Quote:
Originally Posted by rainfreak
Being in IT for over 12 years, I can tell you that any remote connectivity is a risky thing. I personally use LogMeIn for my home stuff just because it incorporates the computer/domain account logon as well as runs over SSL, for additional security. And it is not only very simple to setup and maintain, but it is also free. For my company's network, I use a two layer approach: VPN over SSL -> Remote Desktop.
As for changing the port number for which RDC is being forwarded on, that really doesn't matter. My area of expertise in IT has been network and infrastructure security for the last five years or so, and I have seen a lot of the tools that these "script kiddies" are using to hack into people's computers and networks. I have even used many of them, to get a better idea of how they work and what they are looking for, to ensure that my networks are as safe as possible. What I have found is that most of the port scanners that are typically used start at the higher port numbers anyway. Because these are the non-typical ports and are usually people trying to hide their legitmate port forwarding. Another reason is that many people download music/movies/etc. from torrents, emule, etc., and p2p protocols run on higher ports. For them to work correctly, these ports have to be forwarded. There are also some legitimate software applications that listen on high ports for seemingly no reason at all.
One of the best applicaitons for Windows password auditing and hacking is a commercial product called L0phtCrack, http://www.securityfocus.com/tools/1005. This can be run remotely and can crack a hard password (minimum of 8 characters with at least one alpha, one numeric and one non-alphanumeric character) in about thirty minutes (average). This same program, and many others just like it, are rampant on torrent sites and in other p2p sharing (emule, etc).
The worst part of all is that being hacked is almost never about what you have, but what they want to use your network connection for. Imagine this... you are hacked and the hacker downloads a bunch of child pornography to your computer, then uploads it to another hacked FTP server for distribution. When it comes down to it, if your IP address is traced, since you have no legitimate way to prove that you were hacked, you are now in trouble for downloading child pornography. And then distributing it. Or distributing copyrighted movies, music, software, etc. Does it really happen? Yup, all the time. For the first 6 years of my IT career I worked as a network administrator for three large Internet Service Providers. And I saw this exact scenario more than once, personally.
So if I were you I would just use LogMeIn, for free, and add the extra layer of security to your network. And check to see if UPNP is running on your Windows computers. Because if it is, and ports are being forwarded, you should find out what ports are being forwarded, and block them as well.
If you want to talk about it more, PM me, and we can discuss... |
I've been in charge of security for 3 different internet providers in my >12 years of experience in IT, and I can say that there is VERY little security risk in forwarding a random port for remote desktop (although I admit I cannot say there is no security risk - but equivilent to logmein - read on). Although if there was a security risk shown for remote desktop, it would be possible to break into a machine, it would require A) the security risk to be a major risk involving remote access B) the person breaking in to not only be scanning for open machines, but to be looking specifically at the machine in question.
People do not routinely scan individual machines on all port numbers. If looking for a known security risk on a large number of machines, it is simply not efficient to scan all ports. This requires a large amount of time. It is much easier to check port 3389 on every machine, scanning all ports would require a large amount of time to check large networks.
If on the other hand, you had an enemy with a lot of knowledge really out to get you and watching your machine, it would not be unreasonable to expect them to discover the flaw and scan all ports on your machine, but with most security flaws it would be fixed within a few days. With windows update enabled this would generally be fixed before any enemy would have a chance to scan your entire machine and find the flaw and exploit it. But that would require them up on security knowledge, knowing you had remote desktop open, and scanning/checking security exploits every few days.
Let's be realistic here as well, it's not realistic to suggest VPN to remote desktop for users, as they do not have an external server that will support a VPN connection in, and forwarding the proper ports/protocols (depending on the type of VPN connection) to their main machine would create as many security risks (or many more) as forwarding a random port to be used for remote desktop. Not only that but it is a huge PITA to set up anyways for a normal user.
All in all, remote desktop on a random port is as or more secure than logmein because not only are you not trusting a 3rd party with your information, you are not making it publicly known that you are allowing connections, and also logmein can be broken into by brute force (by trying all available passwords) just as easily as remote desktop (assuming they know you are running either).
Basically, unless you have someone seriously out to break into your machine that is willing to watch your machine and security mailing lists like a hawk, you are just as or more secure running remote desktop on a random port as you are running logmein, or forwarding VPN to your main machine (although, sure, having a seperate server for VPN would be better, it's definitely not feasible for an average user). There is little to no risk involved in running remote desktop on a random port for the average user.
I do, however, agree that UPNP should not be forwarding this port or any additional ports directly as it creates a security hole. Generally, however, UPNP will not forward any defaultly open ports, but remote desktop may be forwarded as this is something you open yourself.
edit: by the way l0phtcrack requires a windows password file to crack the password, so it's use being mentioned here means nothing unless you already have access to the windows password file of the machine in question. This is certainly not the case when using a remote desktop exploit, or trying to bruteforce a password over remote desktop (it takes FAR longer over the internet - we're talking months/years for an 8 character password and FAR longer for anything more, and l0phtcrack will not do this, on top of that they would have to guess your username too, so we're talking many many MANY years to guess all possible combinations). Changing the port number also does matter, as it means they have to be looking directly at your machine instead of scanning large networks as most/all 'script kiddies' do. You have to have someone seriously after you specifically as mentioned above to scan all ports on your machine. LogMeIn is no more secure in this regard as it is FAR more likely that they would discover your password by breaking into logmein than bruteforcing remotedesktop on your machine.