Thoughts and questions about security

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Let say you change RD listening port to something else than 3389. You open
up your firewalls (XP's and Norton Internet Security and my routers builtin)
to that other port. You set up SSH for the RD connection.
The RD server is behind a router that uses NAT, and my port is forwarded to
the servers ipaddress.

Now, if making a connection, that specific session is very very secure.

But your RD server is wide open anyways, since you opened up that port. And
the only thing that will keep it free from hackers is a very strong password.

Am i right?? Is there any other way to tighten that "hole", I don't want to
use VPN.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

If you run Remote Desktop through a SSH tunnel there is absolutely no need to even open up TCP Port
3389 on the router or to change the listening port... All you need is TCP Port 22 open for SSH...

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html

Grab the script from...

http://www.bluestream.org/Networking/SSHTunnelRDP.htm

....to automate this...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Johan" <Johan@discussions.microsoft.com> wrote in message
news:40D8F7AD-FF90-49EA-96F3-73CE2919ECA9@microsoft.com...
> Let say you change RD listening port to something else than 3389. You open
> up your firewalls (XP's and Norton Internet Security and my routers builtin)
> to that other port. You set up SSH for the RD connection.
> The RD server is behind a router that uses NAT, and my port is forwarded to
> the servers ipaddress.
>
> Now, if making a connection, that specific session is very very secure.
>
> But your RD server is wide open anyways, since you opened up that port. And
> the only thing that will keep it free from hackers is a very strong password.
>
> Am i right?? Is there any other way to tighten that "hole", I don't want to
> use VPN.
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Of course Didn't think about that. Why would I need to open 3389.... shame
shame.
This makes it very secure I guess. But will I still need portforward in my
router to the Remote host? 3389 or 22 ?

Thanks, Johan

"Sooner Al [MVP]" wrote:

> If you run Remote Desktop through a SSH tunnel there is absolutely no need to even open up TCP Port
> 3389 on the router or to change the listening port... All you need is TCP Port 22 open for SSH...
>
> http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
>
> Grab the script from...
>
> http://www.bluestream.org/Networking/SSHTunnelRDP.htm
>
> ....to automate this...
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no rights...
>
> "Johan" <Johan@discussions.microsoft.com> wrote in message
> news:40D8F7AD-FF90-49EA-96F3-73CE2919ECA9@microsoft.com...
> > Let say you change RD listening port to something else than 3389. You open
> > up your firewalls (XP's and Norton Internet Security and my routers builtin)
> > to that other port. You set up SSH for the RD connection.
> > The RD server is behind a router that uses NAT, and my port is forwarded to
> > the servers ipaddress.
> >
> > Now, if making a connection, that specific session is very very secure.
> >
> > But your RD server is wide open anyways, since you opened up that port. And
> > the only thing that will keep it free from hackers is a very strong password.
> >
> > Am i right?? Is there any other way to tighten that "hole", I don't want to
> > use VPN.
> >
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

22

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Johan" <Johan@discussions.microsoft.com> wrote in message
news:56044BBE-2D38-430D-9801-A4DC42B86DB5@microsoft.com...
> Of course Didn't think about that. Why would I need to open 3389.... shame
> shame.
> This makes it very secure I guess. But will I still need portforward in my
> router to the Remote host? 3389 or 22 ?
>
> Thanks, Johan
>
> "Sooner Al [MVP]" wrote:
>
>> If you run Remote Desktop through a SSH tunnel there is absolutely no need to even open up TCP
>> Port
>> 3389 on the router or to change the listening port... All you need is TCP Port 22 open for SSH...
>>
>> http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
>>
>> Grab the script from...
>>
>> http://www.bluestream.org/Networking/SSHTunnelRDP.htm
>>
>> ....to automate this...
>>
>> --
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no rights...
>>
>> "Johan" <Johan@discussions.microsoft.com> wrote in message
>> news:40D8F7AD-FF90-49EA-96F3-73CE2919ECA9@microsoft.com...
>> > Let say you change RD listening port to something else than 3389. You open
>> > up your firewalls (XP's and Norton Internet Security and my routers builtin)
>> > to that other port. You set up SSH for the RD connection.
>> > The RD server is behind a router that uses NAT, and my port is forwarded to
>> > the servers ipaddress.
>> >
>> > Now, if making a connection, that specific session is very very secure.
>> >
>> > But your RD server is wide open anyways, since you opened up that port. And
>> > the only thing that will keep it free from hackers is a very strong password.
>> >
>> > Am i right?? Is there any other way to tighten that "hole", I don't want to
>> > use VPN.
>> >
>>
>>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

