Broadband - Exchange
Login Scripts - Net Admin
Outlook - Windows Mobile
Windows
Email Access (both
inbound and outbound)
Remote Access to
Your Network (VPN etc)
With your network permanently connected to the Internet the opportunity to connect back to your own system from anywhere is a possibility. However there are risks involved. If you can connect to your machine from anywhere so can anyone else. That is why most corporate networks that have permanent connections only have limited access methods. You can minimise these risks by taking certain steps including the use of a firewall. However you will be limited on what you can do. Youwill have to decide what you want - access to your machine remotely with your data potentially exposed or your data safe but limited remote access.
Ways to Gain Remote Access.
There are lots of ways to gain remote access to your system. All of them involve opening ports in your firewall. Each of these ports becomes a potential security hole.
Some of these solutions may not work in a corporate environment (connecting to home from the office) as the ports have been blocked by the corporate firewall. You may have to ask the network admin nicely if he will open the port for you.
Remote Control Software
One of the easiest ways to get remote access. Use a package like pcAnywhere (expensive) or VNC (free but security issues). There is also the little known Remote Desktop Sharing feature of Microsoft's NetMeeting (more info).
To use any of the remote control software applications you will need to open the relevant ports. This is easy to find by simply putting the package and ports in to a search engine. Here are the port numbers of three applications mentioned.
| Package | Ports |
| pcAnywhere | 5631,5632 |
| NetMeeting* | 522, 389, 1503, 1720 and 1731 |
| VNC | 5800,5900 |
| RDP | 3389 |
See Microsoft Knowledgebase 158623 for more info
Terminal Services
If you are fortunate enough to have Windows 200x Server or Windows XP Professional, then you could use Terminal Services over Microsoft's Remote Desktop Protocol (RDP). The client software can be installed on any 32bit Windows operating system (Windows 9x, ME, NT4, 2k, XP etc). This protocol has been optimised to send the data over long distances and slower links. The author of this page has used it to successfully control a machine in New Zealand on dial up internet access from a system in the UK, a distance of over 9000 miles. You can also use a different screen size to the usual one, with the software adjusting the settings dynamically.
Web Page
If you just want to view information rather than actually interact with your machine then a web server might be the best option. This would allow you to store a personal start page or other pages. You can password protect your pages to stop other people looking at them. However web servers are very prone to external attacks. You can protect yourself from some automatic attacks by using a different port. However if you decide to use Microsoft IIS, then you should ensure that you have a fully patched system. You may want to use another web server such as Apache web server.
FTP Server
This is one of the most risky options that you can use, especially if you want to upload files to your home machine. Software pirates are constantly looking for ftp servers that are open for them to distribute their software. Unless you can secure it, not advisable.
VPN (Virtual Private Networking)
This potentially could be the best solution. However it can cause problems in itself. A virtual private network creates a network link in a private tunnel over the Internet to your machine. If set up correctly this can be very secure way to connect to your own system. Once you have made the connection you can then use any network application over the link, such as remote control software.
If you are not careful, it can create problems if you are connected to a corporate network at the same time (or are using their link to provide the connection to the Internet). You may find that you cannot connect to resources on the corporate network as your machine will be trying to connect to your home machine instead of the work systems. The corporate firewall may also restrict your access as a security measure.
Remote Control Services
With the growth in broadband and the increasing use of firewalls, services that allow you remote access to your machines without opening ports have become more common. These work by your machine at home making a connection to a remote server, then you login in to that remote server and the connection is made of the existing link. This means that you don't have to open ports on your firewall and exposing your network. Services include Log Me In (http://www.logmein.com/) and Go to My PC (http://www.gotomypc.com/). There are also services based on VNC, but these require your own server to host the proxy on.
Precautions
The best precaution you can take is not to expose the hole in your firewall. However if you want to have the connections, then you should look at restrictions to place on the firewall.
The best type of restriction is limitations by IP address.
If you are lucky enough to use a dial up ISP who still allocates you an IP address (static IP) instead of giving you a dynamic address, then you could restrict remote access to just that address. On most firewalls you should be able to enter an IP address to restrict traffic to.
Similarly, you may find that all traffic from your corporate network to the Internet goes through one machine (the gateway) and appears to the outside world as a single host. Grant that host access to your machine and trust that your work colleagues aren't closet hackers. To find out what address that your machine is presenting to the outside world as an address, use this page http://checkip.dyndns.org/.
With more sophisticated firewalls, you can log in to the firewall which will give you access for that session only. You can then run what apps you require and close the session. If you are looking for this kind of solution, then more research will be required.
If you cannot restrict by IP address, then you will have to rely on a combination of obscure port settings and strong username and password combinations to try and keep your system secure.
Whether you place any restrictions or not, then you should keep your machine up to date with the latest patches and updates from the manufacturer. There are also configuration guides on the Internet on how to configure your machine to be secure against people trying to break in to it. While you cannot always beat a determined cracker, you should try and make your machine or system tough enough for a casual cracker to give up and move on to an easier host.
Links:
pcAnywhere: Symantec: http://www.symantec.com/pcanywhere/Consumer/index.html
NetMeeting: http://www.microsoft.com/windows/netmeeting/default.asp
Port listings: http://www.networkice.com/advice/Exploits/Ports/or: http://www.sockets.com/services.htm
What IP are you announcing to the World: http://checkip.dyndns.org/
03/11/2007
Back to the Top
Contact Us - Advertise on amset.info
Broadband Index - Home Page
Broadband - Exchange - Login Scripts - Network Admin - Outlook - Windows Mobile - Windows
© Amset IT Solutions Ltd. 1998 - 2008. All rights reserved. Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions. All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned on this site. This site is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given.