15

I just got a tablet and I want to use it to RDP into my main computer. The thing is, the first thing I did when I set up my PC was to disable RDP. I am not comfortable, and have no use for, allowing RDP connections from outside my network.

I might be using the term network wrongly; I don't have any sort of network setup, just your standard commercial router.

I tried going into the firewall settings to try to limit port 3389 and I did not see any way to limit traffic by IP address.

I am using Windows 7 ultimate.

NULLZ
  • 11,426
  • 17
  • 77
  • 111
TheCatWhisperer
  • 406
  • 1
  • 5
  • 12
  • Is your goal to connect to your pc via your tablet from outside, or inside your local network? (From which side of the router?) – Brian Adkins Apr 23 '13 at 01:28
  • 1
    Did you look at Windows Firewall with advanced security? You can set up rules there for the three zones Domain, Public and private. In addition, i'd generally suggest blocking from the firewall/router (small ones are usually both) rather that on the PC. – NULLZ Apr 23 '13 at 01:41
  • @NotCodingCoder I just read the question a couple of times. I with Brian on this: I can't tell exactly what you are you trying to do. – Jeff Ferland Apr 24 '13 at 05:27

3 Answers3

21

The standard commercial router you mentioned do not allow any incoming connection from outside to the inside of the network. You need to specify allow the incoming connections through port forwarding. If you want to connect to the PC through the same network i.e. both tablet and PC are connection to the same local area network, you don't need to worry about outside users connection to the PC from the Internet since the NAT device (the router) won't allow it by default.

If you want to access the RDP from outside the network e.g. through the Internet, but want to restrict the access to specific IP address, I don't think the commercial router would be flexible enough for such a rule. However, you can accomplish this through your Windows firewall. In order to restrict RDP to specific IP addresses,

  1. Go to the control panel->Administrative Tools
  2. Windows Firewall with Advanced Settings
  3. Inbound Rules
  4. Remote Desktop (TCP-In)
  5. Go to the Properties->Scope tab
  6. Add the IP (or IP range) in the Remote IP addresses section

enter image description here

void_in
  • 5,541
  • 1
  • 20
  • 28
9

You should make sure that you are using RDP with the strongest encryption levels enabled. You should also consider using the built-in windows firewall (see how to set this up with advanced settings) or another firewall to only allow connections from your tablet. You can also ensure that your router doesn't allow the RDP port from the Internet.

Other options are to run RDP over SSH. You can do this with OpenSSH, or free for personal use in Tunnelier, which I have used in the past for secured RDP over SSH (free for home use). If you go over SSH you can then use certificates, which gives you a much higher level of security since its impractical to break the certificate key in addition to your password.

Eric G
  • 9,691
  • 4
  • 31
  • 58
0

Alternatively to void_in's answer, you could use an ACL (access control list) within your router to allow only a specific IP to connect to your 3389 port.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Francois Valiquette
  • 347
  • 2
  • 9