Best practice - Networks Remote Access: Difference between revisions

Created by Emilio Valente - March 26,2007

Windows Users Remote Network Connections:

To allow Windows users to connect remotely from Home or from any other place outside SDSC a secure VPN tunnel should be used (SDSC uses Cisco client). To connect to a “machine room” system (usually a server) the following instructions are recommended https://kb.sdsc.edu/?aid=179 .

On the other hand for users that want to connect systems located other than the machine room such as: workstations or laptops or any other devices, located into their offices or nearby vicinity; the following best practices should be also applied.

Windows Users: Remote Desktop. For Users that need to be connected to a Wireless-Conference Net .64-65 Windows systems, the below recommendations should be adopted. Instead of using the above general Cisco VPN client, should use Microsoft End-to-End VPN to get connectivity to their end system (at their office location, for example) and then when connected start their Remote desktop. (see below details of how to install Microsoft VPN).

This would guarantee a layer of protection (for the part of data that travel on the untrusted .64-65 net) since RD has a weak encryption algorithm (RC4) while Microsoft End-to-End VPN uses a stronger one (L2TP/IPSec).

It is also desirable to change the incoming port where RD is listening for the connection. From the default 3389 an unassigned IANA list taken from the range of 34981-36864 (take one at your preference but please write it down otherwise you will forget it) should be used. (see below details of how to change the default RD port)

How to change default Remote Desktop port in Windows XP: http://support.microsoft.com/kb/306759

How to setup Microsoft VPN in Windows XP: http://compnetworking.about.com/od/vpn/ht/newvpnwindowsxp.htm

How to setup Remote Desktop in Windows XP: http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx