Announcement

Collapse
No announcement yet.

Securing Windows server 2003 Remote Desktop access for access through the internet

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing Windows server 2003 Remote Desktop access for access through the internet

    Hi All,

    I've setup and configured Windows Server 2003 Web Edition in my DMZ, i can access it from my local LAN in the office.

    But if somehow I'd like to access the server through remote desktop from the internet how can i do it ?
    and is there anything that I should use eg. install a certificate or SSL secured, etc to make it safe ?

    thanks,

    Albert

  • #2
    Re: Securing Windows server 2003 Remote Desktop access for access through the interne

    Personally I would never open port 3389 to the internet, it's a well known and simple starting point for an attack. I'd suggest either enabling RRAS, and requiring a VPN in first to the local network (extra layer of security) or if you do want to use RDP use a random port number externally and forward that to port 3389 internally. This at least obscures the RDP port.

    It's simple to do though, just open port 3389 on your firewall/router and forward it to the internal IP address of your web server.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: Securing Windows server 2003 Remote Desktop access for access through the interne

      You could also use LogMeIn.

      Comment


      • #4
        Re: Securing Windows server 2003 Remote Desktop access for access through the interne

        hm.. yes, you could be right mate !

        i was thinking to use TightVNC server which runs on top of java applet or even Windows Server 2008 with the built in Terminal Service gateway feature.

        I wonder if by creating our own self signed certificate CA (from offline VM) and then install that certificate into my PC at home i can establish a secure connection in between ?

        Comment


        • #5
          Re: Securing Windows server 2003 Remote Desktop access for access through the interne

          Originally posted by Albertwt View Post

          I wonder if by creating our own self signed certificate CA (from offline VM) and then install that certificate into my PC at home i can establish a secure connection in between ?
          You can do this and then create an L2TP/IPSec VPN into the server which is a very secure method of remote access. If you configure RRAS to only allow L2TP connections in you'll be pretty safe.

          Call me paranoid but I'm not a fan of LogMeIn or GoToMyPC or even of VNC except for remoting to desktops internally from servers for remote support.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Re: Securing Windows server 2003 Remote Desktop access for access through the interne

            Cool,

            I'm going to try that one first and see how it goes because I'd like to utilize the built-in feature of Win2k3 first before getting 3rd party tools.

            Thanks for the info.

            Comment


            • #7
              Re: Securing Windows server 2003 Remote Desktop access for access through the interne

              NP, let us know how it goes.

              I'm with you, I always look for a built-in solution before looking at third party.
              BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
              sigpic
              Cruachan's Blog

              Comment


              • #8
                Re: Securing Windows server 2003 Remote Desktop access for access through the interne

                Hi All,

                Thanks for your responses, I've found guide from Microsoft:

                but somehow in both my XP Client and Windows Server 2003 Remote Desktop application (mstsc) version 6, i could not see the security tab ?

                therefore from the above link, i am stuck in "Step 2: Configure authentication on the client computer"

                Has anyone succeeded yet ?

                Yes we do have a VPN using CISCO, but this Windows Server 2003 Web Edition box will be sitting in the DMZ and it will be accessed by our new contractors from different country to perform remote management access and we only want to isolate what he can access only within that box.


                I wonder if this is possible ?
                Last edited by Albertwt; 19th August 2009, 09:50.

                Comment

                Working...
                X