Need to research secure remote desktop to relative PC in other state

[sparkuss]

Hope this is the right forum, can Mods move please if not.

I need to research if there is a secure way to setup Remote Desktop access to my Mother (73yr old) Win7 X64 PC.

I can't keep her PC properly secure and functioning anymore over the phone.

I am behind both hardware and software firewalls. Her PC that I built for her is only behind a DSL modem but has the same software firewalls and AV I put on all my builds.

Can anyone start by letting me know if I can reasonably establish a secure Windows Remote Desktop with her or is this not safe enough without commercial level hardware/software?

If it is considered safe enough with SOHO/Consumer setup/protocols, can anyone point me to tech references to start researching?

I expect I will have to travel to her to set her PC up and maybe add a hardware firewall but I don't want to even try if it is too risky, knowing that I won't be able to control what she does after I set it up. If I can't control what she allows on her PC, does that automatically expose me in reverse with allowing Remote Desktop connections?

Thanks

 

[lxskllr]

Teamviewer or LogMeIn should work fine, and are easy to setup.

 

[Mushkins]

Most secure way for home equipment would be to purchase a pair of routers that support point to point VPNs. Set up a VPN between your network and hers, and then use regular old RDP to connect as if her PC was on your network.

If you just want a free and easy solution, teamviewer or logmein both work just fine. They both use at least some basic level of encryption, and do a good job of traversing NAT and bypassing firewalls without any special configuration. I'm sure you could walk her through installing LogMeIn over the phone.

 

[sparkuss]

Thanks for the advice.

I'm still researching products and pricing, plus whether to go there and finally lock down her PC to client mode. If I decide to travel, I'm leaning on the VPN route with dedicated router as she is not behind one yet.

Thanks

 

[AE-Ruffy]

Hamachi, made by logmein, creates a free vpn tunnel between sites. Then you can RDP network share, play lan games, Remote assistance without the need for additional software other than the hamachi app.

Alternative, OpenVPN setup, more complicated.

 

[ch33zw1z]

teamviewer. I use it with all my friends and family. first step before going to their house, as long as they have internet access, almost all problems can be resolved via teamviewer session.

I've even had people call me when they get phishing emails or pop-ups that look legit. I just remote in, and say thanks for calling me before clicking on that...close it for them via task manager or delete the email.

 

[PrincessFrosty]

It's fairly secure these days, you can just open the RDP port and simply set policy on the desktop so that only a custom admin account can connect, give that account a very strong password which she doesn't know, so can't possibly reveal.

You can select a more secure version of RDP over TLS to encrypt the connection, both server and clients need to support that, Win7 has all the up to date security for RDP so as long as you're not trying to connect from an XP machine or something very old it will be fine.

The security is really in the strength of the password, you want preferably at least 12 chars long, randomly picked.

 

[raf051888]

I would use a combination of TeamViewer and RDP. Teamviewer will allow you to see whats going on when she is logged in, and RDP will allow you to perform admin duties without her being able to interrupt. Adding a router is a good idea, and just forward the port for RDP. If you don't trust her installing things, don't forget about limiting her to a non-admin account.

 

[sparkuss]

Thanks all,

The basic problem right now is I can't trust that her computer isn't already compromised. Maybe not Malware but definitely some BHOs and other garbage.

I was trying to reset her Skype long distance, but her browser is already sending her to a page diff than the Skype homepage. I have an idea she has allowed MSN to hijack her FFox that I left her with.

I am thinking that her system isn't clean enough to try opening ports and allowing remote access unless I can get there and clean it all back up first. The more I try to clean over the phone the more she is going to expose or corrupt on her system.

Let me know if you agree before I try TeamViewer over the phone with her to at least start accessing her PC.

 

[lxskllr]

I see no harm in starting with Teamviewer. You can check the machine out, and if it isn't too bad, you can get it sorted remotely.

 

[sparkuss]

Well, I just read the entire TeamViewer manual. It looks pretty straightforward. I might try it this weekend.

And lastly, is the Teamviewer VPN the most secure TeamViewer option?

Again thanks for all the help

 

[PrincessFrosty]

If the issue is that you don't know if the PC is already compromised then this is all a moot issue, a compromised PC will tunnel out access to the attacker with ease.

The point is that security either way with RDP or Teamviewer isn't really any worse if you use a strong password and lock down the PC so the owner can't change that p/w.

You can configure teamviewer or the firewall in the case of RDP to reject connections from IP addresses other than your own external address, if you happen to have a static external IP. That's another fairly good layer of security.

 

[lxskllr]

VPN? I looked at their page, and didn't see anything that looked like that. I set the full client up on my mother's machine, and gave it a static password. I don't remember what it takes to do that. It was easy, but it may be a bit much for talking through it with mom over the phone. Just about everything's too much with my mother, and I find it's easier to do it myself, and just give her the most basic of instructions.

Using the QuickSupport package might be an easier start. Once you're in, you can download and configure the full client. My mother has Ubuntu, and I set the client to autostart when the machine boots, and I disabled the ability to close it. That way I can connect any time the machine's on, and it doesn't require giving instruction to my mother.

Which brings us to security. It's a potential security hole. You have an opening to the internet that could potentially be exploited. Keep the clients updated, and use a good password. Imo, the security gained by having a competent admin regularly accessing the machine outweighs the risk of having an available, but locked connection. Tell your mother not to give the login credentials to anyone, and you should be ok.

 

[Savatar]

I personally still use VNC (old-school)... run something like UltraVNC (with encrypted plugins to protect the traffic) on a non-standard port with good authentication... then set up port forwarding (for just your IPs) on your router and you're good to go. (alternatively you can use VNC through SSH-forwarding for an extra layer of security). VNC works with a separate server and client program, so if you don't have the server running there's no risk that the other end can control your device.

A traditional VPN might be harder to maintain properly if either end has a dynamic IP address. If the IP changes, someone on the remote end would have to tweak things to get it to work, whereas with the VNC solution you just tell them how to look up their IP from something like whatismyip.

I've not used TeamViewer before... can someone go over the pros/cons compared to the VNC solution proposed above?

 

[KeithP]

If I can't control what she allows on her PC, does that automatically expose me in reverse with allowing Remote Desktop connections?

If you use a remote access product that supports Linux, you could use it from inside a Linux virtual machine. You should be able to lock down the VM so that the host system (your main system) wouldn't be in danger of being compromised if that is what you are concerned about.

I suppose it would be possible to set her up in a Windows VM running under a Linux host. Then you could have remote access to the Linux system which would allow you to work on the Windows VM.

-KeithP

 

[Paperlantern]

Google Chrome remote desktop works for this. I use it relatively regularly to help with my Parent's PC. As long as your parents have a Google account they can start a session relatively easily, its just an add in for Chrome, extremely simple to install. Chrome runs on multiple platforms, and it works for all of them, so you can connect to the remote PC with any one you feel most comfortable.

 

[hextet]

I would use TeamViewer, and if you are worried about IP detection, you can use a VPN.

 

[Scarinx]

If you are worried about getting a virus from your moms pc why not use a virtual machine then use teamviewer or remote desktop to access her computer sort her shit out and patch it up.
Plus guy above he would waste his time hiding ip if they wanted it badly enough it would be not hard to get his location from his moms computer looking threw old emails facebook chats emails so ignore the above and concentrate in cleaning all the computers mentioned.
>Good luck OP