Application triggered or persistenly forwarded port?

[Chris Gardner]

I'd like to access my home machine on the road. Question: does the
Windows Remote Desktop (Terminal Services) port need to be persistenly
forwarded, or can I leave it application triggered in my firewall? I
don't know if I like the idea of leaving it open all the time.

 

[Bill Sanderson]

You want it persistently forwarded.

All data on the connection is encrypted, but there are apps out there to
attempt to brute-force the password.

So, setting up auditing of both successful and unsuccessful logons, using a
non-standard name for the administrator account, using strong passwords, and
setting account lockouts are all good ideas.

Setting up auditing is covered by the help in Microsofts Microsoft Baseline
Security Analyzer, which you should be using:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Strong passwords:

http://www.cert.org/homeusers/HomeComputerSecurity/#6

Account lockout policy:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_sceacctpols.mspx