Thoughts and questions about security

G

Guest

Let say you change RD listening port to something else than 3389. You open
up your firewalls (XP's and Norton Internet Security and my routers builtin)
to that other port. You set up SSH for the RD connection.
The RD server is behind a router that uses NAT, and my port is forwarded to
the servers ipaddress.

Now, if making a connection, that specific session is very very secure.

But your RD server is wide open anyways, since you opened up that port. And
the only thing that will keep it free from hackers is a very strong password.

Am i right?? Is there any other way to tighten that "hole", I don't want to
use VPN.
 
S

Sooner Al [MVP]

If you run Remote Desktop through a SSH tunnel there is absolutely no need to even open up TCP Port
3389 on the router or to change the listening port... All you need is TCP Port 22 open for SSH...

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html

Grab the script from...

http://www.bluestream.org/Networking/SSHTunnelRDP.htm

....to automate this...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
G

Guest

Of course :) Didn't think about that. Why would I need to open 3389.... shame
shame.
This makes it very secure I guess. But will I still need portforward in my
router to the Remote host? 3389 or 22 ?

Thanks, Johan
 
S

Sooner Al [MVP]

22

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
G

Guest

I use WinSSHD as server and Tunnelier as clinet (from Bitvise).

I should be able to portforward 22 only, but I doesn't work if I don't
forward 3389/3390 as well.....
 
J

Jeffrey Randow (MVP)

The scripts available at
http://www.bluestream.org/Networking/SSHTunnelRDP.htm or WiSSH allow
you to bypass that and will let you tunnel RDP connections to a XP Pro
machine...
---
Jeffrey Randow (Network MVP)

Remote Networking Technology FAQ -
http://www.remotenetworktechnology.com
My Networking Blog: http://www.networkblog.net
MS Network Community -
http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
MS Home Networking Community -
http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top