boxst

Hello

After a flurry of people getting warning at work about their internet activity (here, rather than at my work), I was wondering about Remote Desktop. I can connect to my computer at home and happily surf the net there and with ADSL at home and a fast connection at work it is more than acceptable.

What logs (if any) are kept of Remote Desktop usage?

Thanks,

Steve.

Neanderthal

iTrader: (6)

ohhhh clever idea! wonder if it would work!?

DJ Dunk

iTrader: (5)

If they are looking at the activity on Port 3389 then they may be a little suspicious of the amount of traffic

Really depends on your Acceptable Use Policy as to whether they allow you to use such methods.

Neanderthal

iTrader: (6)

But would their records show what was coming thru Port 3389? or just that there's suddenly a lot of bandwidth being used? I suppose they could look at the files on the work PC. Most places have strict policies agaisnt installing your own software etc. Still it would be nice to do, I could see whether my downloads at home had actually finished!

Puff The Magic Wagon!

iTrader: (2)

VPN to home & use VNC.

Or PC Anywhere (yuk)

Although they could possibly see the traffic coming through, they'd be hard pressed to see what you're surfing. Its not as if they'd get web traffic in urls etc, only video traffic of what is on your desktop - which my guess would be that they wouldn't have software suitable to see what it was. Web monitoring uses urls, IPs, images etc to see what you've been doing.

Neanderthal

iTrader: (6)

Sounds good Puff, is there a guide of how to set this up?
First thing to check I suppose is find out if Port 3389 is open? they use DameWare Mini Remote Control Server here, used to be PC Anywhere.

DJ Dunk

iTrader: (5)

I'd be grateful too of any n00b friendly guides to setting something like this up

swaussie

LOL, you guys getting seriously desperate try this site for some info on how to do it.

http://www.pcstats.com/articleview.c...eid=608&page=1

I wish I could see the look on your faces ( and those of your work colleagues) when the router at home crashes and everyone wonders what your swearing at

Maybe a word of warning. You will be effectively bypassing firewall security by creating an encrypted VPN tunnel to your home PC and it will be seriously frowned upon if you manage to get a lovely virus or trojan installed onto the network

ozzy

I use remote desktop from home to connect to my office pc and vice versa. It's pi$$ easy, but all the work involves making sure firewalls/routers will allow outbound sessions on the RDP ports and also port-forwarding to connect to a PC behind a NAT-enabled router.

I have a network VPN connection from my office to my home LAN, so that makes it easier to connect. If you want to VPN from an individual work PC to a desktop at home, then a lot depends on the systems used in your office and at home.

VNC is good, but there can be some screen lag especially with Web browsers. I find Remote Desktop is actually better for some things and VNC others so I can run either.

If you can remote desktop into a PC, then you can run anything and all network sniffers will see is RDP traffic and not any identifiable content in the traffic i.e. they can't see what sites you are browsing for example.

Stefan

Neanderthal

iTrader: (6)

Remote Desktop & VPN not the same then? If not how do you set Remote Desktop up if I want to connect a W2K PC (work) to an XP Pro PC (Home)

ozzy

NO. Remote Desktop is exactly that - same as VNC only different protocol/technology - same principle.

VPN is a Virtual Private Network - that is a secure, tunnel between two devices (PC's) or networks.

So, I have a VPN connecting both my home LAN and Office LAN. So I can ping any device on both LAN's, use some remote control software, run apps, anything I could do if I was a local user on either LAN. Obviously since the Internet is between us, it's not has fast as a 100Mbps LAN.

How to do it depends on what you've got now. How does your home PC connect to the net and what's between your office PC and the net?

Stefan

Nog

Ozzy -> I may have mis-understood what you've implied above. But as I read it, I can't believe your company let you set up a VPN between your office and your home network!!!! I am guessing that either:

a) You work for a small company, and you're in charge of security
b) Your I.T folks aren't on the ball when it comes to security
c) Your I.T folks don't give a sh*t
d) You're abusing a VPN arrangement designed for using company laptops at home?

