Configuring a Network Computer for Remote Administration
You can use Windows' remote administration tools to work with remote computers from the comfort of your own PC. Remote administration tools mostly use the Remote Procedure Call (RPC) protocol to communicate with the remote computer. RPC enables a local computer to run a program on a remote computer. For this to happen successfully, you must configure an exception in the remote computer's firewall that allows RPC traffic.
Here are the steps to follow:
- In Windows 7, select Start and type command.
- Right-click Command Prompt, and then click Run as Administrator. The User Account Control dialog box appears.
- Enter your UAC credentials to open the Administrator command line.
- At the prompt, enter the following command:
netsh firewall set service type=remoteadmin mode=enable
Using Virtual Private Network Connections
In the remote connections you've seen so far, the security exists mostly at the connection point. That is, you set up usernames with strong passwords, and no one can access your dial-up or Remote Desktop connection without entering the correct logon data. This works well, but it doesn't do much for the actual data that's passed between the host and client. A malicious hacker might not be able to access your system directly, but he certainly can use a packet sniffer or similar technology to access your incoming and outgoing data. Because that data isn't encrypted, the hacker can easily read the contents of the packets.
What do you do, then, if you want to transfer secure data such as financial information or personnel files, but you love the simplicity of a dial-up connection? The answer is a triedand- true technology called virtual private networking (VPN), which offers secure access to a private network over a public connection, such as the Internet or a phone line. VPN is secure because it uses a technique called tunneling, which establishes a connection between two computers-a VPN server and a VPN client-using a specific port (such as port 1723). Control-connection packets are sent back and forth to maintain the connection between the two computers (to, in a sense, keep the tunnel open).
When it comes to sending the actual network data-sometimes called the payload-each network packet is encrypted and then encapsulated within a regular IP packet, which is then routed through the tunnel. Any hacker can see this IP packet traveling across the Internet, but even if he intercepts the packet and examines it, no harm is done because the content of the packet-the actual data-is encrypted. When the IP packet arrives on the other end of the tunnel, VPN decapsulates the network packet and then decrypts it to reveal the payload. (Which is part of the reason why VPN connections tend to be quite slow.)
Windows 7 comes with VPN client support built in and it uses two tunneling protocols:
- Point-to-Point Tunneling Protocol (PPTP)-This protocol is the most widely used in VPN setups. It was developed by Microsoft and is related to the Point-to-Point Protocol (PPP) that's commonly used to transport IP packets over the Internet. A separate protocol-Microsoft Point-to-Point Encryption (MPPE)-encrypts the network packets (IP, IPX, NetBEUI, or whatever). PPTP sets up the tunnel and encapsulates the encrypted network packets in an IP packet for transport across the tunnel.
- IP Security (IPSec)-This protocol encrypts the payload (IP packets only), sets up
the tunnel, and encapsulates the encrypted network packets in an IP packet for
transport across the tunnel.
NOTE: A third popular VPN protocol is Layer 2 Tunneling Protocol (L2TP), which goes beyond PPTP by allowing VPN connections over networks other than just the Internet (such as networks based on X.25, ATM, or Frame Relay). L2TP uses the encryption portion of IPSec to encrypt the network packets.
There are two main ways to use VPN:
- Via the Internet-In this case, you first connect to the Internet using any PPPbased dial-up or broadband connection. Then you connect to the VPN server to establish the VPN tunnel over the Internet.
- Via a dial-up connection-In this case, you first connect to the host computer using a regular dial-up connection. Then you connect to the VPN server to establish the VPN tunnel over the telephone network.
In this tutorial:
- Remote Network Connections
- Setting Up the Remote Computer as a Host
- Configuring Windows 7 or Vista to Act as a Remote Desktop Host
- Configuring a Windows Firewall Exception for Remote Desktop
- Activating the Remote Desktop Service
- Configuring XP to Act as a Remote Desktop Host
- Installing Remote Desktop on an XP Client Computer
- Connecting to the Remote Desktop
- Making an Advanced Connection
- Working with the Connection Bar
- Connecting to a Remote Desktop via the Internet
- Changing the Listening Port
- Configuring Windows Firewall
- Setting Up Port Forwarding
- Configuring a Network Computer for Remote Administration
- Configuring a Network Gateway for VPN
- Configuring the VPN Client
- Making the VPN Connection