Home Connectivity

My initial plan was to set up a garden variety VPN and run RDC over it. My home ADSL modem came with a suite of VPN functionality which seemed perfect for the task, but unfortunately proved too difficult to get working stably. PPTP consistently timed out after one minute -- no idea why. L2TP with IPSec worked, but for some reason couldn't handle RDC traffic. Major frustration, and in the end, it wasn't worth the time and effort to get going.

All I really needed was RDC, so could I run RDC by itself securely, without a VPN? Well the answer turned out to be yes, provided I beefed up RDC before I opened it up to the big bad internet. This guide does a great job listing all the things that need to be done to secure RDC for internet use. The caveat at the bottom of the guide caught my eye however. RDC uses encryption but doesn't have an authentication process to ensure you're connecting to the right computer. Basically RDC is vulnerable to man-in-the-middle attacks.

Well, being the paranoid security freak that I am, this wasn't good enough for me. I took the recommendation of the guide and looked into SSH. I found this article which describes how SSH protects against MITM attacks. Fortunately I also found the guide that I mentioned before on how to setup SSH on Windows for use with RDC. Quick, simple, secure, and with the public/private key option, very secure. Not only do I have to have the password (or passphrase) to get into my home network, I also need to have my private key in a file too, or my home workstation won't even talk to me. Very nice!

I'm happy to report the entire SSH setup works as expected too. I'm writing this post on my home workstation using RDC from across town. ;)

Post a comment