Security question

Cliff Lewis · May 11, 2005

I want to be sure I understand this:

If remote access is enabled but my computer is behind my router's
firewall, there is no way anyone can hack into it from the Internet.
Therefore, there is no need for a password if I trust all users on the
subnet. Is that correct?

The important thing is that I do not want to use a password unless I
have to. (My wife would complain.)

(Please do not go into the need for password-protected administrative
accounts and user accounts. I know about that and have found that I
have too much older software that simply is not compatible with that
configuration.)

Thanks,
Cliff Lewis

Sooner Al [MVP] · May 12, 2005

If you access/control your PC from a remote location and do not use a password to login then your
opening up your PC to a potential and probable security risk. I suggest you always use a strong
password...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

Cliff Lewis · May 12, 2005

I have two computers at home. I want to use Remote Desktop to access
one computer from the other while the video card is being shipped to
the factory for warranty replacement. They share a connection to the
Internet through a router, which has a firewall. Am I correct in
believing that there is no security risk from outside? The only way
there could be is if Remote Desktop somehow allowed access through the
router's firewall.

Fitz · May 12, 2005

If you want both computers to be able to access each other from behind the
router (inside your local network), the you have the appropriate ports open
on your router to allow the two computers to do this. Once the ports are
open, then anyone (inside or outside the local network) can run a port scan
and determine if there is a computer listening on a particular port, e.g.
port 3389 (Remote Desktop).

Unless you disable internet access for your two computers, then yes, there
is a danger. Your router firewall is nice (most routers use one) but it's
not a silver bullet. Run a port scan at www.grc.com to see how easy it is.

Cliff Lewis · May 12, 2005

I tried the port scan. It passed (full stealth status), even when I
probed port 3389 explicitly and even when I was logged on to the other
computer using Remote Desktop. I would conclude that my configuration
is safe.

It seems that Remote Desktop requires some kind of password no matter
what the configuration. It refused to connect due to an "account
restriction" until I defined a password on the host computer.

Sooner Al [MVP] · May 13, 2005

Your correct... If you *DO NOT* forward TCP Port 3389 through the router then there is no risk of
outside folks accessing your PC(s) with Remote Desktop. I have used Remote Desktop in the past for
exactly the purpose you want to do, ie. run a headless PC (no monitor). It worked very well for
that. An alternative is a KVM switch.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

Security question

Cliff Lewis

Sooner Al [MVP]

Cliff Lewis

Fitz

Cliff Lewis

Sooner Al [MVP]