Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
1828 posts

Uber Geek
Inactive user


  # 1054696 28-May-2014 02:41
Send private message

Can I ask why you need RDP on a 5 PC network 

4552 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1054708 28-May-2014 07:03
Send private message

Athlonite: Can I ask why you need RDP on a 5 PC network 


As mentioned in his replies, he needs to access work computers from home...





 
 
 
 


1965 posts

Uber Geek


  # 1056410 30-May-2014 10:46
Send private message

sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


Yes , but in the real world, you do want the client asks.
When the client companies owners/manager expects almost 100% reliable remote acess, from any out of office site (ie when overseas) you make compromises & cant experiment with settings/routers to try & get things right .

Hardware firewalls & SSL and IPSec VPN clients arnt allways reliable if the 'home' internet connection isnt very good .

5256 posts

Uber Geek

Trusted
Microsoft

  # 1056482 30-May-2014 12:54
2 people support this post
Send private message

1101:
sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


Yes , but in the real world, you do want the client asks.
When the client companies owners/manager expects almost 100% reliable remote acess, from any out of office site (ie when overseas) you make compromises & cant experiment with settings/routers to try & get things right .

Hardware firewalls & SSL and IPSec VPN clients arnt allways reliable if the 'home' internet connection isnt very good .


surely a business owner doesn't want to have their PCs/network p0wned?

if they don't want it setup securely it shouldn't be setup at all IMHO

3344 posts

Uber Geek

Trusted
Vocus

  # 1056500 30-May-2014 13:15
One person supports this post
Send private message

1101:
sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


Yes , but in the real world, you do want the client asks.
When the client companies owners/manager expects almost 100% reliable remote acess, from any out of office site (ie when overseas) you make compromises & cant experiment with settings/routers to try & get things right .

Hardware firewalls & SSL and IPSec VPN clients arnt allways reliable if the 'home' internet connection isnt very good .


There's an element of education in providing IT services.  You must explain to your client why it is a bad idea, and what the consequences would be, and that it would be unprofessional for you to do what they're asking if it is inherently insecure.

3524 posts

Uber Geek

Trusted

  # 1056643 30-May-2014 16:43
Send private message

sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


What about a terminal server?




Speedtest 2019-10-14


5256 posts

Uber Geek

Trusted
Microsoft

  # 1056657 30-May-2014 17:22
Send private message

Zeon:
sbiddle: RDP access should only ever be allowed via specific IP range(s) or via VPN. Exposing it to the internet with no restrictions as you have done is just something you should never do.

 


What about a terminal server?


Same story

But hopefully someone with a server has more resources, experience and capabilities to secure

Also with RDS you can lockdown with SSL and Remote Desktop Gateway so no need for a VPN

 
 
 
 


1965 posts

Uber Geek


  # 1058421 3-Jun-2014 11:18
Send private message

ubergeeknz:
There's an element of education in providing IT services.  You must explain to your client why it is a bad idea, and what the consequences would be, and that it would be unprofessional for you to do what they're asking if it is inherently insecure.


Theres a definite risk in EVERYTHING
The security risk of RDP , via non standard ports is minor......
minor compared to..

the real risk when clients write down the password & stick it onto their laptop
the REAL insecurity of Iphone & Android
the VERY real risk virus's & trojans infecting PC's , effectively opening up a backdoor for hackers
the real risk of users opening scam emails, clicking on links, going to websites that that nothing to do with company buseness
the very big hugs real risk of workers letting their kids/spouse use their laptops after work.

You do what the customer wants. If the NEED reliable remote access, you do what is required. Of course you tell them there is some risk.
Try telling a client they can no longer use their Android for company email as its is very insecure . smile

Lets be honest here, how common in NZ is a RDP hack, when there is a good password & non std port
Compare to how very common virus/trojan/malware infections are on Company PC's & Laptops

5256 posts

Uber Geek

Trusted
Microsoft

  # 1058457 3-Jun-2014 12:12
Send private message

1101:
ubergeeknz:
There's an element of education in providing IT services.  You must explain to your client why it is a bad idea, and what the consequences would be, and that it would be unprofessional for you to do what they're asking if it is inherently insecure.


Theres a definite risk in EVERYTHING
The security risk of RDP , via non standard ports is minor......
minor compared to..

the real risk when clients write down the password & stick it onto their laptop
the REAL insecurity of Iphone & Android
the VERY real risk virus's & trojans infecting PC's , effectively opening up a backdoor for hackers
the real risk of users opening scam emails, clicking on links, going to websites that that nothing to do with company buseness
the very big hugs real risk of workers letting their kids/spouse use their laptops after work.

You do what the customer wants. If the NEED reliable remote access, you do what is required. Of course you tell them there is some risk.
Try telling a client they can no longer use their Android for company email as its is very insecure . smile

Lets be honest here, how common in NZ is a RDP hack, when there is a good password & non std port
Compare to how very common virus/trojan/malware infections are on Company PC's & Laptops


RDP hack is very common

Changing the port to non standard really is just obfuscating, the bots out there running these attacks do a port scan as part of the automated tools looking for fresh meat

4467 posts

Uber Geek


  # 1058468 3-Jun-2014 12:36
Send private message

Lipo: I run a work network comprising a Netgear ADSL modem/router and 5 computers peer to peer networked together. I run a static IP I noticed about a week ago that I was getting a huge amount of upload data traffic from my computer.

It could be between 3-4 gig a day. Obviously it was not anything I was doing. In the resource monitor svchost.exe was sending 12,000 b/sec to a site overseas I am using MS security essentials. I ran a few online virus scanners and malware detectors with no positive results I have reinstalled my operating system and factory reset my router I also remote desktop from home to my work computer. I forward ports 3389 (standard RDP port) on my router to my computers internal IP address. I forward 3390 to my colleagues computer

This morning I have traffic being upload to a site ds9777.dedicated.turbodns.co.uk. Looking at Resource Monitor, svchost was using PID 1320. 1320 in services was being used by Termservice, Nlasvc, plus some others including remote desktop. I guessed that RDP was being used. I changed the port forwarding settings on the router to my computer to 3391. Traffic has now stopped.

So the question I have and perhaps a problem 1. What was happening? 2. If I change forwarding ports other than 3389 (say 3391), once 3389 has been used, RDP does not seem to work. I did also change the registry setting to 3391 from the standard 3389. Solution 3. Any other issues that I need to look at?   Thanks


I stopped using RDP over the internet some time ago - it was hacked by someone with a chinese IP address.  

You should use teamviewer for remote desktop over the internet.   



What does this tag do
1024 posts

Uber Geek

Subscriber

  # 1058476 3-Jun-2014 12:49
One person supports this post
Send private message

If you must do RDP over internet

 

  • restrict in firewall to specific subnets or IP addresses if possible

     

    • you could ask for a static IP address at home which you could limit access to
  • only allow access for a specific named user account, (see 'Limit users who can log in using Remote Desktop')
  • REQUIRE Network Level Authentication
  • install RdpGuard or similar, which (when configured correctly) bans IP addresses from accessing RDP after X failed login attempts

1 | 2 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.