0
0
I need to remote desktop into a machine from another network and as far as I know the two (simplest) solutions I have is either to use port forwarding, or hamachi (or something similar).
I assume, port forwarding would open the remote desktop to the entire internet, which could cause a threat. Is using hamachi in this use case a better solution?
Left Vertical
Posted 2016-11-12T19:30:31.253
Reputation: 11
1
The threats are equally big.
Both hamachi and Remote Desktop open up a port to the internet to connect to. Anyone who knows the right credentials can get in.
That said, most people don't know the right credentials, and both hamachi (which is basically VPN) and Remote Desktop are both very secure. If you want to add a layer of security to Remote Desktop, you can use the principle of Security by Obscurity. Basically you would use a different port than the standard port, and whenever you connect you include that new port. This only needs to be set at the router's place for port forwarding.
For example: Port 33389 forwards to your pc's ip and port 3389.
Now from any pc, you Remote Desktop to your public ip:33389. For example: 123.45.67.89:33389
Anyone who doesn't know the correct port will never know what is behind it. It is advised to make this new port any number you want as long as it is above 1023 as these are priviledged ports and have a special meaning. The ports above still have some commonly used ones, such as 3389 being the default for RDP. If you want to be totally safe, go above 10000. The highest number you can take is 65535.
A hacker who performs a portscan will scan the basic 1023 ports and optionally some common ports in the 1024-10000 section, such as 3389.
LPChip
Posted 2016-11-12T19:30:31.253
Reputation: 42 190
0
Both solutions are equally secure as regarding the protocol they use:
Logging in - both require entering name and password, and both encrypt these credentials during logon.
Both solutions encrypt all communications, the same as for VPN, so they are both not vulnerable to man-in-the-middle attacks.
Hamachi is less secure in one sense, as your credentials are stored on their server, so are only secure as long as they were not hacked or as long as they don't employ Snowden.
See these references :
Top 10 RDP Protocol Misconceptions – Part 1
Top 10 RDP Protocol Misconceptions – Part 2
How to Enable and Secure Remote Desktop on Windows
harrymc
Posted 2016-11-12T19:30:31.253
Reputation: 306 093
0
In case of Remote Desktop with forwarded port the attacker needs to win with Remote Desktop security only.
In case of Hamachi the attacker needs to win with its security first, then with Remote Desktop security (same as above) also.
Simple logic: the second attack must be at least as hard as the part of itself i.e. the first one. If you use independent credentials then the second attack will be harder.
However, the Hamachi method may be considered a threat because in case your Hamachi falls to the attacker, he or she may access other services (if any), unprotected by themselves, which you never intended to open to the public in the first place.
But if the case is about the Remote Desktop only, Hamachi will provide additional layer of protection which will improve security.
Kamil Maciorowski
Posted 2016-11-12T19:30:31.253
Reputation: 38 429