Q: I own / operate a computer network support / sales company. As I continue to expand my clientele, Im a careful study of the best ways to start remotely accessing customers systems.
Currently 95% of the systems I run are 98, XP, Server 2000.2003, etc. .
I using OpenSSH + Putty to run encrypted VNC and rdesktop sessions for some Clent and that seems to work alright.
Is either individual VPNs the way to go? This seems to work OK (but not super great) with the Linksys routers .
push BEF comes to shove, as I hope to signing a new client tomorrow with 19 clients and 3 servers located one hour from my home office. I would like to propose a comprehensive solution Raccess to immediately install them.
Any suggestions?
Thanks!
Best Answer: I don't have a degree yet, but I'm working on my AA, in preparation for a Computer Science BS. I'm probably moving towards development rather than administration. It's just more interesting for me.
My average day involves sitting motionless for hours at a time eating junk food and drinking Mt Dew. I also do a bit of scripting and change backup media once in a while.
Out of high-school (Since I never made it out of college) I made approximately $38k a year. I now make just over 90k.
My situation is a bit different than yours. My reputation got me my jobs, not any credentials. The credentials were just an afterthought.
I do a boring 40 hr a week admin job, and I supplement my income with security consulting and a bit of light development work. My company also sends me out on occasional networking jobs.
Next Generation Network Marketing Handbook
Re:Yes, but the as I understand it, with RD, the passwords are sent uncncrypted
You're understanding is incorrect. The one thing that Remote Desktop doesn't provide by default is server authentication. The potential for a man-in-the-middle attack exists with default RD. You can enable SSL/TLS on 2003 SP1 so that server auth will be performed.
http://www.microsoft.com/technet/prodte…d8eb9-f53d-4e86-ac9b-29fd6146977b.mspx (http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/a92d8eb9-f53d-4e86-ac9b-29fd6146977b.mspx)
Beginners Computer Tutorial.
Re:Yes, but the as I understand it, with RD, the passwords are sent uncncrypted.
With SSH/Putty, the tunnel/shell is first established, then the password is sent and traffic begins to flow.
Home Automation & Networking eBook
Re:If you're only going to do port forwarding with no secure tunnel, then at the very least you'll want to restrict the public IP addresses that can access that port to the IP's in the network you'll be doing the managing from. You dont want anyone to be able to hit remote desktop on those machines once they figure out what the port number is.
At the company I work for, we use an SSL "VPN" appliance and just tunnel RDP through that for remote management. It works great. Of course, the cost is prohibitive for smaller businesses.
For the smaller companies that I consult for I just create a VPN connection into their network and use that to tunnel RDP, VNC, or whatever I'm using for remote management. That way I dont have to mess with opening up any external ports and forwarding them.
What You Need To Know About Network Marketing
Re:RDP is encrypted traffic so it has great advantages over VNC, especially in the refresh department…of course the requirements are win2k server or higher.
I use RDP/VNC for all of my customers, and I have no issues. I though of setting up a VPN conneciton between my major customers and me but really whats the point. They are small 5-10 user offices and the issues I deal with are small….it offers nothing for me that i cant already do via VNC/RDP.
I setup a small firewall (FVS318 v3 is a nice little unit) and then i setup port forwarding for each PC behind the firewall. The good part is you can define what port you want for RDP on the clients and then forward accordingly.
Best Computer Monitoring Software
Re:I use VPN connections also, this way I don't have to do any port forwarding, only one port open for the VPN and after that I can access any computer behind the firewall.
Self Computer Repair
Re:Talk the client into a VPN setup for there business. This way you can remote destop in from there and also make some money from the VPN setup.
John
Social Network Marketing 2.0 – 75% commission
Re:Yes…that is the simplest way to go. I dunno, VPNs just seem hairy to me.
And with VNC or RD, I haven't totally figured out the "repeating" features of VNC. I know that I can tunnel different ports to shoot through the *nix server and go straight to the workstations (5901:1, 5902:2, etc) but it is still simpler to VNC into the server THEN vnc into the local computer workstation. Not as elegant or quick, but it works every time.
Easy Network Wiring
Re:One of our customers is in your shoes, and they have used remote desktop with great success for individual customers. He said that he configures a VPN or uses a ssh tunnel to an existing *nix box do most businesses where there are multiple internal computers that are not directly internet accessible.
Personally, I'd do just that for the new client – setup a vpn server or a *nix box on their network and use them to tunnel your rdp & vnc sessions. $.02
0 Comments.