+ Post New Thread
Results 1 to 11 of 11
Internet Related/Filtering/Firewall Thread, Remote connection in Technical; Hi guys, this is my first post on here so be gentle :-) One of my schools (Primary) has been ...
  1. #1

    Join Date
    Oct 2011
    Location
    Hebburn
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Remote connection

    Hi guys, this is my first post on here so be gentle :-)

    One of my schools (Primary) has been looking for a remote connection solution for a while and I looked at logmein and gotomypc but they are way too expensive.

    I have built a 2008 R2 server to use as a remote desktop connection, had the necessary ports opened up on the firewall by our ISP and also have a public ip for it. I have tried it and I can now RDP to it from home which allows me to hop onto any pc in school if I want to.

    I have switched the server off now as I am very nervous about being hacked as it's obviously out there in the public domain.

    Have any of you done anything like this or even found another way to do this, basically the staff need access to their class pc from home, they need more than just data.

    Can you advise how I can make the server as secure as possible or is it a no go and not worth the risk?

    Thanks

  2. #2
    DT2
    DT2 is offline
    DT2's Avatar
    Join Date
    May 2011
    Location
    Lakeville, Carleton County, New Brunswick
    Posts
    695
    Thank Post
    140
    Thanked 197 Times in 138 Posts
    Rep Power
    75
    I'd setup a VPN solution - IPSec preferably, as it's the most secure. You'll need hardware at the school end that can deal with IPSec VPN though. Dependant on what firewall you're using, this should be able to handle what you want to do.

    You can then deploy OpenVPN to the staff.

    DT

  3. #3

    Join Date
    Oct 2011
    Location
    Hebburn
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by DT2 View Post
    I'd setup a VPN solution - IPSec preferably, as it's the most secure. You'll need hardware at the school end that can deal with IPSec VPN though. Dependant on what firewall you're using, this should be able to handle what you want to do.

    You can then deploy OpenVPN to the staff.

    DT
    what kind of hardware would I need, is it difficult to set up?

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    You can even setup Windows server to offer VPN tunnels and then you don't need a third party client to connect in. The RRAS option (under 2003).

  5. #5
    DT2
    DT2 is offline
    DT2's Avatar
    Join Date
    May 2011
    Location
    Lakeville, Carleton County, New Brunswick
    Posts
    695
    Thank Post
    140
    Thanked 197 Times in 138 Posts
    Rep Power
    75
    Quote Originally Posted by JohnnyR1Red View Post
    what kind of hardware would I need, is it difficult to set up?
    Most firewalls provide this functionality, so check with whoever takes care of it (ISP?). They should be able to do this easily and give you the information for the OpenVPN config.
    But as Synack kindly points out, windows server can do this too..... and you can dial-in without the need for OpenVPN client.


    DT
    Last edited by DT2; 12th October 2011 at 01:15 PM.

  6. #6

    Join Date
    Feb 2007
    Location
    East Sussex
    Posts
    477
    Thank Post
    16
    Thanked 90 Times in 82 Posts
    Rep Power
    31
    I'd have a look at Adito - will let you have a website that they log in to which then runs a java app to create an ssl connection and run rdp over this to connect to your terminal server.

    Steve

  7. #7

    Join Date
    Oct 2011
    Location
    Hebburn
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Cheers guys, I will do a bit of research on both of these later

    I just want the quickest and easiest solution that I can get up and running but which is secure too

    I don't really want to visit each teacher's home if I can avoid it, our ISP is Durhamnet and they are pretty flexible about opening ports so that swhouldn't be a problem

    Thanks

  8. #8

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,767
    Thank Post
    1,306
    Thanked 803 Times in 697 Posts
    Rep Power
    240
    Quote Originally Posted by JohnnyR1Red View Post
    Have any of you done anything like this or even found another way to do this, basically the staff need access to their class pc from home, they need more than just data.
    For an RDP connection from my work PC to home I SSH's use port-forwarding feature. You need an SSH client (PuTTY work well) on the client and an SSH server on the server (or any server you want to set up as an SSH server). I wrote a small utility that handles setting up the connection automatically, so the user just clicks on an icon and their remote desktop opens. This type of connection uses a different SSH certificate for each client, so if a user's computer is stolen / lost you simply block that user's SSH certificate from connecting and issue them a new one.

  9. #9

    Join Date
    Oct 2011
    Location
    Hebburn
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by dhicks View Post
    For an RDP connection from my work PC to home I SSH's use port-forwarding feature. You need an SSH client (PuTTY work well) on the client and an SSH server on the server (or any server you want to set up as an SSH server). I wrote a small utility that handles setting up the connection automatically, so the user just clicks on an icon and their remote desktop opens. This type of connection uses a different SSH certificate for each client, so if a user's computer is stolen / lost you simply block that user's SSH certificate from connecting and issue them a new one.
    If I was to use such a utility how do I stop people hacking the server as it has a public ip, obviously it will be patched, have a complex password, disable RDP etc

    Can you point me in the direction of some documentation on setting this up please

  10. #10

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,767
    Thank Post
    1,306
    Thanked 803 Times in 697 Posts
    Rep Power
    240
    Quote Originally Posted by JohnnyR1Red View Post
    If I was to use such a utility how do I stop people hacking the server as it has a public ip, obviously it will be patched, have a complex password, disable RDP etc
    You don't need to make more than one port available, and you don't even have to pick the standard SSH port (22) - you can configure your clients as you like. All that will be visible to the outside world is an SSH server, and you can disable password-authenticated logins on that and only let people log in with certificates. After a user has authenticated and logged in to the SSH server with their cryptographic key they still have to log in to their Windows account with a password as usual - they both have to posess a correct SSH key and know their password.

    Can you point me in the direction of some documentation on setting this up please
    A Google for "SSH Server" might be your best bet, and I'll try and find the notes I made when setting my system up.

  11. #11

    Join Date
    Oct 2011
    Location
    Hebburn
    Posts
    20
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by dhicks View Post
    You don't need to make more than one port available, and you don't even have to pick the standard SSH port (22) - you can configure your clients as you like. All that will be visible to the outside world is an SSH server, and you can disable password-authenticated logins on that and only let people log in with certificates. After a user has authenticated and logged in to the SSH server with their cryptographic key they still have to log in to their Windows account with a password as usual - they both have to posess a correct SSH key and know their password.



    A Google for "SSH Server" might be your best bet, and I'll try and find the notes I made when setting my system up.
    Cheers mate, I think I have pretty much everything in place to crack on, I have a dedicated 2008 R2 server, I think the ports needed are all open already as I asked the firewall guys at Durhamnet to open everything necessary for VPN.

    If you have the docs I would appreciate the help though

    John



SHARE:
+ Post New Thread

Similar Threads

  1. Outlook 2007/OWA won't remote connect but iPhone will?
    By contink in forum Enterprise Software
    Replies: 2
    Last Post: 28th August 2011, 02:37 AM
  2. Remote Connection Session Terminating
    By montycv3 in forum Windows
    Replies: 2
    Last Post: 3rd March 2011, 12:49 PM
  3. 3 Simultaneous Remote Connections To a Server
    By farquea in forum Windows Server 2000/2003
    Replies: 17
    Last Post: 29th July 2010, 01:57 AM
  4. Removing Remote Connection program
    By faza in forum How do you do....it?
    Replies: 6
    Last Post: 30th November 2009, 09:19 AM
  5. Remote Connection to Servers
    By faza in forum Wireless Networks
    Replies: 16
    Last Post: 2nd March 2007, 10:34 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •