Is RDP in a local network a risk

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Larger Font Styles
    Guest:

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)

    /Steve.

greif

Member
Oct 30, 2020
8
4
I use Remote Desktop (yes, the highly vulnerable Windows RDP) to access other machines around the house, but I am wondering that if my router ends up being breached, I have now made it easy to get into my computers. My router has the newest firmware available.

What say you all, big risk or small?
 

PHolder

Well-known member
Sep 16, 2020
630
2
308
Ontario, Canada
If your router gets breached, then you have way bigger problems than your use of RDP. The safest configuration is with a proper firewall configured to not allow any outside source to pass packets into your network for services you don't want coming in (such as for RDP, SMB, etc.) If your router has a stateful packet inspection (SPI) firewall, then it's supplying you some protection with the default rules. If you're simply relying on NAT, that is some protection, but it's not foolproof, especially if UPnP is enabled.

The problem with a real firewall, is that it can be real work to setup and maintain. It is normally configured to block everything unless told otherwise. That can get to be a significant hassle, especially if you have devices in your network like a Playstation/XBox or media devices (Chromecast or Roku) or IoT devices. The proposal by Steve is to use multiple routers. Put your PCs behind a router and then your other devices behind a different router and put both routers into yet a third router. (He called this the Three Dumb Routers configuration... you can probably Google for it.) While this configuration will be fairly simple to set up and maintain, it will be potentially slower than just one router because there are more buffer bloat and slowish (for cheap routers) CPUs between your gear and your network.

The Ubiquity Edge Router-X is pretty cheap ($60US or so) for this purpose, and is well regarded by Steve. (I have concerns about their most recent behaviour when they suffered a breach and tried to cover it up, coverage of that elsewhere on the site.) One thing to note about these devices is they can really slow down network packets unless hardware assist is enabled, and it doesn't arrive enabled out of the box. Again, Google is your friend if you go that router. (Lots of YouTube videos about the ERX.)
 
  • Like
Reactions: SeanBZA