What is the appropriate way to access your server / computer in the office?
Someone recently set up port forwarding for RDP on his office computer, leaving the RDP port wide open to Internet, then he accesses the office computer via Remote Desktop Connection. Straightforward stuff. Technically this does work. Then only a few days later, the computer got hacked and locked by ransomware.
Maybe the password is too simple and weak. I know some people use ‘12345’ as password, some use ‘password’ as password. How can a hacker not hack you in such cases?
What I’m sure is that this approach should not be used. Your computer should not be exposed to Internet directly.
A better way is to set up VPN access. With VPN, you have a virtual network link between your office network and your remote computer. This link can be super secure, that is, if set up properly.
VPN can be complicated. That might be the reason some people would rather set up port forwarding for RDP. Depending on hardware, you may have to purchase vpn license, such as Cisco ASA.
Some routers and firewalls come with built-in vpn capability. However not all vpn technologies are equally great. For example, PPTP is an old vpn protocol, easy to configure; it is widely implemented, even on some home-grade routers. You may be tempted to use it, the problem is, it was proved to be insecure many years ago.
So, what vpn technologies to use? We recommend ssl as 1st choice, ipsec/ikev2 as 2nd. Both are secure, however the 2nd one sometimes gets blocked by ISPs between your office network and your remote computer.