Best practice - Networks Remote Access

From Security Wiki
Jump to navigationJump to search

Created by Emilio Valente - March 26,2007

Best practices document for connecting a Windows Client to a remote Windows System


To allow Windows users to manage SDSC resources from home or any other remote location, a secure VPN tunnel should be used (SDSC uses a Cisco solution supporting VPN client software and a VPN server appliance). To connect to a “machine room” system (usually a server ) the following instructions are recommended https://kb.sdsc.edu/?aid=179 .


For users that want to connect windows systems to other windows systems located outside the SDSC machine room, such as a windows office workstations or a windows laptop, the following best practices should be applied.


The Remote Windows system will need to have "Remote Access enabled" under the systems properties menu. This will automatically enable the windows firewall. If a 3rd party firewall is being used on it will need to pass the correct port number. On the client side just starting the remote terminal session should be sufficient.

For users that want additional security, Microsoft End-to-End VPN will provide connectivity to their end system and when connected start their Remote desktop. (see below details of how to install Microsoft VPN).

This would guarantee a layer of protection (for the part of data that travel on untrusted nets) since RD has a weak encryption algorithm (RC4) while Microsoft End-to-End VPN uses a stronger one (L2TP/IPSec).

Changing the incoming port that RD is listening on can increase protection for the server side. The default port is 3389. Use the last 4 of a known phone number works (pick one but please write it down otherwise you will forget it). (see below details of how to change the default RD port)

How to change default Remote Desktop port in Windows XP: http://support.microsoft.com/kb/306759

How to setup Microsoft VPN in Windows XP: http://compnetworking.about.com/od/vpn/ht/newvpnwindowsxp.htm

How to setup Remote Desktop in Windows XP: http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx

Retrieved from "https://security.sdsc.edu/mediawiki/index.php?title=Best_practice_-_Networks_Remote_Access&oldid=2436"