1

I have been asked to admin the server of a small business located in another city. The server is basically a Windows XP Pro PC being used as a file server for the 4-5 workers in the office, and I'll need a way to access it remotely... but also securely; in other words, I really don't like the idea of leaving any RDP/VNC/whatever service wide open to the entire Internet.

After having a quick look at the server, I noticed that the previous admin had Team Viewer installed on it, but I have no idea of whether the business has the proper licenses for it (small business, no IT staff... you know how it goes). In principle, I'd prefer to use it, since I like the fact that it uses TeamViewer's own servers to route traffic, which means that I'd have to open the firewall only to TeamViewer's servers. However, I don't know whether I'll be able to use it...

...Which brings me to Remote Desktop. I have read this answer about how to tunnel RDP over HTTPS, but it depends on a new feature in Windows Server 2008, so I can't use it. Is there any other way to secure RDP access, considering my constraints? (mostly: Windows XP as server). Any other software that might be useful?

Community
  • 1
PaulJ
  • 151
  • 5
  • 2
    Honestly, 1 machine? Use Logmein Free. No need to make this any more complicated. – DanBig Jan 08 '13 at 20:23
  • 1
    FWIW, while there is a lot of discussion about the pros and cons of RDP, I've personally never heard even a hint of an RDP session that was compromised, other than in a special hacking lab environment. – John Gardeniers Jan 08 '13 at 22:09

4 Answers4

1

I wou ld opt for a network solution that allows incoming RDP connections based on a defined access list. This depends on the type of router and firewall they have, but would it be possible to add a rule to the gateway that allows incoming RDP from your IP?

Otherwise, it might be worthwhile to set up a VPN tunnel to the host if you are going to be doing routine administration.

David Houde
  • 3,200
  • 1
  • 16
  • 19
1

TeamViewer uses port 80 or 443 so it should be a breeze to setup.

I would worry much about licensing unless you are working for a very large corporation.

I once purchased a license from them and it costs about 2000$.

The only thing you need to worry about is using the same version on the "server" and on your PC. That is the only constraint of using that application.

Alex
  • 3,129
  • 21
  • 28
0

Remote Desktop is secure by default. Sessions are encrypted with 128 bit encryption. You want to make sure you are on SP3 and all updates are installed before you expose port 3389. I would want to restrict access to the machine by IP also. The SSL Tunnel is mostly so that the client can authenticate the server, not the other way around.

Edwin
  • 1,041
  • 7
  • 17
0

I'm With DanBig, LogMeIn or GotoMyPC. You don't need to open any firewalls because it uses a reverse connection to the LoginMeIn/GotoMyPC servers. Clean and Simple! Just how it should be!

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
GeoSword
  • 1,657
  • 12
  • 16
  • I concur with GeoSword and DanBig. The products they mentioned we're created for just such a scenario. – John Homer Jan 08 '13 at 21:52
  • 1
    It's just a pity that both have been compromised more than once. – John Gardeniers Jan 08 '13 at 22:13
  • Hello. Can you elaborate on the security risks of LogMeIn and GotoMyPC? I've done a quick Google search, but haven't found much relevant info. – PaulJ Jan 09 '13 at 11:43
  • @PaulJ, both systems have a poor security record, with each having had their servers compromised on several occasions. Google is a poor source for such information but there are plenty of hacker, I mean "security related", sites with information on the topic. – John Gardeniers Jan 17 '13 at 09:08