none
Forwarding Ports 80, 443, 4125: Risk(s)? RRS feed

  • Question

  • I got the message about 3389 - and RD-ing to my server isn't a big deal to me.     (although I seem tb able to do so by nesting two RDs: RD to one of the PCs on the home LAN via the WHS client, and then use that PC to RD to the server via the Remote Desktop application.... preseumably without any 3389 forwarding involved, since I have it turned off in the router)

    But RD-ing directly to other PCs on my home network from work has become quite appealing - allowing me to do all sorts of things from work during lunch break....

    Works like a champ.... And I'm the original "Kiss Of Death" when it comes to implementing stuff like this.

    Only hitch was that whatever WHS did to my router made Cisco's Clean Access Agent not want to allow my home PCs to connect to work.  No problem there:  I just swap my regular outer out for an old un-modified router..... three wires... about 20 seconds plus a minute or so for the replacment router to boot up and do whatever it has to do.



    But what about those other ports that I'm forwarding to the WHS box?   (80, 443, 4125)

    Am I exposing my system to The Bad Guys through any of those 3 ports?

    I'm guessing not bc the whole setup seems tb MS-Approved, but the consequences of my being wrong seem tb severe....
    • Edited by PeteCress Tuesday, August 4, 2009 8:20 PM
    Tuesday, August 4, 2009 5:35 PM

All replies

  • I got the message about 3389 - and RD-ing to my server isn't a big deal to me.     (although I seem tb able to do so by nesting two RDs: RD to one of the PCs on the home LAN via the WHS client, and then use that PC to RD to the server via the Remote Desktop application.... preseumably without any 3389 forwarding involved, since I have it turned off in the router)

    But RD-ing directly to other PCs on my home network from work has become quite appealing - allowing me to do all sorts of things from work during lunch break....

    Works like a champ.... And I'm the original "Kiss Of Death" when it comes to implementing stuff like this.

    Only hitch was that whatever WHS did to my router made Cisco's Clean Access Agent not want to allow my home PCs to connect to work.  No problem there:  I just swap my regular outer out for an old un-modified router..... three wires... about 20 seconds plus a minute or so for the replacment router to boot up and do whatever it has to do.



    But what about those other ports that I'm forwarding to the WHS box?   (80, 443, 4125)

    Am I exposing my system to The Bad Guys through any of those 3 ports?

    I'm guessing not bc the whole setup seems tb MS-Approved, but the consequences of my being wrong seem tb severe....
    If your server is on the internet, there is some level of risk involved (alhtough if you see my suggestions below, the risk should be kept to a minimum).  The only 100% foolproof way to secure your server is to not use Remote Access at all.

    Short of that, the best way to secure your server is to disable port 80 (one of the most common scanned ports) and use https://xxxxxxx.homeserver.com to logon to your server (plus keep your server up-to-date with the latest security patches).
    Wednesday, August 5, 2009 5:16 AM
    Moderator