Athlonite: Can I ask why you need RDP on a 5 PC network 

sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 

1101:

sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 

Yes , but in the real world, you do want the client asks.
When the client companies owners/manager expects almost 100% reliable remote acess, from any out of office site (ie when overseas) you make compromises & cant experiment with settings/routers to try & get things right .

Hardware firewalls & SSL and IPSec VPN clients arnt allways reliable if the 'home' internet connection isnt very good .

1101:

sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 

Yes , but in the real world, you do want the client asks.
When the client companies owners/manager expects almost 100% reliable remote acess, from any out of office site (ie when overseas) you make compromises & cant experiment with settings/routers to try & get things right .

Hardware firewalls & SSL and IPSec VPN clients arnt allways reliable if the 'home' internet connection isnt very good .

sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 

Zeon:

sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 

What about a terminal server?

ubergeeknz:
There's an element of education in providing IT services.  You must explain to your client why it is a bad idea, and what the consequences would be, and that it would be unprofessional for you to do what they're asking if it is inherently insecure.

1101:

ubergeeknz:
There's an element of education in providing IT services.  You must explain to your client why it is a bad idea, and what the consequences would be, and that it would be unprofessional for you to do what they're asking if it is inherently insecure.

Theres a definite risk in EVERYTHING
The security risk of RDP , via non standard ports is minor......
minor compared to..

the real risk when clients write down the password & stick it onto their laptop
the REAL insecurity of Iphone & Android
the VERY real risk virus's & trojans infecting PC's , effectively opening up a backdoor for hackers
the real risk of users opening scam emails, clicking on links, going to websites that that nothing to do with company buseness
the very big hugs real risk of workers letting their kids/spouse use their laptops after work.

You do what the customer wants. If the NEED reliable remote access, you do what is required. Of course you tell them there is some risk.
Try telling a client they can no longer use their Android for company email as its is very insecure .

Lets be honest here, how common in NZ is a RDP hack, when there is a good password & non std port
Compare to how very common virus/trojan/malware infections are on Company PC's & Laptops

Lipo: I run a work network comprising a Netgear ADSL modem/router and 5 computers peer to peer networked together. I run a static IP I noticed about a week ago that I was getting a huge amount of upload data traffic from my computer.

It could be between 3-4 gig a day. Obviously it was not anything I was doing. In the resource monitor svchost.exe was sending 12,000 b/sec to a site overseas I am using MS security essentials. I ran a few online virus scanners and malware detectors with no positive results I have reinstalled my operating system and factory reset my router I also remote desktop from home to my work computer. I forward ports 3389 (standard RDP port) on my router to my computers internal IP address. I forward 3390 to my colleagues computer

This morning I have traffic being upload to a site ds9777.dedicated.turbodns.co.uk. Looking at Resource Monitor, svchost was using PID 1320. 1320 in services was being used by Termservice, Nlasvc, plus some others including remote desktop. I guessed that RDP was being used. I changed the port forwarding settings on the router to my computer to 3391. Traffic has now stopped.

So the question I have and perhaps a problem 1. What was happening? 2. If I change forwarding ports other than 3389 (say 3391), once 3389 has been used, RDP does not seem to work. I did also change the registry setting to 3391 from the standard 3389. Solution 3. Any other issues that I need to look at?   Thanks