Re: Question about Remote Desktop Connection
From: Matt Coy (mattcoy@mvps.org)
Date: 07/23/02
- Next message: Ricardo: "Security"
- Previous message: HORACIO BERRÍO: "Crear particion en un disco duro"
- In reply to: Debbie: "Re: Question about Remote Desktop Connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Matt Coy" <mattcoy@mvps.org> Date: Tue, 23 Jul 2002 20:30:58 GMT
3389 is the port used for Remote Desktop traffic, so when someone opens up
the Remote Desktop client and tries to connect to a computer, that remote
desktop traffic will only occur on port 3389. You might want to check and
see if your firewall has the capability to lock traffic out on specific
ports to specific IPs or MACs.
If you are going to be connecting to your work computer from home, then you
will have an IP that's on the Internet, so it will be unique to you. If you
are connecting from a broadband connection, it will most likely be a static
IP, but if you're connecting from a modem there'd be no easy way to lock
that down. Of course, the best defense is to first, rename the
administrator account to something else not easily guessed, as well as
changing the passwords of all the accounts with admin access
-- ============================================= Matt Coy, MCSE+I, Microsoft MVP (Windows XP) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone ============================================= "Debbie" <djunstrom@wesleyinstitute.org> wrote in message news:02ea01c2327e$32f6ac10$9be62ecf@tkmsftngxa03... > > >-----Original Message----- > >The security is dependent on the strength of the > passwords used on the > >computer setup to use Remote Desktop. RD access is only > granted to > >Administrators, so make sure that the administrator > accounts have strong > >passwords enabled (greater than 10 characters and a mix > of case and letters > >and symbols) and that they are rotated often. > > > >However, people will not know that the computer is a > server. Windows XP Pro > >handles Remote Desktop connections, but so does > Windows .Net Server and > >Windows 2000 Server (with full blown Terminal Services > installed). So, if > >someone tries to connect, they might suspect that the > computer is a server, > >but they cannot know for sure. With your firewall > software, you may want to > >limit incoming connections for port 3389 to IPs from > which you know you will > >be connecting. > > > >-- > >============================================= > >Matt Coy, MCSE+I, Microsoft MVP (Windows XP) > >Associate Expert > >Expert Zone - www.microsoft.com/windowsxp/expertzone > >============================================= > > > >"Debbie" <djunstrom@wesleyinstitute.org> wrote in message > >news:02a701c23278$fffd7460$9ae62ecf@tkmsftngxa02... > >> I'm a little concerned that I am able to do a remote > >> desktop connection from home and just start typing in > IP > >> addresses and am able to hit servers that I have never > >> seen before. I'm nervous that someone may be able to > >> hack into my server at work just by typing in random > IPs > >> and hitting my server. We have a firewall, but need > some > >> type of remote access. With the remote desktop > >> connection, you can see the domain name, you know the > IP > >> address and you know there will be an administrator > >> account since it is a server. All you have to do is > try > >> to guess the password and your in. What can be done to > >> greater protect my server without completely losing > >> remote access? > >> Thanks, > >> Debbie > > > > > >. > >Matt, > > I'm just starting to learn all this security stuff. Is > port 3389 the only one people will come through? So, I > can set our ip addresses so that only we can get > through? What if someone on another network is using the > same IP as me? Can they get through or does it check my > ip as well as mac address or something like that? I > thought you would be able to tell if it is a server. It > tells you what operating system it is when you get to the > login screen. I appreciate your response. I guess I'm > goign to have to make password changes just to be safe! > Thank you!
- Next message: Ricardo: "Security"
- Previous message: HORACIO BERRÍO: "Crear particion en un disco duro"
- In reply to: Debbie: "Re: Question about Remote Desktop Connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
