Remote Desktop and Security(!) on Private LAN

[Guest CT]

Hi,

 

Traffic is really low at this newsgroup,

microsoft.public.windowsxp.work_remotely (where I originally posted),

so thought it would be okay to post here as well. Feel free to tell me

where to go, if this isn't the proper place.

 

How concerned should we be regarding security during Remote Desktop

sessions on a private LAN behind a Linksys router (WRT54GX2) with the

firewall enabled, aside from changing the router's SSID and password

regularly? We have no plans to access the LAN from the

"outside" (mostly due to security concerns).

 

Thank You.

Cheryl

[Guest Lanwench [MVP - Exchange]]

Re: Remote Desktop and Security(!) on Private LAN

 

CT <CThompson.FL@gmail.com> wrote:

> Hi,

>

> Traffic is really low at this newsgroup,

> microsoft.public.windowsxp.work_remotely (where I originally posted),

 

Yep.

> so thought it would be okay to post here as well. Feel free to tell me

> where to go, if this isn't the proper place.

 

This is fine, but an even better group for your question might be

microsoft.public.windows.security (a crosspost to both can't hurt)

>

> How concerned should we be regarding security during Remote Desktop

> sessions on a private LAN behind a Linksys router (WRT54GX2) with the

> firewall enabled, aside from changing the router's SSID and password

> regularly? We have no plans to access the LAN from the

> "outside" (mostly due to security concerns).

>

> Thank You.

> Cheryl

 

You're only doing this on the LAN? And have no access from the Internet?

You're probably fine - although with wireless, that's a relative thing. Much

depends on your Linksys' security. Don't use WEP - WPA / WPA2 are OK. Change

the admin credentials on the Linksys. Change the private IP addressing

scheme on the Linksys to something that isn't its default.

[Guest CT]

Re: Remote Desktop and Security(!) on Private LAN

 

On Mar 10, 9:16 pm, "Lanwench [MVP - Exchange]"

<lanwe...@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

> CT <CThompson...@gmail.com> wrote:

> > Hi,

>

> > Traffic is really low at this newsgroup,

> > microsoft.public.windowsxp.work_remotely (where I originally posted),

>

> Yep.

>

> > so thought it would be okay to post here as well. Feel free to tell me

> > where to go, if this isn't the proper place.

>

> This is fine, but an even better group for your question might be

> microsoft.public.windows.security (a crosspost to both can't hurt)

>

 

Ok, thanks. I'll add that one to my Google Groups. Haven't yet

installed the mail/newsgroup program I d/l'd so I don't know how to

see a list of groups to choose from while temporarily using Google

Groups. Googled it but someone said it was a three hour download?!

Forget that.

>

> > How concerned should we be regarding security during Remote Desktop

> > sessions on a private LAN behind a Linksys router (WRT54GX2) with the

> > firewall enabled, aside from changing the router's SSID and password

> > regularly? We have no plans to access the LAN from the

> > "outside" (mostly due to security concerns).

>

> > Thank You.

> > Cheryl

>

> You're only doing this on the LAN? And have no access from the Internet?

 

Each computer on the home network can access the internet, but we have

no need to access our network over the internet when away from home.

> You're probably fine - although with wireless, that's a relative thing. Much

> depends on your Linksys' security. Don't use WEP - WPA / WPA2 are OK.

 

We've used WPA since the router was set up over a year ago. Want to

increase the security, so I'm currently working on finding out if my

desktop's network adapter supports WPA2 - I know the laptop's does.

Also looked at http://www.grc.com for a 64 character password.

>Change the admin credentials on the Linksys. Change the private IP addressing

> scheme on the Linksys to something that isn't its default.

 

You lost me here. I looked and could not find these terms on the

router's online setup screen. Could you clarify please. Maybe someone

who has a Linksys router could direct me to where these settings are?

 

Thank you very much for your help!

