Suggestions for setting up remote VPN access into my home network

   / Suggestions for setting up remote VPN access into my home network
  • Thread Starter
#21  
Always wondered if having a VPN just draws attention to you. That would make the job of the inteligence community infinitely easier to find bad guys if they possibly can (and I can't for a minute believe they can't) watch and record your traffic.

This is a different use for a VPN. I’m not trying to hide my traffic. I just want to access things in my house when I’m away from home.
 
   / Suggestions for setting up remote VPN access into my home network
  • Thread Starter
#22  
I use the free Chrome Remote Desktop to access my computers remotely. Works great for my use, maybe it wouldn't for you?

I somehow missed this post. I have never heard of that product, either. I’ll put it on my list of things to check out.
 
   / Suggestions for setting up remote VPN access into my home network #23  
I have used Teamviewer for years. for remote access to other peoples computers to help them with problems. It can be set up with a password for unattended access I have been using Chrome remote for in house access to my own machines. No fuss, no muss and no VPN needed.
 
   / Suggestions for setting up remote VPN access into my home network
  • Thread Starter
#24  
I have used Teamviewer for years. for remote access to other peoples computers to help them with problems. It can be set up with a password for unattended access I have been using Chrome remote for in house access to my own machines. No fuss, no muss and no VPN needed.

I read about these products a little bit. It was very high level, and I didn’t see anything regarding the actual security involved.

Do they use any multi-factor authentication to control which specific devices can try to connect? Is there anything beyond a password to prevent a random person from connecting to my PC?
 
   / Suggestions for setting up remote VPN access into my home network #25  
I read about these products a little bit. It was very high level, and I didn’t see anything regarding the actual security involved.

Do they use any multi-factor authentication to control which specific devices can try to connect? Is there anything beyond a password to prevent a random person from connecting to my PC?

please make it clear you need a computer running 24/7 to use any of the RDP/Teamviewer options.

and no they don't use anything more then a password.
 
   / Suggestions for setting up remote VPN access into my home network #26  
With Chrome RD you have to first enable the specific device to be accessed remotely through the Chrome RD app on the actual device.

To access your computer remotely you have to be signed into your Google account* to see the list of devices that are available. The first time you access the remote computer from a new device you have to enter a Password. Lastly, assuming you have security on the remote computer, you have to enter the local login credentials.

*I have my Google account set up with a strong password and 2FA.
 
   / Suggestions for setting up remote VPN access into my home network #27  
and no they don't use anything more then a password.

As I mentioned, with Chrome you first need to be logged into the Google account associated with the remote computer. Google offers (and I strongly recommend) 2FA. So you need two sets of login names/passwords as well as access to the 2FA method.

I don't believe it would be possible to someone to randomly "find" your computer and access it with just a password using Chrome RD.
 
   / Suggestions for setting up remote VPN access into my home network #28  
I'm surprised your ISP allows incoming connections to the VPN. Most want their customers to be consumers only, not producers. Often you need to buy an added package that gets you a static IP address and they set their routers to allow incoming connections to it. If they're allowing it now they may not once they notice it or remodel their network. I'd also be surprised that an ISP is using public routable addresses for their customers.... every ISP and corporate network I have seen in the last 15 years uses unrouteable IP addrs internally.

Attackers (or rather their bots) regularly scan ISP's network spaces for open ports used by common remote access software. Then the bots try password after password until they get in. I've done forensics on a number of successful attacks done this way. A password that you can remember isn't good enough. A short random password isn't either.

As far as the VPN making you a target by an intelligence agency, that's true. The NSA records all encrypted traffic. Much of it they can't decrypt now, but they may be able to in the future. Of course the OP's use is different and if your threat model includes the NSA you have a whole different level of security to worry about than Chinese bots.
 
   / Suggestions for setting up remote VPN access into my home network
  • Thread Starter
#29  
I'm surprised your ISP allows incoming connections to the VPN. Most want their customers to be consumers only, not producers. Often you need to buy an added package that gets you a static IP address and they set their routers to allow incoming connections to it. If they're allowing it now they may not once they notice it or remodel their network. I'd also be surprised that an ISP is using public routable addresses for their customers.... every ISP and corporate network I have seen in the last 15 years uses unrouteable IP addrs internally.

Attackers (or rather their bots) regularly scan ISP's network spaces for open ports used by common remote access software. Then the bots try password after password until they get in. I've done forensics on a number of successful attacks done this way. A password that you can remember isn't good enough. A short random password isn't either.
I have never had a router that is owned by the ISP. I occasionally check my router log, and I always see externally generated traffic that is doing port scans. That’s part of the reason I prefer not to do any port forwarding. If the router has no idea what to do with the traffic, then I figure it probably can’t hurt me.

My next step is to reset the router back to factory defaults and reapply the latest firmware. I’ve been a little lazy about dedicating time for that.
 
   / Suggestions for setting up remote VPN access into my home network #30  
I read about these products a little bit. It was very high level, and I didn’t see anything regarding the actual security involved.

Do they use any multi-factor authentication to control which specific devices can try to connect? Is there anything beyond a password to prevent a random person from connecting to my PC?

They need to know a multi digit "username" and a password.
 
 
Top