Best practice - Networks Remote Access: Difference between revisions
No edit summary |
(updated 7-19-07 jd) |
||
| Line 1: | Line 1: | ||
Created by Emilio Valente - March 26,2007 | Created by Emilio Valente - March 26,2007 | ||
Windows | Best practices document for connecting a Windows Client to a remote Windows System | ||
Scope: | |||
To allow Windows users to manage SDSC resources from home or any other remote location, a secure VPN tunnel should be used (SDSC uses a Cisco solution supporting VPN client software and a VPN server appliance). To connect to a “machine room” system (usually a server ) the following instructions are recommended https://kb.sdsc.edu/?aid=179 . | |||
For users that want to connect windows systems to other windows systems located outside the SDSC machine room, such as a windows office workstations or a windows laptop, the following best practices should be applied. | |||
For | |||
The Remote Windows system will need to have "Remote Access enabled" under the systems properties menu. This will automaticly enable the windows firewall. If a 3rd party firewall is being used on it will need to pass the correct port number. On the client side just starting the remote terminal session should be sufficient. | |||
For users that want addtional security, Microsoft End-to-End VPN will provide connectivity to their end system and when connected start their Remote desktop. (see below details of how to install Microsoft VPN). | |||
This would guarantee a layer of protection (for the part of data that travel on untrusted nets) since RD has a weak encryption algorithm (RC4) while Microsoft End-to-End VPN uses a stronger one (L2TP/IPSec). | |||
Changing the incoming port that RD is listening on can increase protection for the server side. The default port is 3389. Use the last 4 of a known phone number works (pick one but please write it down otherwise you will forget it). (see below details of how to change the default RD port) | |||
How to change default Remote Desktop port in Windows XP: | How to change default Remote Desktop port in Windows XP: | ||
Revision as of 22:44, 19 July 2007
Created by Emilio Valente - March 26,2007
Best practices document for connecting a Windows Client to a remote Windows System
Scope:
To allow Windows users to manage SDSC resources from home or any other remote location, a secure VPN tunnel should be used (SDSC uses a Cisco solution supporting VPN client software and a VPN server appliance). To connect to a “machine room” system (usually a server ) the following instructions are recommended https://kb.sdsc.edu/?aid=179 .
For users that want to connect windows systems to other windows systems located outside the SDSC machine room, such as a windows office workstations or a windows laptop, the following best practices should be applied.
The Remote Windows system will need to have "Remote Access enabled" under the systems properties menu. This will automaticly enable the windows firewall. If a 3rd party firewall is being used on it will need to pass the correct port number. On the client side just starting the remote terminal session should be sufficient.
For users that want addtional security, Microsoft End-to-End VPN will provide connectivity to their end system and when connected start their Remote desktop. (see below details of how to install Microsoft VPN).
This would guarantee a layer of protection (for the part of data that travel on untrusted nets) since RD has a weak encryption algorithm (RC4) while Microsoft End-to-End VPN uses a stronger one (L2TP/IPSec).
Changing the incoming port that RD is listening on can increase protection for the server side. The default port is 3389. Use the last 4 of a known phone number works (pick one but please write it down otherwise you will forget it). (see below details of how to change the default RD port)
How to change default Remote Desktop port in Windows XP: http://support.microsoft.com/kb/306759
How to setup Microsoft VPN in Windows XP: http://compnetworking.about.com/od/vpn/ht/newvpnwindowsxp.htm
How to setup Remote Desktop in Windows XP: http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx
