Open Source Hotspot Manager Tools
Authentication Gateway - Captive Portal
Hotspot Manager Tools
- ChilliSpot (http://www.chillispot.org)
ChilliSpot is an open source captive portal or wireless LAN access point controller. It is used for authenticating users of a wireless LAN. It supports web based login which is today's standard for public HotSpots. Authentication, authorization and accounting (AAA) is handled by your favorite radius server.
- CoovaChilli, CoovaAP (http://coova.org)
CoovaChilli is an open-source software access controller for captive portal (UAM) and 802.1X access provisioning, based on the popular (but now defunct) ChilliSpot project, and is actively maintained by an original ChilliSpot contributor. CoovaChilli is released under the GNU General Public License (GPL). Contact us for commercial support and licensing options.
CoovaAP is an OpenWRT-based firmware designed especially for HotSpots. It comes with the CoovaChilli access controller built-in and makes it easily configurable.
- DD-WRT (http://www.dd-wrt.com)
DD-WRT is a firmware replacement you upload onto a supported wireless router. This changes your router's control panel and gives you many more features, including several hotspot solutions: Chillispot, NoCatSplash, WiFiDog, and Sputnik. You might also find a use for the other new features as well. For example, you could create a separate wired or wireless network for your private network with VLANs and multiple SSIDs.
- OpenWRT (https://openwrt.org/)
OpenWrt is an operating system / embedded operating system based on the Linux kernel, and primarily used on embedded devices to route network traffic. The main components are the Linux kernel, util-linux, uClibc and BusyBox. All components have been optimized for size, to be small enough for fitting into the limited storage and memory available in home routers.
Captive Portal
- Antamedia HotSpot Software (http://www.antamedia.com/hotspot/)
Antamedia HotSpot Software is a WiFi Hotspot billing software which helps you control and bill your customers for the Internet usage. HotSpot software is suitable for all purposes where customers should be redirected to the login page to sign in or pay for the Internet access. Upon the successful login, customer will see remaining time and bandwidth, browse the Internet until account expires, and refill the account when needed.
- AuthNat (http://authnat.sourceforge.net/)
Captive Portal to use with IPTables (with ip_set module). It's permit to control access from a sub-net to internet or to another sub-net. Uses unix account to validate users. It's an alternative to Natacl, Sphirewall, Zorp, Nocat, Nufw and others.
- Captivair (http://thorwifi.sourceforge.net/)
A captive portal system for administrators of public WiFi hotspots.
- EasyHotspot (http://easyhotspot.inov.asia)
EasyHotspot is an open source hotspot billing management system. It is a web based application created with PHP and MySQL. EasyHotspot aims to provide simple. easy to use, and less configuration billing management system.
- ezRADIUS (http://ezradius.sourceforge.net)
ezRADIUS is FreeRADIUS and Chillispot web-based management apps. It's easy, simple and expandable. The main aim is to provide radius server administrator a simple web-based management application. FreeRADIUS must configured to use MySQL as backend.
- Near Zero Administration Captive Portal (http://nzacp.sourceforge.net/)
The Near Zero Administration Captive Portal allows for hassle free provisioning of a free Hotspot whilst providing some failsafes from rouge usage.
- daloRADIUS (http://daloradius.com)
daloRADIUS is an advanced RADIUS web platform aimed at managing Hotspots and general-purpose ISP deployments. It features rich user management, graphical reporting, accounting, and integrates with GoogleMaps for geo-locating (GIS). daloRADIUS is written in PHP and JavaScript and utilizes a database abstraction layer which means that it supports many database systems, among them the popular MySQL, PostgreSQL, Sqlite, MsSQL, and many others.
- PacketFence (http://www.packetfence.org)
PacketFence is a network access control (NAC) system featuring a captive-portal for registration and remediation, wired and wireless management, 802.1X support, isolation of devices, integration with IDS; it can be used to secure networks from small to large.
- PepperSpot (http://pepperspot.sourceforge.net)
PepperSpot is a captive portal or wireless LAN access point controller which support the IPv6 protocol. It supports web based login and it supports Wireless Protected Access (WPA). Authentication is handled by your favorite radius server (over IPv4/IPv6)
- Opengate (http://www.cc.saga-u.ac.jp/opengate/index-e.html)
A Network User Authentication System for Public and Mobile Terminals - It is an authentication gateway (captive portal type) for open network. It is applicable to wireless lan(WLAN), wired lan, and public terminals
- RusRoute (http://www.rusroute.com/)
RusRoute is a router and firewall, Internet gateway for Windows, it is the ideal solution for making Internet gateway for local area network (LAN) of any firm, encountering and restriction of the traffic of users, protection against of network attacks with functions of NAT, redirect, dynamic shaper with conditional expressions, VPN server, proxy, LAN to VPN Bridge, DHCP servers, HTTP caches, HTTP to HTTP proxy converter, captive portal feature, timed action and Splitters for rules, with advanced routing options.
- WiFiDog (http://dev.wifidog.org/)
The WiFi Guard Dog project is a complete and embeddable captive portal solution for wireless community groups or individuals who wish to open free HotSpots while preventing abuse of their connection.
- Wifi Gateway (http://sourceforge.net/projects/wifi-gateway/)
Wifi-Gateway a un captive portal che permette l'accesso al network mediante vari metodi di autenticazione quali: CRS/CNS via IdPC, One-Time Password, Radius server, SMS ( tramite Skebby ). Il sistema a basato su CAS, NoCat e NoCatCAS.
- Wifiroute (http://wifiroute.sourceforge.net/)
Wifiroute is a system for providing authentication in a wireless/wired environment with prepaid cards and personal identification document scanning that complies with Italian anti-terrorism law.
- Untangle Gateway Platform (http://www.untangle.com/)
Untangle Gateway Platform is a Linux-based network gateway with pluggable modules for network applications.
- YFi Hotspot Manager (http://sourceforge.net/apps/trac/hotcakes/wiki/WikiStart, http://www.radiusdesk.com, http://coova.org/node/3205)
The next generation of YFi Hotspot Manager is now available and working
- Zeroshell (http://www.zeroshell.net/)
Zeroshell is a small Linux distribution for servers and embedded systems which aims to provide network services. As its name implies, its administration relies on a web-based graphical interface. There is no need to use a shell to administer and configure it. Zeroshell is available as Live CD and CompactFlash images, and VMware virtual machines.
Thứ Năm, 25 tháng 12, 2014
Open Source Applications
Here is a list of about 170 open source applications :)
infrastructure
Control remote stations
FreeNX http://freenx.berlios.de
TightVNC www.tightvnc.com
OpenSSH http://www.openssh.com
Asset management and inventory
GPLI www.glpiproject.org
OCS Inventory NG www.ocsinventoryng.org
Pulse 2 www.mandriva.com/fr/pro/pulse
Deployment and backup
Bacula www.bacula.org/fr
Puppet http://puppetlabs.com
high Availability
LinuxHA www.linuxha.org
LVS www.linuxvirtualserver.org
HAProxy http://haproxy.1wt.eu
Keepalived www.keepalived.org
security
http://aide.sourceforge.net HELP
ClamAV www.clamav.net
SNORT www.snort.org
OpenVAS www.openvas.org
WireShark www.wireshark.org
VPN
OpenVPN http://openvpn.net
OpenSwan www.openswan.org
firewalls
PF (Packet Filter) www.openbsd.org/faq/pf
netfilter www.netfilter.org
pfSense www.pfsense.org
Supervision and Metrology
Cacti www.cacti.net
Nagios www.nagios.org
Centreon www.centreon.com
Zabbix www.zabbix.com
OpenNMS www.opennms.org
Munin http://muninmonitoring.org
Linux & BSD operating system
Debian www.debian.org
Red Hat Enterprise Linux www.fr.redhat.com/products/rhel
Novell Suse Enterprise Linux www.suse.com
Ubuntu www.ubuntu.com
OpenBSD www.openbsd.org
FreeBSD www.freebsd.org
NetBSD www.netbsd.org
virtualization
Xen http://xen.org
OpenVZ www.openvz.org
KVM www.linuxkvm.org
Oracle VirtualBox www.virtualbox.org
VOIP / Telephony
Asterisk www.asterisk.org
Kamailio www.kamailio.org
Kannel www.kannel.org
Messaging, emailing & Groupware
Postfix www.postfix.org
Cyrus IMAPd www.cyrusimap.org
SpamAssassin http://spamassassin.apache.org
DSPAM www.nuclearelephant.com
Zimbra www.zimbra.com
www.horde.org Horde
Zarafa www.zarafa.com
OpenEMM www.openemm.org
http accelerator
Squid www.squidcache.org
Varnish www.varnishcache.org
other
CUPS www.cups.org
Samba www.samba.org
ProFTPD www.proftpd.org
bind www.isc.org/software/bind
Development and intermediate layers
Business Directory
389 directory server http://directory.fedoraproject.org
OpenLDAP www.openldap.org
Databases
MySQL www.mysql.fr
PostgreSQL www.postgresql.org
MongoDB http://www.mongodb.org
Redis http://redis.io
Cassandra http://cassandra.apache.org
BPM / Workflow
Bonita http://fr.bonitasoft.com
JPBM www.jboss.org/jbpm
Activiti www.activiti.org
Development Tools
Ant http://ant.apache.org
Phing www.phing.info/trac
Eclipse www.eclipse.org
MantisBT www.mantisbt.org
Maven http://maven.apache.org
Subversion http://subversion.apache.org
Git http://gitscm.com
Redmine www.redmine.org
Tuleap www.enalean.com/produits/tuleap
Tests & Continuous Integration
Continiuum http://continuum.apache.org
Jenkins / Hudson http://hudsonci.org
Selenium IDE http://seleniumhq.org/projects/ide
PMD http://pmd.sourceforge.net
BSE
Talend ESB http://fr.talend.com
mule www.mulesoft.org
Petals http://petals.ow2.org
Frameworks and libraries for Web Development
symfony www.symfonyproject.org
Zend Framework http://framework.zend.com
Spring www.springsource.org
GWT http://code.google.com/intl/frFR/webtoolkit
JQuery http://jquery.com
prototype www.prototypejs.org
Play! www.playframework.org
Django https://www.djangoproject.com
Ruby On Rails http://rubyonrails.org
Mobile Frameworks crossplatform
Titanium www.appcelerator.com
PhoneGap www.phonegap.com
Rhodes http://rhomobile.com
PKI
OpenCA www.openca.org
OpenSSL www.openssl.org
easyCA http://sourceforge.net/projects/easyca
EJBCA www.ejbca.org
Authentication, federation and identity management
www.jasig.org/cas CAS
LemonLDAP :: NG http://lemonldapng.org
OpenAM http://forgerock.com/openam.html
LinOTP www.linotp.org
Shibboleth http://shibboleth.internet2.edu
Tools for load testing
JMeter http://jakarta.apache.org/jmeter
Tsung http://tsung.erlangprojects.org
Search Engine
Lucene http://lucene.apache.org
Solr http://lucene.apache.org/solr
mnoGoSearch www.mnogosearch.org
OpenSearchServer www.opensearchserver.com
Http servers and application servers
JBoss AS www.jboss.org/jbossas
Tomcat http://tomcat.apache.org
GlassFish http://glassfish.java.net/fr
Apache http://httpd.apache.org
MOM & EAI
ActiveMQ http://activemq.apache.org
JORAM http://joram.ow2.org
other
Drools www.jboss.org/drools
ESIGate www.esigate.org
applications
CRM
OpenCRX www.opencrx.org
SugarCRM www.sugarcrm.com
VTiger www.vtiger.com
Intelligence: ETL
Talend www.talend.com
Pentaho Data Integration http://kettle.pentaho.com
Business Intelligence: Reporting
BIRT www.eclipse.org/birt
JasperReports / IReport http://jasperforge.org/project/ireport
Pentaho Report Designer http://reporting.pentaho.com
Intelligence: Suite
SpagoBI www.spagoworld.org
JasperSoft www.jaspersoft.com
Pentaho www.pentaho.com
Palo www.jedox.com/fr/produits/PaloSuiteApercu.html
ecommerce
Magento www.magentocommerce.com
Prestashop www.prestashop.com
Oxid www.oxidesales.com
RBS Change www.rbschange.fr
Drupal Commerce www.drupalcommerce.org
osCommerce www.oscommerce.com
ERP / PGI
Compiere www.compiere.com
ERP5 www.erp5.com
OFBiz http://ofbiz.apache.org
Openbravo www.openbravo.com
OpenERP www.openerp.com
CMS
Drupal www.drupal.org
eZ Publish www.ez.no
HippoCMS www.onehippo.com
Jahia www.jahia.com
Joomla www.joomla.org
SPIP www.spip.net
TYPO3 www.typo3.org
EDM & ECM
Alfresco www.alfresco.com
Nuxeo www.nuxeo.com
Knowledge Tree www.knowledgetree.com
Maarch www.maarch.com
Library & Documentation
Koha www.koha.org
PMB www.pmbservices.fr
portal
eXo Platform www.exoplatform.com
Silverpeas www.silverpeas.com
Liferay www.liferay.com
Social Networking Business
BuddyPress http://buddypress.org
Drupal Commons www.acquia.com
Elgg www.elgg.com
Liferay Social Office www.liferay.com
Blog, Wiki and Forum
DotClear http://fr.dotclear.org
PhpBB www.phpbb.com
TWiki http://twiki.org
XWiki www.xwiki.org
eLearning
Moodle http://moodle.org
Claroline www.claroline.net
Audience tracking
AWStats http://awstats.sourceforge.net
Piwik http://piwik.org
other
OpenX www.openx.com
LimeSurvey www.limesurvey.org
infrastructure
Control remote stations
FreeNX http://freenx.berlios.de
TightVNC www.tightvnc.com
OpenSSH http://www.openssh.com
Asset management and inventory
GPLI www.glpiproject.org
OCS Inventory NG www.ocsinventoryng.org
Pulse 2 www.mandriva.com/fr/pro/pulse
Deployment and backup
Bacula www.bacula.org/fr
Puppet http://puppetlabs.com
high Availability
LinuxHA www.linuxha.org
LVS www.linuxvirtualserver.org
HAProxy http://haproxy.1wt.eu
Keepalived www.keepalived.org
security
http://aide.sourceforge.net HELP
ClamAV www.clamav.net
SNORT www.snort.org
OpenVAS www.openvas.org
WireShark www.wireshark.org
VPN
OpenVPN http://openvpn.net
OpenSwan www.openswan.org
firewalls
PF (Packet Filter) www.openbsd.org/faq/pf
netfilter www.netfilter.org
pfSense www.pfsense.org
Supervision and Metrology
Cacti www.cacti.net
Nagios www.nagios.org
Centreon www.centreon.com
Zabbix www.zabbix.com
OpenNMS www.opennms.org
Munin http://muninmonitoring.org
Linux & BSD operating system
Debian www.debian.org
Red Hat Enterprise Linux www.fr.redhat.com/products/rhel
Novell Suse Enterprise Linux www.suse.com
Ubuntu www.ubuntu.com
OpenBSD www.openbsd.org
FreeBSD www.freebsd.org
NetBSD www.netbsd.org
virtualization
Xen http://xen.org
OpenVZ www.openvz.org
KVM www.linuxkvm.org
Oracle VirtualBox www.virtualbox.org
VOIP / Telephony
Asterisk www.asterisk.org
Kamailio www.kamailio.org
Kannel www.kannel.org
Messaging, emailing & Groupware
Postfix www.postfix.org
Cyrus IMAPd www.cyrusimap.org
SpamAssassin http://spamassassin.apache.org
DSPAM www.nuclearelephant.com
Zimbra www.zimbra.com
www.horde.org Horde
Zarafa www.zarafa.com
OpenEMM www.openemm.org
http accelerator
Squid www.squidcache.org
Varnish www.varnishcache.org
other
CUPS www.cups.org
Samba www.samba.org
ProFTPD www.proftpd.org
bind www.isc.org/software/bind
Development and intermediate layers
Business Directory
389 directory server http://directory.fedoraproject.org
OpenLDAP www.openldap.org
Databases
MySQL www.mysql.fr
PostgreSQL www.postgresql.org
MongoDB http://www.mongodb.org
Redis http://redis.io
Cassandra http://cassandra.apache.org
BPM / Workflow
Bonita http://fr.bonitasoft.com
JPBM www.jboss.org/jbpm
Activiti www.activiti.org
Development Tools
Ant http://ant.apache.org
Phing www.phing.info/trac
Eclipse www.eclipse.org
MantisBT www.mantisbt.org
Maven http://maven.apache.org
Subversion http://subversion.apache.org
Git http://gitscm.com
Redmine www.redmine.org
Tuleap www.enalean.com/produits/tuleap
Tests & Continuous Integration
Continiuum http://continuum.apache.org
Jenkins / Hudson http://hudsonci.org
Selenium IDE http://seleniumhq.org/projects/ide
PMD http://pmd.sourceforge.net
BSE
Talend ESB http://fr.talend.com
mule www.mulesoft.org
Petals http://petals.ow2.org
Frameworks and libraries for Web Development
symfony www.symfonyproject.org
Zend Framework http://framework.zend.com
Spring www.springsource.org
GWT http://code.google.com/intl/frFR/webtoolkit
JQuery http://jquery.com
prototype www.prototypejs.org
Play! www.playframework.org
Django https://www.djangoproject.com
Ruby On Rails http://rubyonrails.org
Mobile Frameworks crossplatform
Titanium www.appcelerator.com
PhoneGap www.phonegap.com
Rhodes http://rhomobile.com
PKI
OpenCA www.openca.org
OpenSSL www.openssl.org
easyCA http://sourceforge.net/projects/easyca
EJBCA www.ejbca.org
Authentication, federation and identity management
www.jasig.org/cas CAS
LemonLDAP :: NG http://lemonldapng.org
OpenAM http://forgerock.com/openam.html
LinOTP www.linotp.org
Shibboleth http://shibboleth.internet2.edu
Tools for load testing
JMeter http://jakarta.apache.org/jmeter
Tsung http://tsung.erlangprojects.org
Search Engine
Lucene http://lucene.apache.org
Solr http://lucene.apache.org/solr
mnoGoSearch www.mnogosearch.org
OpenSearchServer www.opensearchserver.com
Http servers and application servers
JBoss AS www.jboss.org/jbossas
Tomcat http://tomcat.apache.org
GlassFish http://glassfish.java.net/fr
Apache http://httpd.apache.org
MOM & EAI
ActiveMQ http://activemq.apache.org
JORAM http://joram.ow2.org
other
Drools www.jboss.org/drools
ESIGate www.esigate.org
applications
CRM
OpenCRX www.opencrx.org
SugarCRM www.sugarcrm.com
VTiger www.vtiger.com
Intelligence: ETL
Talend www.talend.com
Pentaho Data Integration http://kettle.pentaho.com
Business Intelligence: Reporting
BIRT www.eclipse.org/birt
JasperReports / IReport http://jasperforge.org/project/ireport
Pentaho Report Designer http://reporting.pentaho.com
Intelligence: Suite
SpagoBI www.spagoworld.org
JasperSoft www.jaspersoft.com
Pentaho www.pentaho.com
Palo www.jedox.com/fr/produits/PaloSuiteApercu.html
ecommerce
Magento www.magentocommerce.com
Prestashop www.prestashop.com
Oxid www.oxidesales.com
RBS Change www.rbschange.fr
Drupal Commerce www.drupalcommerce.org
osCommerce www.oscommerce.com
ERP / PGI
Compiere www.compiere.com
ERP5 www.erp5.com
OFBiz http://ofbiz.apache.org
Openbravo www.openbravo.com
OpenERP www.openerp.com
CMS
Drupal www.drupal.org
eZ Publish www.ez.no
HippoCMS www.onehippo.com
Jahia www.jahia.com
Joomla www.joomla.org
SPIP www.spip.net
TYPO3 www.typo3.org
EDM & ECM
Alfresco www.alfresco.com
Nuxeo www.nuxeo.com
Knowledge Tree www.knowledgetree.com
Maarch www.maarch.com
Library & Documentation
Koha www.koha.org
PMB www.pmbservices.fr
portal
eXo Platform www.exoplatform.com
Silverpeas www.silverpeas.com
Liferay www.liferay.com
Social Networking Business
BuddyPress http://buddypress.org
Drupal Commons www.acquia.com
Elgg www.elgg.com
Liferay Social Office www.liferay.com
Blog, Wiki and Forum
DotClear http://fr.dotclear.org
PhpBB www.phpbb.com
TWiki http://twiki.org
XWiki www.xwiki.org
eLearning
Moodle http://moodle.org
Claroline www.claroline.net
Audience tracking
AWStats http://awstats.sourceforge.net
Piwik http://piwik.org
other
OpenX www.openx.com
LimeSurvey www.limesurvey.org
Chủ Nhật, 15 tháng 6, 2014
Monitor connection on port by netstat
watch "netstat -an | grep ':443' | awk '{print \$5}' | sed s/'::ffff:'// | cut -d\":\" -f1 | sort | uniq -c"
Thứ Tư, 8 tháng 1, 2014
How to Enable and Secure Remote Desktop on Windows
How to Enable and Secure Remote Desktop on Windows
While there are many alternatives, Microsoft’s Remote Desktop is a perfectly viable option for accessing other computers, but it has to be properly secured. After recommended security measures are in place, Remote Desktop is a powerful tool for geeks to use and lets you avoid installing third party apps for this type of functionality.
This guide and the screenshots that accompany it are made for Windows 8.1. However, you should be able to follow this guide as long as you’re using one of these editions of Windows:
- Windows 8.1 Pro
- Windows 8.1 Enterprise
- Windows 8 Enterprise
- Windows 8 Pro
- Windows 7 Professional
- Windows 7 Enterprise
- Windows 7 Ultimate
- Windows Vista Business
- Windows Vista Ultimate
- Windows Vista Enterprise
- Windows XP Professional
Enabling Remote Desktop
First, we need to enable Remote Desktop and select which users have remote access to the computer. Hit Windows key + R to bring up a Run prompt, and type “sysdm.cpl.”
Another way to get to the same menu is to type “This PC” in your Start menu, right click “This PC” and go to Properties:
Either way will bring up this menu, where you need to click on the Remote tab:
Select “Allow remote connections to this computer” and the option below it, “Allow connections only from computers running Remote Desktop with Network Level Authentication.”
It’s not a necessity to require Network Level Authentication, but doing so makes your computer more secure by protecting you from Man in the Middle attacks. Systems even as old as Windows XP can connect to hosts with Network Level Authentication, so there’s no reason not to use it.
You may get a warning about your power options when you enable Remote Desktop:
If so, make sure you click the link to Power Options and configure your computer so it doesn’t fall asleep or hibernate. See our article on managing power settings if you need help.
Next, click “Select Users.”
Any accounts in the Administrators group will already have access. If you need to grant Remote Desktop access to any other users, just click “Add” and type in the usernames.
Click “Check Names” to verify the username is typed correctly and then click OK. Click OK on the System Properties window as well.