Cheryl

[Guest Lanwench [MVP - Exchange]]

Re: Remote Desktop and Security(!) on Private LAN

 

CT <CThompson.FL@gmail.com> wrote:

> On Mar 10, 9:16 pm, "Lanwench [MVP - Exchange]"

> <lanwe...@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>> CT <CThompson...@gmail.com> wrote:

>>> Hi,

>>

>>> Traffic is really low at this newsgroup,

>>> microsoft.public.windowsxp.work_remotely (where I originally

>>> posted),

>>

>> Yep.

>>

>>> so thought it would be okay to post here as well. Feel free to tell

>>> me where to go, if this isn't the proper place.

>>

>> This is fine, but an even better group for your question might be

>> microsoft.public.windows.security (a crosspost to both can't hurt)

>>

>

> Ok, thanks. I'll add that one to my Google Groups. Haven't yet

> installed the mail/newsgroup program I d/l'd so I don't know how to

> see a list of groups to choose from while temporarily using Google

> Groups. Googled it but someone said it was a three hour download?!

> Forget that.

 

Ah. Don't use google groups unless you're searching for old posts - it's not

the best way to get to usenet.

 

For newsreaders, try Forte Agent, Thunderbird, or even Outlook Express. The

Microsoft public news server is msnews.microsoft.com and you can subscribe

to as many groups as you like; no authentication is required.

 

The following is from a post by MVP Malke ...

 

-------------------------------------------------------

Here's information on Usenet and using a newsreader:

 

http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief

explanation of newsgroups

http://michaelstevenstech.com/outlo...ssnewreader.htm

http://rickrogers.org/setupoe.htm

http://support.microsoft.com/defaul...wto/default.asp

- Set Up Newsreader

 

http://www.dts-l.org/goodpost.htm

http://www.catb.org/~esr/faqs/smart-questions.html

http://aumha.org/nntp.htm - list of MS newsgroups

microsoft.public.test.here - MS group to test if your newsreader is

working properly

http://www.mailmsg.com/SPAM_munging.htm - how to munge email address

http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.

crossposting

 

Some newsreaders for Windows

http://www.forteinc.com/agent/index.php - for Forte

http://www.mozilla.org (Thunderbird does newsgroups)

http://gravity.tbates.org/

 

-------------------------------------

 

>

>>

>>> How concerned should we be regarding security during Remote Desktop

>>> sessions on a private LAN behind a Linksys router (WRT54GX2) with

>>> the firewall enabled, aside from changing the router's SSID and

>>> password regularly? We have no plans to access the LAN from the

>>> "outside" (mostly due to security concerns).

>>

>>> Thank You.

>>> Cheryl

>>

>> You're only doing this on the LAN? And have no access from the

>> Internet?

>

> Each computer on the home network can access the internet, but we have

> no need to access our network over the internet when away from home.

 

OK.

>

>> You're probably fine - although with wireless, that's a relative

>> thing. Much depends on your Linksys' security. Don't use WEP - WPA /

>> WPA2 are OK.

>

> We've used WPA since the router was set up over a year ago. Want to

> increase the security, so I'm currently working on finding out if my

> desktop's network adapter supports WPA2 - I know the laptop's does.

> Also looked at http://www.grc.com for a 64 character password.

 

Use passphrases. I often use old Frank Sinatra song titles, complete with

mixed case, punctuation, spaces.

>

>> Change the admin credentials on the Linksys. Change the private IP

>> addressing scheme on the Linksys to something that isn't its default.

>

> You lost me here. I looked and could not find these terms on the

> router's online setup screen. Could you clarify please. Maybe someone

> who has a Linksys router could direct me to where these settings are?

 

I have no idea where they are - I just mean change the admin password. And

I'd also change the LAN TCP/IP settings it's using from 192.168.1.0/24

(that's from memory) to something else - like 172.16.1.0/24.

>

> Thank you very much for your help!

> Cheryl

 

Most welcome - hope it does help.

