MS REMOTE DESKTOP...How does thsi work?

[RANDY P]

Dear Pelican brain trust -

I'm looking at ditching my laptop for security reasons - I'm installing my home desktop into my office and intend on securing my data there.

However - I'd like to be able to access the desktop @ the office so I can check email (I use Outlook and .POP access) as well as manage excel and other data files.

I was reading up on Remote Desktop, and want to know if that would work -

-Both machines use XP pro

- I intend on using my desktop to access a server in the office, but the desktop will contain my personal data, not the server. The only time I'd use the server is to download data from the other computers. I would access for data on my desktop's HDD.

- we do not presently have VPN access, we're a simple office.

-the computer will be connected to the internet FT thru a router, not wireless but thru ethernet. The router is hooked to a standard DSL modem then outbound. We don't have T1. Router assigns IP addresses for local machines

So I guess my question is whether or not this is feasible - another way of imagining this would be if my computer were at the house, hooked up.

I've read a few technical articles, so if I set my desktop as the host, and then put the IP address of the desktop as it's noted as the computer name on the client (laptop) and input my credentials would that work? Since the host would have a local IP address assigned to it from the router I would imagine that wouldn't work?

option 2 would be to use 3rd party software, but that is $$$ on a monthly basis.

Anyone?

rjp

[slodave]

You can do this, but my guess, is that you will want to set a static internal I.P. (192.168.x.x) on the office PC, then on the router, forward the remote desktop port 3389 to your PC's internal I.P./port. Simple answer, but late at night.... Done all the time for small offices.

Dave

[RANDY P]

thanks Dave -

I'm surfing the remote desktop web connection

http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx

I'm just hoping to get a clue before I lose 2 days productivity screwing around with getting this running, all while leaving my data vunerable to anyone who wants it.

[slodave]

Make sure that you can't log in as administrator. Make the password on the office account random and long. I use 12 characters. Other things to do, are to change the ports and use port forwarding. <- Done on router. Does the office DSL have a static external I.P. (usually with a business account)?

Dave

[RANDY P]

On the static external IP - I believe so. I don't have the paperwork- it's been running for years.

I'm not even sure how to break into the router to enable port forwarding, I have to find that info somehow.

rjp

[slodave]

Find out where it is in the office and note the model From there, common user/pass combo's can be given.

[island_dude]

What you want to do can be done, but unless you pay careful attention to the security set up, you are going to expose yourself to a lot of problems.

As others pointed out, you have to have an IP address that the machine is accessible from. It doesn't have to be static. I see that you have that part covered. You will need to have your firewall expose the right set of ports to the PC (I don't know these off hand) to pass the remote desktop service. I can do a little web research and get back to you on it.

Please understand if you don't add some sort of layer of security to this you are opening your machine up to all manner of script kiddies and hackers. It is a complete cakewalk to crack through the login security of windows XP. You would e best served buring in this behind an SSH tunnel which would be encrypted and add a lot more security. It is hard to do this with just a pair of machines though (at least XP boxes). I'll take a look and get back to you.

[id10t]

One more vote for the SSH tunnel.... of course, with a SSH tunnel you can get DNS, http/https (via proxy), mail, etc. over the tunnel too... or just set up a VPN on a small/old linux box at home like FreeSwan or IPSEC, etc....

[masraum]

I'm doing what you want, but the big difference is that I have a software firewall on my desktop at home that only allows RD connections from the IP that I come from when I'm at my day job, so if people on the internet try to scan my home IP, they'll get nothing. I'd be a bit more uncomfortable if it was open for anyone on the net to log into. I suggest you get something that will allow you to VPN in and or, get a firewall. You could probably setup something to allow you to vpn to the box, or if that's not accessible, then you could definitely replace the router at home with a device that would accept vpn connections. You could probably find something as cheap as $100-200 (probably some Linksys device would support vpn), but I know for sure that you could get something for <$500 (small Cisco router or PIX 501). It would require some technical knowledge, but there are enough guys on the board here that you could get help with configuring stuff.

[robs944]

Hey Randy,
The other guys are right on track with what you need to do and that you are also opening a huge security risk if not properly configured.
Is this your business? If so I would make the investment of a properly secured firewall/router with VPN capabilities (Cisco, SonicWall, etc).
You can do it the way they are suggesting but how much is your time worth? By the time you finally get it configured to work out you could have implemented a more secure (user friendly) solution.

You mentioned that your looking at "ditching your laptop for security reasons". If your remote access isn't configured properly you could be left more vulnerable.

Just my 2 cents.

[RANDY P]

thanks y'all.

Frankly, I might just bite the bullet and do the LogMeIn setup. I can't risk security breaches.