a VPN.

Most server class machines also have an inbuilt SD card reader, I would advise booting HyperV or ESXi from this, rather than the main drive arrays.  


https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-2016
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.