|
Remote Desktop
Hey everyone... I searched but i cant seam to find an answer to my question. I got remote desktop to work when my mogul is connected to the router that the computer is connected on... is it possible to use EVDO away from my home network? Preferably a free way! and if so can someone point me in the direction of a tutorial? Thank you!
|
Re: Remote Desktop
Quote:
|
Re: Remote Desktop
and how do I find my external ip address! that's not the simple 192.168.1.100 I assume.
So it works when using wifi for me but I just can't do it without being on the same network as the computer. I want to be able to control thecomputer from like school or work. |
Re: Remote Desktop
Quote:
Note that you will probably have to forward the port in your router (unless it supports UPNP and you have windows set to forward it automatically in your router (not sure if it will do this for remote desktop)... If this is too confusing for you just try it with that address (and it may very well work without doing anything), if it doesn't work you will have to forward the port in your router. If it works now, ignore the next section: This is accomplished usually by visiting http://192.168.1.1 on your home computer, logging into the router (often the password is simply admin with no username, otherwise you may need to look it up in your router's manual which is usually available online from your router manufacturer's website). Go into the port forwarding area and forward port 3389 to your computer's internal IP (192.168.1.100). Note that this address can change if you have multiple computers connecting to your home network and you are using dhcp. You can set it to not change somewhere in your router config, or if you only have one computer on there it might not ever change and you might not have to worry about it. |
Re: Remote Desktop
Quote:
i can now remote, from my work location, to my home PC through my device. when i jumped for joy and ran over to show my developer buddies 3 cubes down, they laughed at how seemingly unsecured this was. however, i had to 'allow' incoming connections from my device IP address, before my Kaspersky firewall would accept that connection. with that said, IS this really all that secure, and could anyone with a packet sniffer actually connect to my IP address and log in ? I also DID port forward 3389 in my router admin.. should i un-do that ? or is that the action that actually allows this connection.. i'm just amazed at how simple it is now to be able to remote to my home machine like this ! but am slightly concerned at the security of it now... any comments ? |
Re: Remote Desktop
Anytime you forward a port to a computer there is risk, you are opening a service up to the entire Internet. Was playing with SSH a while back, and in a matter of a few weeks I was getting hammered with brute force attacks daily.
|
Re: Remote Desktop
Quote:
or is the forwarding of port 3389 the magic key to all of this.. |
Re: Remote Desktop
Quote:
Remote desktop is secure though anyways, as long as you don't have any easy to guess passwords on accounts you allow remote connections on. Remote desktop is also encrypted so you can't just sniff it and connect. Many businesses use it. If a security flaw is ever found in remote desktop, as long as you have windows update on, your computer will automatically patch it anyways, but changing the port will keep anyone looking for that kind of thing out. Edit: use a port from about 10000 to 65535 (the maximum port number).... |
Re: Remote Desktop
Quote:
edit: In all actuality though it really doesn't matter anyways unless someone can guess your password or a security flaw was found in remote desktop. I keep mine on a different port anyways though because I'm paranoid. |
Re: Remote Desktop
you could also try installing logmein, which is a program that runs on your computer, and allows you to connect to it and do remote desktop from just about any internet enabled device. www.logmein.com
|
Re: Remote Desktop
Holo you helped a lot!!! It works anywhere now! Thanks!
|
Re: Remote Desktop
Being in IT for over 12 years, I can tell you that any remote connectivity is a risky thing. I personally use LogMeIn for my home stuff just because it incorporates the computer/domain account logon as well as runs over SSL, for additional security. And it is not only very simple to setup and maintain, but it is also free. For my company's network, I use a two layer approach: VPN over SSL -> Remote Desktop.
As for changing the port number for which RDC is being forwarded on, that really doesn't matter. My area of expertise in IT has been network and infrastructure security for the last five years or so, and I have seen a lot of the tools that these "script kiddies" are using to hack into people's computers and networks. I have even used many of them, to get a better idea of how they work and what they are looking for, to ensure that my networks are as safe as possible. What I have found is that most of the port scanners that are typically used start at the higher port numbers anyway. Because these are the non-typical ports and are usually people trying to hide their legitmate port forwarding. Another reason is that many people download music/movies/etc. from torrents, emule, etc., and p2p protocols run on higher ports. For them to work correctly, these ports have to be forwarded. There are also some legitimate software applications that listen on high ports for seemingly no reason at all. One of the best applicaitons for Windows password auditing and hacking is a commercial product called L0phtCrack, http://www.securityfocus.com/tools/1005. This can be run remotely and can crack a hard password (minimum of 8 characters with at least one alpha, one numeric and one non-alphanumeric character) in about thirty minutes (average). This same program, and many others just like it, are rampant on torrent sites and in other p2p sharing (emule, etc). The worst part of all is that being hacked is almost never about what you have, but what they want to use your network connection for. Imagine this... you are hacked and the hacker downloads a bunch of child pornography to your computer, then uploads it to another hacked FTP server for distribution. When it comes down to it, if your IP address is traced, since you have no legitimate way to prove that you were hacked, you are now in trouble for downloading child pornography. And then distributing it. Or distributing copyrighted movies, music, software, etc. Does it really happen? Yup, all the time. For the first 6 years of my IT career I worked as a network administrator for three large Internet Service Providers. And I saw this exact scenario more than once, personally. So if I were you I would just use LogMeIn, for free, and add the extra layer of security to your network. And check to see if UPNP is running on your Windows computers. Because if it is, and ports are being forwarded, you should find out what ports are being forwarded, and block them as well. If you want to talk about it more, PM me, and we can discuss... |
Re: Remote Desktop
Quote:
People do not routinely scan individual machines on all port numbers. If looking for a known security risk on a large number of machines, it is simply not efficient to scan all ports. This requires a large amount of time. It is much easier to check port 3389 on every machine, scanning all ports would require a large amount of time to check large networks. If on the other hand, you had an enemy with a lot of knowledge really out to get you and watching your machine, it would not be unreasonable to expect them to discover the flaw and scan all ports on your machine, but with most security flaws it would be fixed within a few days. With windows update enabled this would generally be fixed before any enemy would have a chance to scan your entire machine and find the flaw and exploit it. But that would require them up on security knowledge, knowing you had remote desktop open, and scanning/checking security exploits every few days. Let's be realistic here as well, it's not realistic to suggest VPN to remote desktop for users, as they do not have an external server that will support a VPN connection in, and forwarding the proper ports/protocols (depending on the type of VPN connection) to their main machine would create as many security risks (or many more) as forwarding a random port to be used for remote desktop. Not only that but it is a huge PITA to set up anyways for a normal user. All in all, remote desktop on a random port is as or more secure than logmein because not only are you not trusting a 3rd party with your information, you are not making it publicly known that you are allowing connections, and also logmein can be broken into by brute force (by trying all available passwords) just as easily as remote desktop (assuming they know you are running either). Basically, unless you have someone seriously out to break into your machine that is willing to watch your machine and security mailing lists like a hawk, you are just as or more secure running remote desktop on a random port as you are running logmein, or forwarding VPN to your main machine (although, sure, having a seperate server for VPN would be better, it's definitely not feasible for an average user). There is little to no risk involved in running remote desktop on a random port for the average user. I do, however, agree that UPNP should not be forwarding this port or any additional ports directly as it creates a security hole. Generally, however, UPNP will not forward any defaultly open ports, but remote desktop may be forwarded as this is something you open yourself. edit: by the way l0phtcrack requires a windows password file to crack the password, so it's use being mentioned here means nothing unless you already have access to the windows password file of the machine in question. This is certainly not the case when using a remote desktop exploit, or trying to bruteforce a password over remote desktop (it takes FAR longer over the internet - we're talking months/years for an 8 character password and FAR longer for anything more, and l0phtcrack will not do this, on top of that they would have to guess your username too, so we're talking many many MANY years to guess all possible combinations). Changing the port number also does matter, as it means they have to be looking directly at your machine instead of scanning large networks as most/all 'script kiddies' do. You have to have someone seriously after you specifically as mentioned above to scan all ports on your machine. LogMeIn is no more secure in this regard as it is FAR more likely that they would discover your password by breaking into logmein than bruteforcing remotedesktop on your machine. |
Re: Remote Desktop
I am not going to get into a debate but strongly disagree with holo on several of his points above. But frankly I am tired (network maintenance until 3:00am this morning) and not in a very good mood and don't want to come across rude or get into an IT pissing contest. Long story short... I agree to disagree.
|
Re: Remote Desktop
In the end it is about acceptable risk. What is the amount of risk you are willing to accept for the convenience?
With the multitude and speed of the port scanners out there I do not think I would feel comfortable entrusting my system to a random number...at least not without some other layers of protection. |
Re: Remote Desktop
Quote:
|
Re: Remote Desktop
How many end user systems have passwords on there primary user accounts? By default Windows makes them admin accounts.
I won't even start with how many have user names like "user" "Computer" When the screen goes blank, will the end-user know what it means or what to do? Remote desktop control is a big risk, just for the level of interaction it provides, and the amount of access that is gained. |
Re: Remote Desktop
Quote:
|
Re: Remote Desktop
I thought of that after I posted, testing it as I type now. That still does not eliminate the risk IMHO.
But, as I said, it is about what the acceptable risk your willing to take. If people are willing to have there two levels of security be a random number and username/password then more power to them. Edit: Depending on Group Policy settings you are correct and it needs an account that has a password. This is the default setting when Windows is installed, so it would have to have been changed for it to open a risk. |
Re: Remote Desktop
ok this is what i have been looking for. im at work but im going to test out this software over the weekend. i need to access my home computer. my phone doesnt have enough storage on it. im constantly having to save files to my email just so i can access them from my phone its annoying. plus i have a web cam setup in the living room so i can see everyone in there. it would be cool to be able to see that from my phone. i may need help but ill b back if i do
|
Re: Remote Desktop
I've been impressed with logmein. I'm not sure just how secure it is though. Its very easy to set up and works well on my Mogul and from my work computer.
|
Re: Remote Desktop
I have not tried logmein from my phone but have used it on several computers. It works very well for me being able to troubleshoot other peoples computers with out having to be there since it is a very small file they have to download and in most cases they dont even need to download it they can run it from the website. For my network at home i have also used hamachi with ultravnc which has seemed to be pretty secure, once again dont know if that would work on the phone or not guess i will need to try it as soon as i get my new phone.
|
Re: Remote Desktop
if using logmein, what would I need on my phone to be able to access my home computer from it?
I have a mogul. Not sure if I would actually do this as of yet, but would like to know. I usually use Windows Remote desktop to work on client computers remotely. |
Re: Remote Desktop
If you go to www.logmein.com from your phone and login, it will prompt you to download the software needed to remotely access and control your desktop PCs. Very simple to use and a small one time download.
|
Re: Remote Desktop
Quote:
|
Re: Remote Desktop
Does anybody know if there is there a tight VNC for a windows mobile 6 device?
|
Re: Remote Desktop
I have seen a few around...
Open Source (Older): http://www.cs.utah.edu/~midgley/wince/vnc.html Open Source (Newer): http://dotnetvnc.sourceforge.net/ Commercial ($20 USD): http://www.mochasoft.dk/vncce.htm Hope one of these is helpful... |
Re: Remote Desktop
hey guys i just checked out this logmein program and its freaking awesome...just what i was looking for...i mean i dont have anything important on my computer and it has deep freeze so i doubt anyone could do anything. but it works easy i didnt even have to set anything up. just run the setup and it does it by itself
|
Re: Remote Desktop
my problem with logmein is that after i log out, i cannot log in again and i have to reboot the pc i am logging into :(
i have not been able to figure out what is causing this since i seem to be the only one with this problem. |
Re: Remote Desktop
Quote:
My boyfriend is a network admin and he is a freak for tight vnc so I will have him look at them for me. I guess everyone has their preferences, we are both techies as well but he is way way above me! He drives me nuts ](*,) |
Re: Remote Desktop
Remote desktop is relatively secure so long as your windows account is password protected. Some ports will always be open. Using AIM, playing games, log me in, all open up ports, mostly without you knowing it. So just because you open a port doesn't mean your credit card number will be immediately stolen. Just make sure you have to enter a password and you should be OK. Here's how I look at it:
Yes, a hacker can get into my computer easier than somebody who has all but the most essential ports firewalled. That same hacker can get into SOOOO many other people's computer soooo much easier. Namely those people who don't have a firewall at all. Of which there are plenty, I'm sure. So why would he waste his time hacking a mediocre security setting like a password? Def. not for a challenge, there are bigger fish for that too. Also, if you were wondering, the reason you have to open a port for remote desktop is because the signal to establish a connection is from the outside coming in. When you do all those other things, the signal to establish a connection is from the inside going out. Thus your router/firewall gets a signal from inside you network (which it by default considers secure) and automatically opens that port as long as you use it. Outside your network is considered not secure, and your router/firewall will ignore any signals unless you manually open a port. Finally, a somewhat more secure method would be to put time restrictions on when the port is open, an option on many routers. Like while you are at work, so the port is closed when you are at home and don't need it. |
| All times are GMT -4. The time now is 11:05 PM. |
Powered by vBulletin® ©2000 - 2025, Jelsoft Enterprises Ltd.
©2012 - PPCGeeks.com