Secure Remote Desktop Web Connection.

NightWalker · #1 06-Apr-2008, 09:27 AM

I want to setup Remote Desktop Web Connection so I can access my main PC at home from any other PC, at work or whatever. My home PC is running Vista Ultimate, I have a Netgear NAT router securing my LAN. Setting up IIS on Vista to get the Remote Desktop Web Connection is fairly straight forward, however opening port 80 and 443 on my router to accept incoming connections brings a degree of risk that I cant decide how best to minimise.

I want to use the standard HTTP ports 80 and 443 so I can access my PC from behind the ISA servers at work, ideally with SSL/TLS to keep my traffic nice and secure. The dilemma is how to secure the PC from the scum bags on the net who may discover an open port to my LAN. My PC is not a domain member, I could add it to my domain but want to avoid this if I can. I was thinking of setting up a standalone root CA on one of my domain controllers, install a certificate on the Vista machine and carry a second certificate on a USB drive and use this to authenticate SSL to my home PC, then Vista’s user name and password to log in through remote desktop. I am not sure if SelfSSL is provided in Vista, have to check this out. Perhaps it would be better to setup RRAS on a Server 2003 box in a DMZ, authenticate to that and RDP into the Vista machine across the LAN from there. I don’t want to leave too many PCs on all the time at home, maybe set them to allow wake on LAN.

Still in the very early planning stage at the moment, what do you guys think?

warrmr · #2 06-Apr-2008, 10:24 AM

or do it the way i do with www.logmein.com

you dont need to open any ports on teh pc or any firewall rules.

then all you need i s aPC with a web browser to access you loginto the site with your one user/pass then click on the pc and then type in the credntials for the pc in the other box and jobs a goodun.

the onlything it on the client end it downloads a activex control to the pc you are using to access your pc from not normally an issue but it may be blocked in a work enviro.

**hbroomhall** · #3 06-Apr-2008, 10:26 AM

Another way might be to use VNC over SSH, which is what I use.

Harry.

The_Geek · #4 06-Apr-2008, 11:06 AM

You could upgrade that Netgear router for a firewall that allows incoming connections only from the IP's that you list.

Or if you have a spare PC lying around you could install IP Cop firewall on it. That would do it.

NightWalker · #5 06-Apr-2008, 11:55 AM

I wanted to avoid third party websites that allow you to remote desktop, rather set it all up myself. The consensus seems to be a decent firewall on a spare PC, smoothwall or IP Cop. This would give a good level of security, I have not used ISA before so this could also be an option. (the networks team look after the ISA servers at work). Wondering if I could use a PKI certificate to only allow the remote connection if the public and private keys match, that would keep out any attempted intrusion.