WiSSH also does this... (http://www.wissh.com)


---
Jeffrey Randow (Network MVP)

Remote Networking Technology FAQ -
http://www.remotenetworktechnology.com
My Networking Blog: http://www.networkblog.net
MS Network Community -
http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
MS Home Networking Community -
http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx

On Sat, 19 Feb 2005 15:38:15 -0600, "Sooner Al [MVP]"
<SoonerAl@somewhere.net.invalid> wrote:

>If you run Remote Desktop through a SSH tunnel there is absolutely no need to even open up TCP Port
>3389 on the router or to change the listening port... All you need is TCP Port 22 open for SSH...
>
>http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
>
>Grab the script from...
>
>http://www.bluestream.org/Networking/SSHTunnelRDP.htm
>
>...to automate this...

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I use WinSSHD as server and Tunnelier as clinet (from Bitvise).

I should be able to portforward 22 only, but I doesn't work if I don't
forward 3389/3390 as well.....


"Jeffrey Randow (MVP)" wrote:

> WiSSH also does this... (http://www.wissh.com)
>
>
> ---
> Jeffrey Randow (Network MVP)
>
> Remote Networking Technology FAQ -
> http://www.remotenetworktechnology.com
> My Networking Blog: http://www.networkblog.net
> MS Network Community -
> http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
> MS Home Networking Community -
> http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx
>
> On Sat, 19 Feb 2005 15:38:15 -0600, "Sooner Al [MVP]"
> <SoonerAl@somewhere.net.invalid> wrote:
>
> >If you run Remote Desktop through a SSH tunnel there is absolutely no need to even open up TCP Port
> >3389 on the router or to change the listening port... All you need is TCP Port 22 open for SSH...
> >
> >http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
> >
> >Grab the script from...
> >
> >http://www.bluestream.org/Networking/SSHTunnelRDP.htm
> >
> >...to automate this...
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

The scripts available at
http://www.bluestream.org/Networking/SSHTunnelRDP.htm or WiSSH allow
you to bypass that and will let you tunnel RDP connections to a XP Pro
machine...
---
Jeffrey Randow (Network MVP)

Remote Networking Technology FAQ -
http://www.remotenetworktechnology.com
My Networking Blog: http://www.networkblog.net
MS Network Community -
http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
MS Home Networking Community -
http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx

On Mon, 21 Feb 2005 02:09:07 -0800, "Johan"
<Johan@discussions.microsoft.com> wrote:

>I use WinSSHD as server and Tunnelier as clinet (from Bitvise).
>
>I should be able to portforward 22 only, but I doesn't work if I don't
>forward 3389/3390 as well.....
>
>
>"Jeffrey Randow (MVP)" wrote:
>
>> WiSSH also does this... (http://www.wissh.com)
>>
>>
>> ---
>> Jeffrey Randow (Network MVP)
>>
>> Remote Networking Technology FAQ -
>> http://www.remotenetworktechnology.com
>> My Networking Blog: http://www.networkblog.net
>> MS Network Community -
>> http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
>> MS Home Networking Community -
>> http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx
>>
>> On Sat, 19 Feb 2005 15:38:15 -0600, "Sooner Al [MVP]"
>> <SoonerAl@somewhere.net.invalid> wrote:
>>
>> >If you run Remote Desktop through a SSH tunnel there is absolutely no need to even open up TCP Port
>> >3389 on the router or to change the listening port... All you need is TCP Port 22 open for SSH...
>> >
>> >http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
>> >
>> >Grab the script from...
>> >
>> >http://www.bluestream.org/Networking/SSHTunnelRDP.htm
>> >
>> >...to automate this...
>>
>>