[Guest CT]

Re: Remote Desktop and Security(!) on Private LAN

 

On Mar 11, 8:57 am, "Lanwench [MVP - Exchange]"

<lanwe...@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

> CT <CThompson...@gmail.com> wrote:

> > On Mar 10, 9:16 pm, "Lanwench [MVP - Exchange]"

> > <lanwe...@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

> >> CT <CThompson...@gmail.com> wrote:

> >>> Hi,

>

> >>> Traffic is really low at this newsgroup,

> >>> microsoft.public.windowsxp.work_remotely (where I originally

> >>> posted),

>

> >> Yep.

>

> >>> so thought it would be okay to post here as well. Feel free to tell

> >>> me where to go, if this isn't the proper place.

>

> >> This is fine, but an even better group for your question might be

> >> microsoft.public.windows.security (a crosspost to both can't hurt)

>

> > Ok, thanks. I'll add that one to my Google Groups. Haven't yet

> > installed the mail/newsgroup program I d/l'd so I don't know how to

> > see a list of groups to choose from while temporarily using Google

> > Groups. Googled it but someone said it was a three hour download?!

> > Forget that.

>

> Ah. Don't use google groups unless you're searching for old posts - it's not

> the best way to get to usenet.

>

 

I'm aware of this. BTW, I couldn't find a newsgroup titled

'microsoft.public.windows.security' .

> For newsreaders, try Forte Agent, Thunderbird, or even Outlook Express. The

> Microsoft public news server is msnews.microsoft.com and you can subscribe

> to as many groups as you like; no authentication is required.

>

 

I've had Thunderbird and Lightning sitting on my desktop for two

weeks. Was going to install them when I got sidelined by my private

network issues (setting up - DONE; securing - IN PROGRESS; setting up

Remote Desktop - IN PROGRESS)

> The following is from a post by MVP Malke ...

>

> -------------------------------------------------------

> Here's information on Usenet and using a newsreader:

>

> http://www.elephantboycomputers.com/page3.html#12-09-02- a brief

> explanation of newsgroupshttp://michaelstevenstech.com/outlo...ssnewreader.htmhttp://rickrogers.org/setupoe.htmhttp://support.microsoft.com/defaul...wto/default.asp

> - Set Up Newsreader

>

> http://www.dts-l.org/goodpost.htmhttp://www.catb.org/~esr/faqs/smart-questions.htmlhttp://aumha.org/nntp.htm- list of MS newsgroups

> microsoft.public.test.here - MS group to test if your newsreader is

> working properlyhttp://www.mailmsg.com/SPAM_munging.htm- how to munge email addresshttp://www.blakjak.demon.co.uk/mul_crss.htm- multiposting vs.

> crossposting

>

> Some newsreaders for Windowshttp://www.forteinc.com/agent/index.php- for Fortehttp://www.mozilla.org(Thunderbird does newsgroups)http://gravity.tbates.org/

>

> -------------------------------------

>

>

>

>

>

> >>> How concerned should we be regarding security during Remote Desktop

> >>> sessions on a private LAN behind a Linksys router (WRT54GX2) with

> >>> the firewall enabled, aside from changing the router's SSID and

> >>> password regularly? We have no plans to access the LAN from the

> >>> "outside" (mostly due to security concerns).

>

> >>> Thank You.

> >>> Cheryl

>

> >> You're only doing this on the LAN? And have no access from the

> >> Internet?

>

> > Each computer on the home network can access the internet, but we have

> > no need to access our network over the internet when away from home.

>

> OK.

>

>

>

> >> You're probably fine - although with wireless, that's a relative

> >> thing. Much depends on your Linksys' security. Don't use WEP - WPA /

> >> WPA2 are OK.

>

> > We've used WPA since the router was set up over a year ago. Want to

> > increase the security, so I'm currently working on finding out if my

> > desktop's network adapter supports WPA2 - I know the laptop's does.

> > Also looked athttp://www.grc.comfor a 64 character password.

>

> Use passphrases. I often use old Frank Sinatra song titles, complete with

> mixed case, punctuation, spaces.

>

 

Sounds easier and worth considering. I was told that all 64 spaces

should be filled when creating a router pasword. Guess this needs

further research by me, as well.

>

> >> Change the admin credentials on the Linksys. Change the private IP

> >> addressing scheme on the Linksys to something that isn't its default.

