Safest RDP connection

Discussion in 'Windows Applications' started by Tuffgong4, Jun 22, 2008.

  1. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    I would like to open some ports in my router to rdp into my system at home and am wondering if using default ports would be safe enough or should I translate certain ports though the router to the system I want to?

    I'll also be setting up either an http or ftp file server for myself and family so they can grab things from me when they want. Again what is the safest way possible.
     
  2. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    as-is is safe.
     
  3. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    Myself, I setup a different port for RDP, the router just does the change tho, the comp is still set for 3389.

    For FTP and HTTP I just leave em on the defaults, altho I do own a domain so it's a must unless I want ppl to have to specify a port.
     
  4. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    If your ISP allows, then I would do as LofLA says, stick with as is. Easier to configure, and all is password protected.


    Heeter
     
  5. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    well I have a dyndns domain so it would be easy to connect. I'll be testing it out soon and hopefully all works well.
     
  6. Shamus MacNoob

    Shamus MacNoob Moderator Political User

    Messages:
    4,199
    Location:
    L'Ile Perrot Quebec
  7. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    I use Logmein right now, but would like to move to RDP. Can't really say why but I just feel more comfortable using RDP.

    I'm also thinking of setting up my dyndns domain on my router and then directing the traffic to my desktop. Don't know how to direct traffic from the router with dyndns than just having the dyndns client on my system.
     
  8. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    RDP uses 128bit encryption, log me in uses 448 bit. Thats the only real difference.

    All changing ports does is make life difficult for you, it doesn't stop a port scan finding where you moved remote desktop or any other service to.

    People that think it helps with security are very well practiced at talking out their behinds.
     
  9. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    I'm going to test all the default RDP settings today when I leave my home network and test it all out.

    Thanks everyone and I'll post back when I start with the http file server.
     
  10. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    All the DynDNS client does (unless it's changed) is check your current WAN IP address and update it. It doesn't handle any traffic forwarding, switching it to your router would be better since you don't have to have your computer on for an IP update to take place.

    For forwarding traffic, just forward the ports you need, don't use the DMZ zone or forward unused ports.
     
  11. _kC_

    _kC_ Moderator

    Messages:
    514
    you could use rdp over hamachi, then no need to forward any ports
     
  12. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    since I'm using dd-wrt it supports dyndns so I figured I'd just put there.

    I've never used DMZ besides in testing and then shut it off right right away...
     
  13. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    Ya that would be the best place to put it.
     
    Tuffgong4 likes this.
  14. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    so on my router I've set up port xxxxx to forward to my local ip address on the network...going to try it tomorrow.
     
  15. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    No point changing the ports. Just use 3389.
     
  16. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    What you should also do is if you use DHCP is setup whats called a static lease or reserved IP. It tells the DHCP server that this MAC address always gets this IP.

    That way your computer's IP won't change and break the port forward rule.