How can your company guarantee the security and integrity of its LAN/WAN if you're able to connect to it from a "dirty" network. OK, the link between the "dirty" network, and the corporate WAN will be secure, but there's potential for your home network to be compromised, giving hackers, script kiddies, worms, trojans, Etc, a lovely, secure route into the corporate WAN.

Scary.

Forgive me if I've got the wrong end of the stick.




Nog

WRX_Rich

iTrader: (5)

as said,

if you are getting warinings for web activity I wouldn't be setting up VPNs. Would be "pick up your items and leave NOW" at our place if we found this

if a company spends £££££££ on routers, firewalls, anti virus etc etc and some one left a back door wide open...... what would you do? ( software VPNs like win2k server are not noted for being the most secure)

chances are you won't be able to get anyware near it as the routers will have none of it ( hopefully... for your business sake)

like the idea though.. if it wasn't for the nhs.net I would be trying it monday

ozzy

Nog,

What makes you think my home LAN is dirty? and yes, I'm in charge of our IT & security for a not so small company.

Having a laptop VPN into a network is no more insecure or secure than a couple of PC's. Any remote PC's have plenty of updates and software installed to minimise risks.

It's only scary if you don't know what you're doing and we've had no problems in 2 years. I get more nervous when clients want to plug their laptops into our LAN - that's the biggest primary risk.

Stefan

Nog

Ozzy

By dirty I mean untrusted. I wasn't implying anything, honest

For example, if you have a VPN for laptop users, the company will control the integrity of the laptops using either personal firewalls or NICs with embedded firewalls. Also, admin rights will be tightly controlled on such machines.

If you a have a VPN for a third party to dial-in to support a "black box" system, you will limit their visibility of your network using firewall rules. You'll also have a signed statement stating that they are taking all possible preventative measures in terms of security. There should also be something about damages, should things go wrong.

However, with your arrangement, if your home network was compromised, I'm sure a few questions would be asked, and you'd probably find your desk contents neatly tidied away in a cardboard box!!

Have I missed something?

Nog

SiDHEaD

Just noticed this thread. I use RDP to connect to my home server over VPN. When at home I RDP straight back to my work desktop. The latter is very useful for doing "out of hours" tasks, the former is useful for downloading on DC++, as I don't have enough stuff at work to share.

My colleague doesn't have unrestricted web access here (he could if he asked me, but hasn't??!!!), so he uses RDP to home to bypass the webfilter.

Also if you're worried Re: the SB thread, remember all weblogging/cached images/ EVERYTHING is on your machine at home

Andy

ozzy

Nog,

You're correct, but you shouldn't assume that my home network is less secure than our corporate one. I know the risks and we've taken plenty of precautions to minimise potential problems. These are the exact same measure we take on the corporate LAN (inc. the same hardware/software).

The chances of something going wrong are very slim. In fact as I stated, there's more danger from client/user laptops connecting directly to our lan than from my home PC.

Anyway, the point I was making was that the theory is sound and does work. How this is achieved is down to the local IT policies at your workplace.

Stefan

Neanderthal

iTrader: (6)

Tried setting this up at lunchtime.
At home (XP Pro) I've enabled "Remote Destop Access" and forwarded port 3389 on my router to my pc's ip address.
At work I've downloaded and installed the Remote Desktop Client on my W2k machine.
However when I try and connect to my home PC (via the routers IP address 81.bla.bla.bla) it won't connect. I can ping the IP via the command line. I'm guessing my work network is blocking the connection? although I'm pretty sure the directors all have lappys they take home and connect to the work network.
If there another way of testing the connection?

SiDHEaD

They probly have 3389 closed. We have it open here, hence how my colleague can RDP out. No reason for us to close it here, I don't mind people RDPing, that's up to their manager if they are wasting time.

ozzy

I don't think it's just 3389 that's used for an RDP connection. Try running something like Etherreal and looking at what ports are being used.

SiDHEaD

It is on mine

Neanderthal

iTrader: (6)

Well according to Ethereal... (scanned whilst trying to connect to the home PC)

Transmission Control Protocol, Src Port 1840 (1840), Dst Port: sapgw89 (3389), Seq: 0, Ack: 0, Len: 0