Securing Remote Desktop
Your computer is currently connectable via Remote Desktop (only on your local network if you’re behind a router), but there are some more settings we need to configure in order to achieve maximum security.
First, let’s address the obvious one. All of the users that you gave Remote Desktop access need to have strong passwords. There are a lot of bots constantly scanning the internet for vulnerable PCs running Remote Desktop, so don’t underestimate the importance of a strong password. Use more than eight characters (12+ is recommended) with numbers, lowercase and uppercase letters, and special characters.
Go to the Start menu or open a Run prompt (Windows Key + R) and type “secpol.msc” to open the Local Security Policy menu.
Once there, expand “Local Policies” and click on “User Rights Assignment.”
Double-click on the “Allow log on through Remote Desktop Services” policy listed on the right.
It’s our recommendation to remove both of the groups already listed in this window, Administrators and Remote Desktop Users. After that, click “Add User or Group” and manually add the users you’d like to grant Remote Desktop access to. This isn’t an essential step, but it gives you more power over which accounts get to use Remote Desktop. If, in the future, you make a new Administrator account for some reason and forget to put a strong password on it, you’re opening your computer up to hackers around the world if you never bothered removing the “Administrators” group from this screen.
Close the Local Security Policy window and open the Local Group Policy Editor by typing “gpedit.msc” into either a Run prompt or the Start menu.
When the Local Group Policy Editor opens, expand Computer Policy > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host, and then click on Security.
Double-click on any settings in this menu to change their values. The ones we recommend changing are:
Set client connection encryption level – Set this to High Level so your Remote Desktop sessions are secured with 128-bit encryption.
Require secure RPC communication – Set this to Enabled.
Require use of specific security layer for remote (RDP) connections – Set this to SSL (TLS 1.0).
Require user authentication for remote connections by using Network Level Authentication – Set this to Enabled.
Once those changes have been made, you can close the Local Group Policy Editor. The last security recommendation we have is to change the default port that Remote Desktop listens on. This is an optional step and is considered a security through obscurity practice, but the fact is that changing the default port number greatly decreases the amount of malicious connection attempts that your computer will receive. Your password and security settings need to make Remote Desktop invulnerable no matter what port it is listening on, but we might as well decrease the amount of connection attempts if we can.
Security through Obscurity: Changing the Default RDP Port
By default, Remote Desktop listens on port 3389. Pick a five digit number less than 65535 that you’d like to use for your custom Remote Desktop port number. With that number in mind, open up the Registry Editor by typing “regedit” into a Run prompt or the Start menu.
When the Registry Editor opens up, expand HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp > then double-click on “PortNumber” in the window on the right.
With the PortNumber registry key open, select “Decimal” on the right side of the window and then type your five digit number under “Value data” on the left.
Click OK and then close the Registry Editor.
Since we’ve changed the default port that Remote Desktop uses, we’ll need to configure Windows Firewall to accept incoming connections on that port. Go to the Start screen, search for “Windows Firewall” and click on it.
When Windows Firewall opens, click “Advanced Settings” on the left side of the window. Then right-click on “Inbound Rules” and choose “New Rule.”
The “New Inbound Rule Wizard” will pop up, select Port and click next. On the next screen, make sure TCP is selected and then enter the port number you chose earlier, and then click next. Click next two more times because the default values on the next couple pages will be fine. On the last page, select a name for this new rule, such as “Custom RDP port,” and then click finish.
Last Steps
Your computer should now be accessible on your local network, just specify either the IP address of the machine or the name of it, followed by a colon and the port number in both cases, like so:
To access your computer from outside your network, you’ll more than likely need to forward the port on your router. After that, your PC should be remotely accessible from any device that has a Remote Desktop client.
If you’re wondering how you can keep track of who is logging into your PC (and from where), you can open up Event Viewer to see.
Once you have Event Viewer opened, expand Applications and Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManger and then click Operational.
Click on any of the events in the right pane to see login information.
Đăng ký:
Nhận xét (Atom)