VPN tunnel vs. simple remote desktop

[George]

Am using WinXP-pro PC's, and Linksys VPN router.

What's the difference in setting up a remote desktop connection by setting
up a static IP and simple port forwarding so I can key in http:xxx.xx.xxx.xx
from any PC and "see" my network back home, and get files, and save files,
and so forth

----versus----

Using the VPN router's TUNNEL setup, which I think has to be done on the
both PC's (the laptop I'll have in a hotel to access the home network, as
well as the PC on the home network)

-Is the tunnel setup more secure?
-Easier to set up?
-Easier to use while traveling?
-Harder for someone else to get into?
-Anything else?

-The tunnel setup requires a VPN router on the home network, would it also
require I lug one around with the laptop and use it on the laptop to access
the home network?

Thanks
George

 

[adrian916]

if you are setting up an ipsec vpn tunnel, then I believe
you would need to carry a router around - I don't think
you can set this up from xp (at least I don't know how -
maybe someone else can give an insight). If you are using
a PPTP vpn tunnel, this can be set up to dial from
Network connections (create a new connection/vpn to
workplace), however, this relies on yuor router at home
being able to accept PPTP connections. (most of the
Linksys routers only accept ipsec, others accept both
types)

A vpn is more secure as you are authenticating the
connection as well as the log on, but requires more
configuration usually. It also only provides a connection
to the remote PC/network. In other words, you would
either have to set up shares to specific folders/drives,
or use a remote contol program if you want full access to
the remote machine.

Using RDC is far simpler and allows you to make use of
the full PC, almost as though you were sitting there.


HTH

 

[George]

Thanks, does RDC mean "Remote Desktop Control"?

Also, since this involves opening up a port (which some people could
identify and go into, so to speak), would you say it is:
a) not very secure,
b) "ok" secure, but any seasoned IT pro could browse around on your PC
remotely,
c) very secure, there are lots of things in the router and PC that make it
difficult to get in to

Thanks,
George

 

[adrian916]

Yes, RDC is Remote Desktop Control
As far as security goes, RDC does by default use port
3389, so this would need forwarding on the router. Whilst
it may not be the MOST secure connection, when you use
RDC to connect, it is the same as logging on to the pc
locally - i.e it will ask for a username and password
(assuming you have this set anyway) Avoid logging on as
administrator if possible (set up a different account
with admin rights) and use a complex password- this would
make it harder for anyone to get in. (They would have to
know/guess/randomly select your IP address in the first
place, then guess your user name and password)

If you wanted to make it a little harder, it is possible
to change the port number. This involves changing the
registry on the host to listen to on a different port,
set port forwarding for the new port on the router and
then when you connect append the port number to the
address. For instance, if your ip address is 1.2.3.4 then
you would type this in the RDC connection box - this will
be sent on port 3389 by default. If you have changed the
listening port to 3390, then you would connect by typing
1.2.3.4:3390

see this article for more details:

http://support.microsoft.com/default.aspx?scid=kb;en-
us;306759&Product=winxp

FWIW, we use RDC frequently, but make sure that complex
passwords are used.