>

> > You lost me here. I looked and could not find these terms on the

> > router's online setup screen. Could you clarify please. Maybe someone

> > who has a Linksys router could direct me to where these settings are?

>

> I have no idea where they are - I just mean change the admin password. And

> I'd also change the LAN TCP/IP settings it's using from 192.168.1.0/24

> (that's from memory) to something else - like 172.16.1.0/24.

>

 

I'm still lost - I think. Not about the admin password, but about

changing the default "LAN TCP/IP settings it's using".

 

At this moment, I'm reading about static and dynamic IP addresses.

 

http://www.windowsnetworking.com/articles_tutorials/tcpip.html

 

I don't know if I know enough yet to articulate it for you, but here

goes:

 

My understanding, so far, is that I can change certain OTHER settings

(besides the SSID & admin password) on the router to my preference.

Currently, the router is set to "obtain IP addresses automatically",

and "Broadcast SSID" is enabled (per Linksys when they were helping me

wirelessly connect the laptop to the internet - I balked when they

told me to enable this because I'd read it was a security no-no, for

obvious reasons). But now I believe, to increase security, the setting

should be changed to "specify an IP address", so "Broadcast SSID" can

be disabled. I just haven't figured out how to choose _what_ address

to specify, what other adjustments need to be made (MAC filtering?)

and _where_ to make SOME of them on the router's online setup page

(which isn't even an https (secure!) page (why not?). I've Googled

"LAN TCP/IP settings Linksys WRT54G", trying to learn more. We live in

a rural area and I'm not sure disabling "Broadcast SSID" is even

necessary in our case.

 

Thanks for your patience.

Cheryl ( who was so sure this would be easier than it's turning out

to be... :-) )

>

> > Thank you very much for your help!

> > Cheryl

>

> Most welcome - hope it does help.

[Guest Lanwench [MVP - Exchange]]

Re: Remote Desktop and Security(!) on Private LAN

 

CT <CThompson.FL@gmail.com> wrote:

 

<snip>>

>

> I'm aware of this. BTW, I couldn't find a newsgroup titled

> 'microsoft.public.windows.security' .

 

Sorry - I meant microsoft.public.security. If you use msnews.microsoft.com

you'll easily be able to search for all groups containing the word

'security' or 'wireless' - etc.

>

>> For newsreaders, try Forte Agent, Thunderbird, or even Outlook

>> Express. The

>> Microsoft public news server is msnews.microsoft.com and you can

>> subscribe

>> to as many groups as you like; no authentication is required.

>>

>

> I've had Thunderbird and Lightning sitting on my desktop for two

> weeks. Was going to install them when I got sidelined by my private

> network issues (setting up - DONE; securing - IN PROGRESS; setting up

> Remote Desktop - IN PROGRESS)

 

Excellent.

 

<snip>

 

>>> We've used WPA since the router was set up over a year ago. Want to

>>> increase the security, so I'm currently working on finding out if my

>>> desktop's network adapter supports WPA2 - I know the laptop's does.

>>> Also looked athttp://www.grc.comfor a 64 character password.

>>

>> Use passphrases. I often use old Frank Sinatra song titles, complete

>> with

>> mixed case, punctuation, spaces.

>>

>

> Sounds easier and worth considering. I was told that all 64 spaces

> should be filled when creating a router pasword. Guess this needs

> further research by me, as well.

>

 

No, you don't need to fill in all the characters.

 

 

<snip>

>> I have no idea where they are - I just mean change the admin

>> password. And

>> I'd also change the LAN TCP/IP settings it's using from

>> 192.168.1.0/24 (that's from memory) to something else - like

>> 172.16.1.0/24.

>>

>

> I'm still lost - I think. Not about the admin password, but about

> changing the default "LAN TCP/IP settings it's using".

 

The WAN interface should be left as is.

It's using private IP addresses such as192.168.0.1 on the LAN, and I'm

suggesting you use a non-default private IP subnet.

> At this moment, I'm reading about static and dynamic IP addresses.

> http://www.windowsnetworking.com/articles_tutorials/tcpip.html

>

> I don't know if I know enough yet to articulate it for you, but here

> goes:

>

> My understanding, so far, is that I can change certain OTHER settings

> (besides the SSID & admin password) on the router to my preference.

> Currently, the router is set to "obtain IP addresses automatically",

 

That's on the WAN interface. And you should leave it that way unless you

have a static public IP from your ISP, which is unlikely.

>

> and "Broadcast SSID" is enabled (per Linksys when they were helping me

> wirelessly connect the laptop to the internet - I balked when they

> told me to enable this because I'd read it was a security no-no, for

> obvious reasons).

 

No, it's OK.

> But now I believe, to increase security, the setting

> should be changed to "specify an IP address",

 

No - again, you won't have Internet connectivity that way. The WAN and LAN

interfaces are different animals. And your LAN interface has to be a static

one. It can act as a DHCP server for devices on your network - but that's

not related to DHCP on the WAN interface, which is how you get a public IP

address from your cable/DSL modem.

> so "Broadcast SSID" can

> be disabled.

 

Not related, and you shouldn't......

 

I just haven't figured out how to choose _what_ address

> to specify, what other adjustments need to be made (MAC filtering?)

 

I don't use that. It's a pain, and MAC addresses can be spoofed/changed.

>

> and _where_ to make SOME of them on the router's online setup page

> (which isn't even an https (secure!) page (why not?).

 

Because you're accessing it from your LAN. If you were to open up remote

management you'd likely be required to use HTTPS.

> I've Googled

> "LAN TCP/IP settings Linksys WRT54G", trying to learn more.

> We live in

> a rural area

 

Not relevant to anything, I'm afraid, In fact, you may have a bigger chance

of having someone piggyback onto your wireless there than if you were in the

middle of Times Square.

> and I'm not sure disabling "Broadcast SSID" is even

> necessary in our case.

 

No - you should leave the SSID broadcast enabled. Windows wireless

networking won't work without it, AFAIK.(How was that for alliteration?)

>

> Thanks for your patience.

> Cheryl ( who was so sure this would be easier than it's turning out

> to be... :-) )

 

No problem. It *is* easy once you get a full understanding of what all the

different pieces are :-)

 

 

<snip>

[Guest CT]

Re: Remote Desktop and Security(!) on Private LAN

 

On Mar 12, 9:25 am, "Lanwench [MVP - Exchange]"

<lanwe...@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

 

 

Your post was _very_ helpful.

>

> No problem. It *is* easy once you get a full understanding of what all the

> different pieces are :-)

>

> <snip>

 

Yes, I'm finding this to be true. As I chug along (bugging everybody

in Usenet with questions), it IS making more sense and isn't as

complex as I thought. I'll soon be compiling all my notes into one

cohesive step-by-step How-To guide so the next go around will be a bit

smoother. Hopefully, in the future, I'll be able to guide someone else

and return the help that I've received here.

 

Thank you so much for being patient with me. You've been more than

kind.

 

Cheers!

Cheryl

[Guest Lanwench [MVP - Exchange]]

Re: Remote Desktop and Security(!) on Private LAN

 

CT <CThompson.FL@gmail.com> wrote:

> On Mar 12, 9:25 am, "Lanwench [MVP - Exchange]"

> <lanwe...@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>

>

> Your post was _very_ helpful.

 

I'm delighted to hear it :)

>

>>

>> No problem. It *is* easy once you get a full understanding of what

>> all the different pieces are :-)

>>

>> <snip>

>

> Yes, I'm finding this to be true. As I chug along (bugging everybody

> in Usenet with questions), it IS making more sense and isn't as

> complex as I thought. I'll soon be compiling all my notes into one

> cohesive step-by-step How-To guide so the next go around will be a bit

> smoother. Hopefully, in the future, I'll be able to guide someone else

> and return the help that I've received here.

>

> Thank you so much for being patient with me. You've been more than

> kind.

>

> Cheers!

> Cheryl

 

No worries - good luck getting all this sorted out. I think you're on a

roll.