Remote Access / Firewall

[jimasher]

I would like to set-up remote access to my home network, via either Remote Desktop or tight VNC. I currently have a WRT54G router protected my network from the outside world. What free or opensource software can a run on either a PC or the router to securely only allow me access and yet still protect my network?

[frozenipaq]

I use UltraVNC and it's built-in encryption to make the connection secure. Since you are behind a router you will have to configure the port forwarding in the router to open up a port for your computer running the VNC server. In UltraVNC I manually set the port to 5900 and just went into my router settings and forwarded the port 5900 to my local IP address. After this is done, simply go to http://whatsmyip.org and use that IP address in the VNC viewer on your other device with the port of 5900. It's at this point that you can enter in a password to gain access to that computer (always have it password-protected, some programs won't allow you to operate it unless it's protected).

Use the following to test your setup: http://www.realvnc.com/cgi-bin/nettest.cgi (on your computer running the server)

[tehboris]

Don't ever ever ever expose a VNC service to the internet. Use a VPN.

^
Good advice.

Services like Logmein are options.

There are also low-cost SSL VPN routers these days which works pretty well as well.

[frozenipaq]

Quote:

Originally Posted by tehBoris

Don't ever ever ever expose a VNC service to the internet. Use a VPN.

A VPN is much harder to configure and most of the time (well when I've dealt with it) it's been used for remote file sharing and not desktop viewing. Rather than offering an alternative, I suggest you educate the user on ways to secure a VNC connection if he chooses to go that route or actually explain to him how to setup a VPN... I myself only use VNC in local networks and haven't granted it access online, but here are a few tips that will make your VNC connection more "secure" if connecting through the internet:

1) Choose a different port. Most VNC clients use the 5900 port and this is well known, so simply change the port to something else.
2) Have a secure password, that's a given
3) Choose your VNC program/client carefully. Some clients do not offer encryption services for the data that is being transmitted, so look for ones that do (RealVNC offers it with their paid software).

[jimasher]

I am familiar with both VNC and VPN. My real question, was can anybody recommend an intermiate firewall (that way I don't open a VNC port all the time). So that I would have to authenicate first, then and only then would the port be openned... Poorman's SecureID....

[tehboris]

Quote:

Originally Posted by FrozenIpaq

1) Choose a different port. Most VNC clients use the 5900 port and this is well known, so simply change the port to something else.

Security through obscurity = security fail

Quote:

Originally Posted by FrozenIpaq

2) Have a secure password, that's a given
3) Choose your VNC program/client carefully. Some clients do not offer encryption services for the data that is being transmitted, so look for ones that do (RealVNC offers it with their paid software).

A vulnerability in any client could defeats both of these steps.

A VPN is preferable as they are generally expected to be accessible from the Internet and are designed as such. Once a VPN has been configured it also allows for further use.

[frozenipaq]

Quote:

Originally Posted by jimasher

I am familiar with both VNC and VPN. My real question, was can anybody recommend an intermiate firewall (that way I don't open a VNC port all the time). So that I would have to authenicate first, then and only then would the port be openned... Poorman's SecureID....

I personally do not know of any programs that will allow you to do that, as the port would have to be open for you to communicate with that program (to authenticate it). I've taken the liberty to find a guide for you (I personally only connect within my own network so I've never dealt with VPN specifically but I'm familiar with Hamachi and it's a great program).

http://lifehacker.com/software/vnc/g...chi-228862.php

This way you can have a secure, encrypted VNC connection via VPN (both are at work here). This seems to be your best option

@tehBoris: Security through obscurity can be what you call "fail" but a lot of people implement this type of security (although not just this type, they have other methods on top of it like I suggested above - getting a client that encrypts the data). A vulnerability in either client would be bad, but that is why companies update their programs, if no vulnerability exists (none to my knowledge with RealVNC's encryption) then there's no reason to claim not to use it because of a potential vulnerability - that's like saying: Don't use windows, it could be vulnerable

[tokenuser]

VPN all the way.
You need a way to get through the firewall, and that should be secure.

[bingly]

Hey use SSH to secure your VNC connection.. It's quite easy, just google 'SSH VNC'.