This isnt something I want to setup, however a friend of mine has a wireless LAN in his home, and wants the following:
Security, he has research files on the PC, that should not be accessed by anyone.
Remote access, he wants to be able to access all files/folders on his PC from a remote site ( a number of unspecified sites, ie. random internet cafes, etc)
he also wants to be able to access certain devices ie. printer (he wants to be able to sit wherever, and make his PC at home print something)
I have no idea what wireless router he has, but I assume making it secure is fucking easy.
The remote access should be safe as fuck though...and not just reading a file, it cant be secured by only allowing certain IPs, as he will access it from any number of undetermined sites.
VPN or something similar
I kinda thought that as well...I wasnt gonna be a cunt to someone trying to help me out, but a few more details would be nice. or on the other hand maybe they wouldnt, im sure the guy who wants this setup, doesnt want to pay for hardware..Doombrain wrote:just like that. thanks riddla.
what he needs is software that only needs to be installed on the host PC, not the client.
There is shit out there that does it for a high price, im looking for something that is either a one time purchase, or even better free.
I think your best option would be the following:
First, ensure he has a consistent way of reaching his PC. Since his ISP-assigned IP address might change overnight, this can be done by running a Dynamic DNS application on his PC (eg from DynDNS). There's free ones available although they also charge for more elaborate setups. You'll end up with a hostname like davesserver.dynamicip.org which will route to his home PC from anywhere on the internets (in theory) and update itself automatically whenever his ISP IP address changes.
Then once that's done, and assuming he's running XP Pro on his home machine, he will be able to connect remotely to his home PC using Remote Desktop (RDP). To allow this will probably require opening a few ports on his router to point to his PC's internal IP address... finding the port numbers for RDP should be pretty easy.
Then once that's done (well actually, do this before that gets done) he needs to ensure that the PC at home he's accessing is up to date, running SP2 and Windows Firewall (at least) and has a secure username and password with permissions on that user account to connect via RDP. Its good to have him using a Limited user account over RDP if possible, but be aware that the Local Administrator account automatically gets RDP ability regardless, so don't leave that account with some simple password on it in any situation.
I think that about covers it. RDP will let him do anything he'd be able to do on the PC if he was sitting at it, remotely. Including print, file, and access to applications. You can even set the RDP connection to map your laptop's drives to the remote machine to facilitate file transfer... and for some stuff you can just CTRL-C CTRL-V between the remote session and the local machine.
Any more info needed, let me know.
Possible useful:
http://www.windowsecurity.com/articles/ ... vices.html
First, ensure he has a consistent way of reaching his PC. Since his ISP-assigned IP address might change overnight, this can be done by running a Dynamic DNS application on his PC (eg from DynDNS). There's free ones available although they also charge for more elaborate setups. You'll end up with a hostname like davesserver.dynamicip.org which will route to his home PC from anywhere on the internets (in theory) and update itself automatically whenever his ISP IP address changes.
Then once that's done, and assuming he's running XP Pro on his home machine, he will be able to connect remotely to his home PC using Remote Desktop (RDP). To allow this will probably require opening a few ports on his router to point to his PC's internal IP address... finding the port numbers for RDP should be pretty easy.
Then once that's done (well actually, do this before that gets done) he needs to ensure that the PC at home he's accessing is up to date, running SP2 and Windows Firewall (at least) and has a secure username and password with permissions on that user account to connect via RDP. Its good to have him using a Limited user account over RDP if possible, but be aware that the Local Administrator account automatically gets RDP ability regardless, so don't leave that account with some simple password on it in any situation.
I think that about covers it. RDP will let him do anything he'd be able to do on the PC if he was sitting at it, remotely. Including print, file, and access to applications. You can even set the RDP connection to map your laptop's drives to the remote machine to facilitate file transfer... and for some stuff you can just CTRL-C CTRL-V between the remote session and the local machine.
Any more info needed, let me know.
Possible useful:
http://www.windowsecurity.com/articles/ ... vices.html
Last edited by Foo on Mon Jun 25, 2007 5:02 pm, edited 2 times in total.
well being an IS Professional, I'm going to tell you that remote access from an internet cafe is not exactly the best practice. actually it's a really, really BAD idea ;].
a great, and SECURE solution would be to
1. have your friend set up a hostname with DynDNS (http://www.dyndns.org).
2. have him set up SSH at home on port 8443. I use port 8443 in case he's connecting back home from some corporate firewall that blocks port 22(ssh).
3. also have him set up vncserver on his home box
4. configure putty on his laptop(or whatever) to connect back to his dyndns(or IP addy) and have it tunnel vnc over ssh.
5. then open up vnc viewer and connect to localhost on port 5900 and he should be in his home machine.
Sorry if this didn't make any sense to some of you. You could always just google 'vnc over ssh'.
a great, and SECURE solution would be to
1. have your friend set up a hostname with DynDNS (http://www.dyndns.org).
2. have him set up SSH at home on port 8443. I use port 8443 in case he's connecting back home from some corporate firewall that blocks port 22(ssh).
3. also have him set up vncserver on his home box
4. configure putty on his laptop(or whatever) to connect back to his dyndns(or IP addy) and have it tunnel vnc over ssh.
5. then open up vnc viewer and connect to localhost on port 5900 and he should be in his home machine.
Sorry if this didn't make any sense to some of you. You could always just google 'vnc over ssh'.
-
Tormentius
- Posts: 4108
- Joined: Sat Dec 14, 2002 8:00 am
You're aware that Remote Desktop is also encrypted end to end and involves a hell of a lot less complexity than what you just suggested right? :icon26:
Horton: Read Foo's post, Remote Desktop (used to be called Terminal Services) is by far the easiest way to go about this. Its easy to use and simple to setup and has been used for administering MS networks for ages. The port you need to open on the router is 3389 TCP.
Horton: Read Foo's post, Remote Desktop (used to be called Terminal Services) is by far the easiest way to go about this. Its easy to use and simple to setup and has been used for administering MS networks for ages. The port you need to open on the router is 3389 TCP.
-
Tormentius
- Posts: 4108
- Joined: Sat Dec 14, 2002 8:00 am
The security in RDP has been revamped many times over in the past few years and the incident you're speaking about was patched in 2002. Not saying that another vulnerability isn't possible, but its a pretty secure option and very simple to set up and use. Version 6 of the RDP client, which was put out earlier this year, has some very impressive features.
