Remote Desktops. Advice

[mtbparker]

With my brother's upgrade to a shiny new Pent-4 and my parents each getting new laptops within the last year, I'm quickly becoming the family's sysadmin. They're all trying to catch up to the modern era, and they look to me - the one with the computer science degree - to guide them. (And bail them out!)An idea occured to me as I was talking my brother through his latest problem, why not remote desktops for all of them? I've always perceived them as a gaping security hole. But my fear may be unfounded and they really could help me out.I've begun playing with Remote Administrator, TightVNC, and Windows Remote Assistance on my own computers to get a feel for them before I deploy anything to my family. I've been researching this topic. Googled it to death. And wanted to ask y'all what you thought. Preferences? Pros/Cons? Security Risks/Tips? Etc.Thanks,Tom

[SonicDragon]

I don't think the security risk is sooo large that you should stay away from using them in this situation. Especially if their remote desktop isn't enabled all the time. If you have them enable it only when they need help, that would be much safer.

[Peachy]

Remote Desktop is fairly secure. If you are using a firewall, make sure you let traffic through on port 3389.

[GolfProRM]

I use the windows remote assistance to work on my mom's computer all the time... it's not quite as nice as the standard Remote desktop, but it requires her to send me an invitation, so not just any hacker with a password guesser could access it. The other benefit is there's no IP lookup involved

[nlinecomputers]

I use NO-IP.com to setup a dynamic DNS URL and setup UltraUNC on the end unit. But I have it set off. All they have to do is click on the "Allow Nathan in" icon and stand back. When I'm done. I terminate the vnc server or if I forget it gets shut down on the next reboot. Simple and safe as it is not running all the time. Trying to walk My Dad or worse my sister through sending an invite was enough make me want to begin to bang my head on the wall.

[JackR]

Whether to use Remote Desktop (RTP) or a regular remote program might depend in the way you are using it, and who, or what is on the other side. RDT is more like an OS thing rather than an application.I use RDT between spots that I need to Connected to Repetitively for long periods of time, and on the other side there is someone who understands how it works. I would set it up, and insist that No one would touch the settings.Otherwise I use Ultr@VNC. Its provides: Remote Control, File Transfer, and Chat between LAN computers or over the Internet.It takes only few minutes to set it.For security purpose, and System's load reduction I want the remote out of the picture once the session is terminated. Ultra@VNC and few other VNC variants provide this capacity.In most cases, even if some one "played" with the system I still will be able to connect with VNC. You will find every thing you need in order to set it here: Ultr@VNC - Installation, and Settings.

[mtbparker]

In my continuing search for remote desktops, I ran across something that I don't understand. The new version of Remote Admin (v 2.2) claims:

Radmin Server 2.2 starts as a service and doesn't start as an application on Windows NT/2000/XP*, which improves security.

Can someone explain why a service is more secure than an application?Thanks,Tom

[chr1s]

I use Timbuktu pro for some remote desktop stuff. The main reasons I use it are because of the functionality it provides (setting up user accounts/ integration with Windows user accounts and different security levels for different users) and also speed - it's really fast! VNC has always been pretty slow when I've used it - not an issue over a LAN connection, but if you're connecting to remote PC's over slower connections I'd recommend trying a faster product - although you'll have to pay for Timbuktu and VNC is free (I use it on some of my systems).Chris

[Temmu]

services sit around listening for something to happen and when it does hear something, provide the service they were designed to do.applications rely on services do that too, but an app builds on the functionality of a service.UDP, for example, is the crappier end of tcp/ip; it spits packets.an app takes advantage of udp and may allow a program to update a file across a network, for example.services are no more secure than they were designed to be.an application may or may not be secure, depending on its author.

[mtbparker]

services are no more secure than they were designed to be.an application may or may not be secure, depending on its author.

This echos what I was thinking. In both cases it depends on the design, which tells me there's nothing advantageous to one way or the other. The claim by RAdmin piqued my curiosity -- making me wonder if Windows did something generic to all of its services to give them additional protection that an application doesn't get.From a "conop" (concept of operations) point of view, I like the application better. Both the application and service can be configured to startup automatically or require a manual start. But an application usually gives me a taskbar icon - that gentle reminder that the server is running.BTW, to everyone, thanks for all the input. Tom