none
The best and most secure way to connect

    Question

  • Hello,

    I am going to implement Windows 2012 at home.  It will not be part of domain.

    I want to be able to connect externally to this server when needed. I have basic firewall. I should be able to configure forwarding.

    Everything should be configured on the Windows 2012 server. What would be the best way to do this?

    Thank you.


    Thank you. Eric.

    Friday, November 01, 2013 1:22 AM

Answers

  • 'best and most secure'  - only turn the machine on when you want to access it. 

    'everything should be configured on the Windows 2012 Server' - that goes against your request for best and most secure.  You have to make use of settings on an external firewall if you want a 'most secure' environment.

    You do not say what sort of access you want to allow, and there is a big difference between setting it up as a web server compared to setting it up for general access.

    You can create a PKI key on the machine and export it to your remote device from which you are going to access it.  Then use a VPN connection, or even RDP at this time, requiring a secure handshake using the key.  Then only devices that have that key installed would have access to your home system.  The mechanics of setting that up are more than can be covered in a forum.  If you go to a security forum, you will most likely find all sorts of pointers for articles to help you on this.

    But the first thing you are going to need to do is define very specifically what you mean by 'best and most secure' and for what purposes.


    .:|:.:|:. tim

    Friday, November 01, 2013 1:49 PM
  • Not the most secure method but it sounds like a test environment,  unless you are trying to keep the NSA out, just forward 3389 to the server and on the server enable remote access on server and make sure you have windows firewall configured to allow RDP. If your not running a domain it's basically a workstation anyway. Once you start to understand you can look deeper to making it more secure. Most companies use RDP in some form to access their servers, Make sure you use a password other than "password1" for all your user accounts.

    Friday, November 01, 2013 3:48 PM
  • There is always a 'more secure' way to do it.  It simply depends on how much effort you want to put into it.  Given what you have described, I would go with what Darren suggested.  Anything more - test on the environment you set up.  Security is not a one-liner type of answer.  And it is impossible to answer how to implement it until you define what it is that you are trying to protect against, because every access point requires different protection.  Certificates may be overkill for some environments, but not enough for others.  Simple firewall rules may be fine for some environments, but not enough for others.

    .:|:.:|:. tim

    Friday, November 01, 2013 6:42 PM

All replies

  • 'best and most secure'  - only turn the machine on when you want to access it. 

    'everything should be configured on the Windows 2012 Server' - that goes against your request for best and most secure.  You have to make use of settings on an external firewall if you want a 'most secure' environment.

    You do not say what sort of access you want to allow, and there is a big difference between setting it up as a web server compared to setting it up for general access.

    You can create a PKI key on the machine and export it to your remote device from which you are going to access it.  Then use a VPN connection, or even RDP at this time, requiring a secure handshake using the key.  Then only devices that have that key installed would have access to your home system.  The mechanics of setting that up are more than can be covered in a forum.  If you go to a security forum, you will most likely find all sorts of pointers for articles to help you on this.

    But the first thing you are going to need to do is define very specifically what you mean by 'best and most secure' and for what purposes.


    .:|:.:|:. tim

    Friday, November 01, 2013 1:49 PM
  • You are right, I did not specify my requirements.

    I want to be able to connect to desktop to run some programs and tests when I am away from home.

    I did not work with certificates much, so if you can tell me how to set it up using PKI key, this would be great.

    Anything better than PKI key or is this the best solution for me?

    Thank you.


    Thank you. Eric.

    Friday, November 01, 2013 2:11 PM
  • Not the most secure method but it sounds like a test environment,  unless you are trying to keep the NSA out, just forward 3389 to the server and on the server enable remote access on server and make sure you have windows firewall configured to allow RDP. If your not running a domain it's basically a workstation anyway. Once you start to understand you can look deeper to making it more secure. Most companies use RDP in some form to access their servers, Make sure you use a password other than "password1" for all your user accounts.

    Friday, November 01, 2013 3:48 PM
  • Thank you for your reply.

    Yes, this is the test environment and this is exactly how I have it setup now.  I just want to know if there is a better and more secure way to do this.

    Thank you.


    Thank you. Eric.

    Friday, November 01, 2013 3:53 PM
  • There is always a 'more secure' way to do it.  It simply depends on how much effort you want to put into it.  Given what you have described, I would go with what Darren suggested.  Anything more - test on the environment you set up.  Security is not a one-liner type of answer.  And it is impossible to answer how to implement it until you define what it is that you are trying to protect against, because every access point requires different protection.  Certificates may be overkill for some environments, but not enough for others.  Simple firewall rules may be fine for some environments, but not enough for others.

    .:|:.:|:. tim

    Friday, November 01, 2013 6:42 PM