Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
1828 posts

Uber Geek
+1 received by user: 215
Inactive user


  Reply # 1054696 28-May-2014 02:41
Send private message

Can I ask why you need RDP on a 5 PC network 

4427 posts

Uber Geek
+1 received by user: 831

Trusted
Lifetime subscriber

  Reply # 1054708 28-May-2014 07:03
Send private message

Athlonite: Can I ask why you need RDP on a 5 PC network 


As mentioned in his replies, he needs to access work computers from home...





1496 posts

Uber Geek
+1 received by user: 338


  Reply # 1056410 30-May-2014 10:46
Send private message

sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


Yes , but in the real world, you do want the client asks.
When the client companies owners/manager expects almost 100% reliable remote acess, from any out of office site (ie when overseas) you make compromises & cant experiment with settings/routers to try & get things right .

Hardware firewalls & SSL and IPSec VPN clients arnt allways reliable if the 'home' internet connection isnt very good .

4956 posts

Uber Geek
+1 received by user: 1318

Trusted
Microsoft

  Reply # 1056482 30-May-2014 12:54
2 people support this post
Send private message

1101:
sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


Yes , but in the real world, you do want the client asks.
When the client companies owners/manager expects almost 100% reliable remote acess, from any out of office site (ie when overseas) you make compromises & cant experiment with settings/routers to try & get things right .

Hardware firewalls & SSL and IPSec VPN clients arnt allways reliable if the 'home' internet connection isnt very good .


surely a business owner doesn't want to have their PCs/network p0wned?

if they don't want it setup securely it shouldn't be setup at all IMHO

3343 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  Reply # 1056500 30-May-2014 13:15
One person supports this post
Send private message

1101:
sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


Yes , but in the real world, you do want the client asks.
When the client companies owners/manager expects almost 100% reliable remote acess, from any out of office site (ie when overseas) you make compromises & cant experiment with settings/routers to try & get things right .

Hardware firewalls & SSL and IPSec VPN clients arnt allways reliable if the 'home' internet connection isnt very good .


There's an element of education in providing IT services.  You must explain to your client why it is a bad idea, and what the consequences would be, and that it would be unprofessional for you to do what they're asking if it is inherently insecure.

3396 posts

Uber Geek
+1 received by user: 398

Trusted

  Reply # 1056643 30-May-2014 16:43
Send private message

sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


What about a terminal server?





4956 posts

Uber Geek
+1 received by user: 1318

Trusted
Microsoft

  Reply # 1056657 30-May-2014 17:22
Send private message

Zeon:
sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


What about a terminal server?


Same story

But hopefully someone with a server has more resources, experience and capabilities to secure

Also with RDS you can lockdown with SSL and Remote Desktop Gateway so no need for a VPN

1496 posts

Uber Geek
+1 received by user: 338


  Reply # 1058421 3-Jun-2014 11:18
Send private message

ubergeeknz:
There's an element of education in providing IT services.  You must explain to your client why it is a bad idea, and what the consequences would be, and that it would be unprofessional for you to do what they're asking if it is inherently insecure.


Theres a definite risk in EVERYTHING
The security risk of RDP , via non standard ports is minor......
minor compared to..

the real risk when clients write down the password & stick it onto their laptop
the REAL insecurity of Iphone & Android
the VERY real risk virus's & trojans infecting PC's , effectively opening up a backdoor for hackers
the real risk of users opening scam emails, clicking on links, going to websites that that nothing to do with company buseness
the very big hugs real risk of workers letting their kids/spouse use their laptops after work.

You do what the customer wants. If the NEED reliable remote access, you do what is required. Of course you tell them there is some risk.
Try telling a client they can no longer use their Android for company email as its is very insecure . smile

Lets be honest here, how common in NZ is a RDP hack, when there is a good password & non std port
Compare to how very common virus/trojan/malware infections are on Company PC's & Laptops

4956 posts

Uber Geek
+1 received by user: 1318

Trusted
Microsoft

  Reply # 1058457 3-Jun-2014 12:12
Send private message

1101:
ubergeeknz:
There's an element of education in providing IT services.  You must explain to your client why it is a bad idea, and what the consequences would be, and that it would be unprofessional for you to do what they're asking if it is inherently insecure.


Theres a definite risk in EVERYTHING
The security risk of RDP , via non standard ports is minor......
minor compared to..

the real risk when clients write down the password & stick it onto their laptop
the REAL insecurity of Iphone & Android
the VERY real risk virus's & trojans infecting PC's , effectively opening up a backdoor for hackers
the real risk of users opening scam emails, clicking on links, going to websites that that nothing to do with company buseness
the very big hugs real risk of workers letting their kids/spouse use their laptops after work.

You do what the customer wants. If the NEED reliable remote access, you do what is required. Of course you tell them there is some risk.
Try telling a client they can no longer use their Android for company email as its is very insecure . smile

Lets be honest here, how common in NZ is a RDP hack, when there is a good password & non std port
Compare to how very common virus/trojan/malware infections are on Company PC's & Laptops


RDP hack is very common

Changing the port to non standard really is just obfuscating, the bots out there running these attacks do a port scan as part of the automated tools looking for fresh meat

3677 posts

Uber Geek
+1 received by user: 1190


  Reply # 1058468 3-Jun-2014 12:36
Send private message

Lipo: I run a work network comprising a Netgear ADSL modem/router and 5 computers peer to peer networked together. I run a static IP I noticed about a week ago that I was getting a huge amount of upload data traffic from my computer.

It could be between 3-4 gig a day. Obviously it was not anything I was doing. In the resource monitor svchost.exe was sending 12,000 b/sec to a site overseas I am using MS security essentials. I ran a few online virus scanners and malware detectors with no positive results I have reinstalled my operating system and factory reset my router I also remote desktop from home to my work computer. I forward ports 3389 (standard RDP port) on my router to my computers internal IP address. I forward 3390 to my colleagues computer

This morning I have traffic being upload to a site ds9777.dedicated.turbodns.co.uk. Looking at Resource Monitor, svchost was using PID 1320. 1320 in services was being used by Termservice, Nlasvc, plus some others including remote desktop. I guessed that RDP was being used. I changed the port forwarding settings on the router to my computer to 3391. Traffic has now stopped.

So the question I have and perhaps a problem 1. What was happening? 2. If I change forwarding ports other than 3389 (say 3391), once 3389 has been used, RDP does not seem to work. I did also change the registry setting to 3391 from the standard 3389. Solution 3. Any other issues that I need to look at?   Thanks


I stopped using RDP over the internet some time ago - it was hacked by someone with a chinese IP address.  

You should use teamviewer for remote desktop over the internet.   



What does this tag do
960 posts

Ultimate Geek
+1 received by user: 194

Subscriber

  Reply # 1058476 3-Jun-2014 12:49
One person supports this post
Send private message

If you must do RDP over internet

 

  • restrict in firewall to specific subnets or IP addresses if possible

     

    • you could ask for a static IP address at home which you could limit access to
  • only allow access for a specific named user account, (see 'Limit users who can log in using Remote Desktop')
  • REQUIRE Network Level Authentication
  • install RdpGuard or similar, which (when configured correctly) bans IP addresses from accessing RDP after X failed login attempts

1 | 2 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44


OPPO brings advanced technology to the smartphone market with new device
Posted 24-Jul-2018 09:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.