Working Remotely Networking Camp with Murray
I know the name Murray doesn't come accross as a Boot Camp DI Name which is just fine with me. I'll be moving this page over to the main category Remote Desktop Camp.
Let's start off with what I typically hear from business owners, remote workers and IT people when they ask "How can I connect remotely".
First, let's make sure your firewall, router and all your network connections are secure. Then let's do some port forwarding and some IP restrictions. Next, let's add an additional user to the desktop computer you want to connect to. Then let's add a script to map back to the protected files that you need to access remotely. Then let's setup a second method to authenticate the remote desktop user just incase Junior gets on your computer. Next let's blah blah blah.
By the time I finish just my starting points I'm hearing "I'll just download TeamViewer or GoToMyPC or some other remote desktop application that all I have to do is login on their website and it connects me to my computer.
Now that sounds simple enough and don't let me stop you at all. It's your computer, your work environment and your data not mine.
Why would I even start a "Working Remotely with RDP" if there was software available that did it all?
If you didn't know, TeamViewer had an exploit in versions 4 and versions 5. That covers I believe just over 2 years of exploited software.
My Response: Not my data, not my network.
Running connection agents on your office computer are only as secure as your username and password. If that, some are so simple all you need to do is have the person join your group and you're connected. (LogMeIn)
My Response: Not my data, not my network.
The National Institute of Standards and Technology actually list many remote desktop services as something other than secure. And for those working with Finacials, Medical, Personal Information of Others you might find Regulations.Gov a site to see if you're actually breaking some federal laws by using Remote Desktop Connections improperly.
I hope my two points above are making things very clear to you and your desire to work remotely.
And my Response again is: Not my Data, Not my Network.
But I do work remotely and even offer Virtual Office Places that are designed for remote desktop workers. So why can I say my level of secruity is higher than others?
That question is hard to answer because those other companies have not invited me to their coders room and their NOC. If they did and they allowed me to see their internal security secrets then I might believe it. But then I couldn't tell you due to the 100 page disclaimer I would have to sign.
So what I do is I check with security firms that test, groups that check and reports from our best security analysis.
When I read NIST advisements it's like at times same minds because most all of the new HIPAA rules they are putting in place many of us have known about for years. It's who's in my Circle and I keep the best in my reading circles.
If you have made it this far let me offer up the equipment list you will need. This list is to help keep you safe but you can select to elementate any if not all from the list and use any Dynamic DNS service with Port Forwarding Routers all day long.
- Hardware Router / VPN / Firewall this can be individual components or an all in one solution.
- Paper Notepad with working ink pen or pencil.
That's it, now you're set to start setting up your Remote Desktop Connected computer.
- Using Equipment listed in item 2 pen and paper write down the following information from your computer you want to connect to and the computer you are connecting from.
- NIC Mac Address
- Firewall Make and Model
- VPN Make and Model
- Router Make and Model
- IP address Static or Dynamic
With this information your next step is to setup your connection process and it should go in the following order.
- Connect to VPN
- Login to VPN
- Firewall / Router access via LAN IP address and Port number.
When I work reportly I first start with a secured SSL VPN connection. That means Junior is going to have a rough time with his wireshark protocol anayliser seeing my username and password. If you don't start with a SSL connected device you're going to be transferring your username and password in clear text which means anyone on either networks or the man in the middle network will be able to (if interested) intercept and read your username and password.
After you have successfully connected to your VPN at the remote location via SSL VPN you now can open your remote desktop application. This is when the fun starts. We now have a Secured Socket Layer (SSL) which is encrypting everything we type. As long as you don't have a keylogger virus you should be good to go to the next step.
Your VPN to Router connection is going to be setup by the equipment by assignment of an internal IP address. Something like 192.168.1.1. Now that you have access to the internal network you can connect to the machine on that network by using NetBios names (if enabled) or IP address. You should always set static IPs based on MAC of the equipment on your LAN so this happens without a glitch, I'll tell you how to do that later.
Now, connect to your internal computer at work. Login with the IP address and the port address in the connect to box. It might look like 192.168.1.25:3498 (or 3389 if you didn't read how to change your RDP port address)
You will be prompted for a username and password from the remote computer.
Because we setup a different user for our remote connections we need to use that username and password. Let's keep thing simple and not login as an Administrator or be part of that group. You would have had to setup a user and then assign them to the remote access group.
Now that we have successfully connected securely to our remote desktop as a standard user we can start working.
Why a Standard User? Well, if you started surfing and found a website that wanted to install it's virus you're computer would be at that point infected. Who would know if the virus was able to traverse your VPN channel and infect your other network? It's best to keep it simple to keep it safe.
Now, when you are done. Log off of the remote desktop computer, log off of your vpn and that's the end of remote desktop connections without the middle man software.
There are hundreds of devices on the market that will help you setup your Remote Desktop Connection. The easiest method is Dynamic IP to Port forwarding in your favorite router that supports Dynamic IP accounts. The problem with this is it's always online facing the internet. It has no secured channel to send encrypted passwords or usernames and junior is going to hack away all day at your default usernames on yoru computer. Then you'll make the lists as a easy target or a target for them to test their cracking.
Simple non-secured method: Dynamic IP Redirect to Router with Port forwarding to desktop computer running Remote Access.