Windows 7 RDP

[aga2571]

Please can anyone advise me on the below.

I move around quite a bit on my job, and need acess to my files at home whilst on the move. In order to access my files, I have enable remote desktop and have got this working, with Dyndns. All works fine, I need some information on how secure this? Is it possible for people to hack my PC / access my files.

Thank you.

 

[hairlessupportmonkey]

You would be better off with something like Drop Box. RDP isnt all that secure IMO especially if you use weak passwords.

Using a file locker you can sync your files, so changes you make on one side will sync auto maticall on the other. Also, you dont need to leave your remote PC on saving a little power!

ACSS - SME
General Geek

 

[hairlessupportmonkey]

there is another product on the market too call Syncblaze. that can be whiteboxed and configured with your company logos etc



ACSS - SME
General Geek

 

[dilettante]

One thing you might consider is moving your RDP service to an alternate port (which helps defeat black hats scanning IP ranges to find RDP servers to hack).


You might also buy a home network appliance that offers NAS on your LAN and can expose your files for access over the Internet via WebDAV, FTP, SFTP, plain Web access (HTML pages with download/upload), etc. These are often very cheap now (under $100 US for 1TB of disk), they tend to have very low power consumption compared to a desktop PC left on, also offer LAN-based media streaming, etc.

A lot of these products of various brands (Verbatim, Netgear, Seagate, LaCie and Roxio are a few names) are now running HipServ under the covers. This also provides file syncing software, including a portable flash-memory-device "carry it with you" version in addition to the version that installs into your desktops and laptops or the one for iOS and Android.

Ther are other products that do the same thing using different system software.

Being LAN-resident this can be far more viable than clunky off-premise solutions. Your speed while working at home makes it more likely you'll keep the files you need once "on the road" current.

 

[linney]

Another Microsoft offering is Live Mesh.

Windows Live Mesh

http://windows.microsoft.com/en-US/windows-live/essentials-other-programs?T1=t4

 

[aga2571]

Thanks guys for the replies.

I don't want to use third party services like Dropbox etc. I have taken Dilettante's advise and change the port for now. Also, I created a strong password. Since I own a old PC, I'm investigating the possibility of setting it up as a VPN server. Whats your thoughts or views on using XP/Windows 7 as a VPN server since its only one VPN user?

 

[hairlessupportmonkey]

You might want to invest in a new router to do that for you? A draytek 2850 does IPSEC VPN on the router and they supply a decent VPN client on the software side. It also supports multiple WAN and technologies on the one port such as VDSL and ADSL(2+)

IF you reallllllly want to do Win7 as your VPN server I found this. Quick and dirty......

Actually thinking about it the router would be an excellent IDEA as it supports USB flash devices, so you can use it as an FTP server with your files syncing to the flash stick!

ACSS - SME
General Geek

 

[smah]

Back to the original question of security....

A password is only as secure as its complexity. It makes no difference what service that password is protecting. Changing the default port slightly helps disguise what that service is, but not much. A weak password is not any more secure for FTP, Webdav, or online sharing services than it would be for Remote Desktop or even for many types of VPN conections.

RDP uses 128 bit encryption for [most] data transmission. Standard FTP (and http ) does not encrypt the data in any way. I'm not sure that all online sharing service transfer the data in encrypted format. Some probably do, but I bet there are some that do not. If security against packet sniffing during transmission is your concern, make sure you're using encrypted transmission methods whichever way you go.

 

[dilettante]

Changing the default port slightly helps disguise what that service is, but not much.

I disagree.

It is far easier, and easier to get away with scanning ranges of IP addresses looking for a service on a known port than doing full port scans. The additional security achieved by relocation RDP to another port is small but hardly trivial, thus almost always worth doing.

Packet sniffing is almost a non-concern in most cases because the only likely blackhats who can do it would have to be on the same subnet as you and the server at best. Even then most local networks are switched anymore, further limiting the number of network nodes than can sniff your traffic. That doesn't diminish the value of strong authentication. Nor even encryption, though the need is vastly exaggerated.

Most people are probably giving away a lot more sensitive information by foolish practices such as using Google services like GMail - or even worse corresponding with GMail users.

http://epic.org/privacy/gmail/faq.html

Gmail violates the privacy rights of non-subscribers. Non-subscribers who e-mail a Gmail user have "content extraction" performed on their e-mail even though they have not consented to have their communications monitored, nor may they even be aware that their communications are being analyzed. Subscribers to Gmail also face risks to their privacy; those risks are outlined below.