Security question



Cliff Lewis
07-10-2005, 12:09 AM
I want to be sure I understand this:

If remote access is enabled but my computer is behind my router's
firewall, there is no way anyone can hack into it from the Internet.
Therefore, there is no need for a password if I trust all users on the
subnet. Is that correct?

The important thing is that I do not want to use a password unless I
have to. (My wife would complain.)

(Please do not go into the need for password-protected administrative
accounts and user accounts. I know about that and have found that I
have too much older software that simply is not compatible with that
configuration.)

Thanks,
Cliff Lewis

Sooner Al [MVP]
07-10-2005, 12:09 AM
If you access/control your PC from a remote location and do not use a password to login then your
opening up your PC to a potential and probable security risk. I suggest you always use a strong
password...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...


"Cliff Lewis" <clewis@gwis.com> wrote in message news:jh258156vjiuhqdjb8og790n4kiv13jr4u@4ax.com...
>I want to be sure I understand this:
>
> If remote access is enabled but my computer is behind my router's
> firewall, there is no way anyone can hack into it from the Internet.
> Therefore, there is no need for a password if I trust all users on the
> subnet. Is that correct?
>
> The important thing is that I do not want to use a password unless I
> have to. (My wife would complain.)
>
> (Please do not go into the need for password-protected administrative
> accounts and user accounts. I know about that and have found that I
> have too much older software that simply is not compatible with that
> configuration.)
>
> Thanks,
> Cliff Lewis

Cliff Lewis
07-10-2005, 12:09 AM
I have two computers at home. I want to use Remote Desktop to access
one computer from the other while the video card is being shipped to
the factory for warranty replacement. They share a connection to the
Internet through a router, which has a firewall. Am I correct in
believing that there is no security risk from outside? The only way
there could be is if Remote Desktop somehow allowed access through the
router's firewall.

On Wed, 11 May 2005 19:57:31 -0500, "Sooner Al [MVP]"
<SoonerAl@somewhere.net.invalid> wrote:

>If you access/control your PC from a remote location and do not use a password to login then your
>opening up your PC to a potential and probable security risk. I suggest you always use a strong
>password...

Fitz
07-10-2005, 12:09 AM
If you want both computers to be able to access each other from behind the
router (inside your local network), the you have the appropriate ports open
on your router to allow the two computers to do this. Once the ports are
open, then anyone (inside or outside the local network) can run a port scan
and determine if there is a computer listening on a particular port, e.g.
port 3389 (Remote Desktop).

Unless you disable internet access for your two computers, then yes, there
is a danger. Your router firewall is nice (most routers use one) but it's
not a silver bullet. Run a port scan at www.grc.com to see how easy it is.


"Cliff Lewis" <clewis@gwis.com> wrote in message
news:c7g68111vrbi8msnlpeu5mjb5rc9n071q0@4ax.com...
>I have two computers at home. I want to use Remote Desktop to access
> one computer from the other while the video card is being shipped to
> the factory for warranty replacement. They share a connection to the
> Internet through a router, which has a firewall. Am I correct in
> believing that there is no security risk from outside? The only way
> there could be is if Remote Desktop somehow allowed access through the
> router's firewall.
>
> On Wed, 11 May 2005 19:57:31 -0500, "Sooner Al [MVP]"
> <SoonerAl@somewhere.net.invalid> wrote:
>
>>If you access/control your PC from a remote location and do not use a
>>password to login then your
>>opening up your PC to a potential and probable security risk. I suggest
>>you always use a strong
>>password...
>

Cliff Lewis
07-10-2005, 12:09 AM
I tried the port scan. It passed (full stealth status), even when I
probed port 3389 explicitly and even when I was logged on to the other
computer using Remote Desktop. I would conclude that my configuration
is safe.

It seems that Remote Desktop requires some kind of password no matter
what the configuration. It refused to connect due to an "account
restriction" until I defined a password on the host computer.


On Thu, 12 May 2005 14:20:42 GMT, "Fitz" <SENDNOMAIL@hotmail.com>
wrote:

>If you want both computers to be able to access each other from behind the
>router (inside your local network), the you have the appropriate ports open
>on your router to allow the two computers to do this. Once the ports are
>open, then anyone (inside or outside the local network) can run a port scan
>and determine if there is a computer listening on a particular port, e.g.
>port 3389 (Remote Desktop).
>
>Unless you disable internet access for your two computers, then yes, there
>is a danger. Your router firewall is nice (most routers use one) but it's
>not a silver bullet. Run a port scan at www.grc.com to see how easy it is.
>
>
>"Cliff Lewis" <clewis@gwis.com> wrote in message
>news:c7g68111vrbi8msnlpeu5mjb5rc9n071q0@4ax.com...
>>I have two computers at home. I want to use Remote Desktop to access
>> one computer from the other while the video card is being shipped to
>> the factory for warranty replacement. They share a connection to the
>> Internet through a router, which has a firewall. Am I correct in
>> believing that there is no security risk from outside? The only way
>> there could be is if Remote Desktop somehow allowed access through the
>> router's firewall.
>>
>> On Wed, 11 May 2005 19:57:31 -0500, "Sooner Al [MVP]"
>> <SoonerAl@somewhere.net.invalid> wrote:
>>
>>>If you access/control your PC from a remote location and do not use a
>>>password to login then your
>>>opening up your PC to a potential and probable security risk. I suggest
>>>you always use a strong
>>>password...
>>
>

Sooner Al [MVP]
07-10-2005, 12:09 AM
Your correct... If you *DO NOT* forward TCP Port 3389 through the router then there is no risk of
outside folks accessing your PC(s) with Remote Desktop. I have used Remote Desktop in the past for
exactly the purpose you want to do, ie. run a headless PC (no monitor). It worked very well for
that. An alternative is a KVM switch.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...


"Cliff Lewis" <clewis@gwis.com> wrote in message news:c7g68111vrbi8msnlpeu5mjb5rc9n071q0@4ax.com...
>I have two computers at home. I want to use Remote Desktop to access
> one computer from the other while the video card is being shipped to
> the factory for warranty replacement. They share a connection to the
> Internet through a router, which has a firewall. Am I correct in
> believing that there is no security risk from outside? The only way
> there could be is if Remote Desktop somehow allowed access through the
> router's firewall.
>
> On Wed, 11 May 2005 19:57:31 -0500, "Sooner Al [MVP]"
> <SoonerAl@somewhere.net.invalid> wrote:
>
>>If you access/control your PC from a remote location and do not use a password to login then your
>>opening up your PC to a potential and probable security risk. I suggest you always use a strong
>>password...
>


Security question