Need Security help please!

CessationCessation Member Posts: 326
icroyal wrote:
You can enable remote desktop on your box at home and rdp to it. If you're on a home rrouter, make sure you get the public ip before you leave and make sure you forward port 3389 to the workstation's private ip address.

Ok, I need to be able to do the above without being so left open to attacks.

Anyway to do with without buying an actual pix firewall?
Please help me out. Any help is very much appreciated.
Thanks,
A+, MCP(270,290), CCNA 2008.
Working back on my CCNA and then possibly CCNP.

Comments

  • blackzoneblackzone Member Posts: 82 ■■□□□□□□□□
    Is your windows box behind anything or use public IP directly?

    There might be someway to attack the computer(I just don't know how).

    Even if you use public IP directly, you still need a password to login.
  • CessationCessation Member Posts: 326
    blackzone wrote:
    Is your windows box behind anything or use public IP directly?

    There might be someway to attack the computer(I just don't know how).

    Even if you use public IP directly, you still need a password to login.

    So basically I have this.
    Internet>Modem>Router>Computer
    Forwarded port 3389 to my private addy.

    I just want to make sure Im not too vulnerable.
    A+, MCP(270,290), CCNA 2008.
    Working back on my CCNA and then possibly CCNP.
  • blackzoneblackzone Member Posts: 82 ■■□□□□□□□□
    A few things to note is by default only member of the Administrator group can use RDP(you can add more group).

    Also by default member of the Administrator group with empty password can't logon using RDP(you can change in the computer security setting).

    So I can't really think of any easy way for outside user to access your machine.

    If you want, you can setup a windows server 2003 or linux box as gateway for your windows box. That require additonal computer though.

    Another way is use vmware, but by default, windows only support one desktop, that means you can't have a vmware firewall open in the desktop you want to login(because you need to logout to login RDP). There are some windows toy which allow multiple desktop though.
  • blackzoneblackzone Member Posts: 82 ■■□□□□□□□□
    Cessation wrote:
    blackzone wrote:
    Is your windows box behind anything or use public IP directly?

    There might be someway to attack the computer(I just don't know how).

    Even if you use public IP directly, you still need a password to login.

    So basically I have this.
    Internet>Modem>Router>Computer
    Forwarded port 3389 to my private addy.

    I just want to make sure Im not too vulnerable.

    well, I'm sure your router have some sort of firewall protection right?

    Maybe you can set up a rule that only the computer you want can send RDP through the router. (e.g. allow only the IP or subnet of IP from your office to send RDP connection.)
  • agustinchernitskyagustinchernitsky Member Posts: 299
    Hello...

    A good way to improve your security: Change the default port...

    RDP: 40000

    You have to go into your registry and change the RDP port... then map the port from your router to your internal IP.... you will get better security (hackers will have to guess your port now).
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Set up an RRAS server for a VPN is a possibility. Make the VPN connection first, then RDP through that.

    On your router, you can set up a different port than 3389 to forward to your computer for RDP. Then when you want to connect, in the Computer box, type the computer name or the IP address of the computer that you want to connect to, followed by a colon and the port number that you want to use.
    You can change the listening port to something other than 3389 by editing the registry on the computer you want to connect to.
    http://support.microsoft.com/kb/306759/

    Me slow typist, agustinchernitsky beat me! icon_rolleyes.gificon_lol.gificon_wink.gif
    All things are possible, only believe.
  • SieSie Member Posts: 1,195
    Guys can i just ask i quick related question?

    What Software Firewalls do you use?

    I currently use free version of Zonealarms but have got to a point where i need to configure specific open ports. (have setup RDP over another port using tsweb) But free version does not support this. So before i go buy full version can you recommend another free one or good paid for one?

    Cheers.
    Foolproof systems don't take into account the ingenuity of fools
  • CessationCessation Member Posts: 326
    Hello...

    A good way to improve your security: Change the default port...

    RDP: 40000

    You have to go into your registry and change the RDP port... then map the port from your router to your internal IP.... you will get better security (hackers will have to guess your port now).

    Fantastic!
    Thanks to all that posted. (even Mr. sprkymrk the slow typist =P)
    A+, MCP(270,290), CCNA 2008.
    Working back on my CCNA and then possibly CCNP.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Cessation wrote:
    Fantastic!
    Thanks to all that posted. (even Mr. sprkymrk the slow typist =P)

    Yoooooooooouuuuuuuuuuuurrrrrrrrr
    welllllllllllllllcoooooooooooooommmmmmme...........

    icon_lol.gif
    All things are possible, only believe.
  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    Just changing the port number is what some people call "security by obfuscation". The kiddies will still figure out what you have open once they do a port scan on your IP address.

    Leaving 3389 open leaves a couple possibilities for a breach. 1) Guessing the password for one of the accounts with remote desktop permisisons; 2) a vulnerability in the Remote Desktop (actually Terminal Server) service that a hacker could exploit to take over your machine.

    Me personally, I ssh into my linux router and use tunneling to forward local ports on my work PC to the remote desktop at my house, but that's beyond the scope of this thread. :)
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • CessationCessation Member Posts: 326
    blargoe wrote:
    I ssh into my linux router and use tunneling to forward local ports on my work PC to the remote desktop at my house, but that's beyond the scope of this thread. :)

    Sadly you are right. I could possibly get another machine but that would require more time and effort than I think this might need.

    Ill just change everything back when im not at school. That should limit the chances of anything happeng.
    A+, MCP(270,290), CCNA 2008.
    Working back on my CCNA and then possibly CCNP.
  • blackzoneblackzone Member Posts: 82 ■■□□□□□□□□
    blargoe wrote:
    Leaving 3389 open leaves a couple possibilities for a breach.

    2) a vulnerability in the Remote Desktop (actually Terminal Server) service that a hacker could exploit to take over your machine.

    Um... what vulnerability? How old is it? Default XP SP2 or Server 2003 SP1 patched it?
  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    I wasn't referring to recently published vunlerability. I was just saying the possibility of a vulnerability exists. It is, after all, Windows. Just because a bulletin hasn't been published doesn't mean that one cannot exist.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    blargoe wrote:
    Just changing the port number is what some people call "security by obfuscation". The kiddies will still figure out what you have open once they do a port scan on your IP address.

    Leaving 3389 open leaves a couple possibilities for a breach. 1) Guessing the password for one of the accounts with remote desktop permisisons; 2) a vulnerability in the Remote Desktop (actually Terminal Server) service that a hacker could exploit to take over your machine.
    I believe the term is "Security Through Obscurity", but it means the same thing, and you are correct. However, it is slightly more secure in the fact that script kiddies who run exploits based soley upon "automated" scripts will just launch an attack against port 3389 without even bothering to see if RDP is running. They could care less if it doesn't work on 1000 boxes, they just want to find a single box it does work on. If you run RDP on a different listening port, the automated stuff will pass you by. A port scanner is noisy, especially one scanning high ports like 25,000 and higher.

    Regarding your second point, a quick google search found:
    http://www.microsoft.com/technet/security/bulletin/MS05-041.mspx
    http://www.securiteam.com/windowsntfocus/5EP010KG0G.html

    Nothing new, but just a couple of examples to support your point.
    All things are possible, only believe.
  • agustinchernitskyagustinchernitsky Member Posts: 299
    blargoe wrote:
    Just changing the port number is what some people call "security by obfuscation". The kiddies will still figure out what you have open once they do a port scan on your IP address.

    Well, yes and no. First of all, there is no perfect security. :)

    Second, as sprkymrk says, script kiddies will use nmap, nessus or whatever automated scanner that will, by default scan on ports defined by their database. So, if you use a very high port, ie 40000 for RDP, you know that an automated scanner won't detect that.

    Now, of course, an advanced hacker or a kiddie with more attitude might try and scan all the 65556 ports (that was the number no?) and they of course will detect something is running at 40000.

    Another thing a friend of mine did... he inversed telnet and ssh ports... so you can do the same here... run RDP on port 22 or 23... It will detect as an telnet or SSH service.

    Still, as always: defence in depths: use Antivirus, strong passwords, modifiy User Rights, do not use default accounts, so on, so forth.
Sign In or Register to comment.