Securely setting up Remote Web Access on WHS 2011

J

jnick

2[H]4U
Joined
Sep 25, 2004
Messages
2,888
I just finished setting up WHS 2011 for my parents HT setup. It mainly acts as a backup/file server. I was intrigued by Remote Web Access and also figured since I will have to be the one to troubleshoot any issues they have, it would be great to set it up!

My only concern is the security behind this. How secure is it? Is it a matter of just enabling the feature, using strong passwords and enable forwarding in their router? Or is there other security measures that should be taken?

Any insight would be great!
 
jnick said:
I just finished setting up WHS 2011 for my parents HT setup. It mainly acts as a backup/file server. I was intrigued by Remote Web Access and also figured since I will have to be the one to troubleshoot any issues they have, it would be great to set it up!

My only concern is the security behind this. How secure is it? Is it a matter of just enabling the feature, using strong passwords and enable forwarding in their router? Or is there other security measures that should be taken?

Any insight would be great!
Click to expand...

vpn..
 
I would never expose something like that to the outside world via port forwarding or anything else.

Just install logmein or something similar on the WHS.
 
or lock the firewall rules down to you external IP and do port translation using a strange port on the outside.
 
Jay_oasis said:
or lock the firewall rules down to you external IP and do port translation using a strange port on the outside.
Click to expand...

You would still need to know the external IP of your router which I am guess the OP is not paying for a static so it can and will change from time to time. Plus a simple port scan would find the open port.
 
So the best bet would be to run something like Logmein or TeamViewer in service mode?

Also, I have their router setup for remote management in case they screw something up. I have it set to a random port that I created. Is this secure enough or should I turn this off as well?
 
To be honest I use TeamViewer. In fact I am using it now, logged into an XP VM at home from work.
 
If you just want to admin the computer, RDP would be the most logical choice. Be sure to select 'more secure authentication'. If you are paranoid, change the external port from 3389 to something else. VPN would be a nice choice but can be more complex to set up.
Remote Web Access opens up alot of services, aimed more at allowing multiple users access to documents and files stored on the server. It is very slick, but best practice calls for running the fewest services to accomplish the goal- thus RDP.
 
RocketTech said:
If you are paranoid, change the external port from 3389 to something else. .
Click to expand...

This is not a security measure. EVER. Security through obscurity is never a solution. 30 seconds with a port scanner and I will find your changed RDP port.
 
Obscurity is a security layer, but should not be the only layer. RDP with NLA is quite secure on its own.
If you want to get right down to it, nothing is absolutely secure as security is reactive- the best you can hope for is to slow the aggressor down enough to devalue the target. Encryption is not unbreakable, Firewalls are not impenatrable, IPS is not infallible.
Why do members need to take a perfectly valid piece of advice in the context given and quote axiomatic catch phrases?

And, BTW, I accept your challenge- let me know when to start the clock.
 
You must log in or register to reply here.
Back
Top