How to securely distribute the Internet from your phone so that no one can connect remotely?

G

George2020-04-22 09:55:39

System administration

George, 2020-04-22 09:55:39

Good afternoon.
Background:
Recently, he began working in an infectious diseases hospital as a system administrator, when quarantine was introduced - he had to move away from his family so as not to put them at risk.

Network status at the moment:
In the new "house" there is a system unit with windows 7, without a monitor and a laptop with ubuntu 16.04 I distribute the Internet from the phone -> the laptop catches it and distributes it to the system unit. I manage the system unit via RDP (remmina) through a laptop.

Essence of the question:
What can I do to make it impossible to connect via RDP to my system unit from the Internet? Remote control of the system unit from a laptop must be preserved, the Internet on the system unit is not essential.

Sad experience, what I'm afraid of:
At work, a senior programmer forwarded a port on the router in order to set up a server from home, the attackers took advantage of this and in just a few hours the server ceased to belong to us, they connected via RDP and archived all the information, leaving a text file demanding money for the archive password. I am afraid that my sistemnik will suffer the same fate.

Thanks in advance for your replies.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Drno, 2020-04-22
@RIBAdminio

You work as an IT specialist.... this information that you should know...
No one will connect to you, mobile phones have gray ip addresses. Ca n't connect to them.
How about the programmer, did they crack rdp? Was there a simple username/password?
There is protection against password brute force, it was necessary to configure it correctly
. In general, rdp usually does not open to the “world”, only through vpn

C

CityCat4, 2020-04-22
@CityCat4

I am afraid that my sistemnik will suffer the same fate.

This is part of the job of a system administrator - to know such things in cases where there is no dedicated information security specialist (and this is very common
) Your phone and tyrnet - NAT opsos.
2. to calm the paranoia, set up a rule on the bubuntu that blocks RDP from the wifi interface. You can generally send all requests to establish a connection "outside" to the garden.

At work, a senior programmer forwarded a port on the router in order to set up a server from home, attackers took advantage of this

Forgive me, Lord, a senior programmer should be sent to work as an orderly as a preventive measure. Let him wash the toilets for a week and take out the pots - it helps a lot in rethinking his importance in the world :) RDP is a favorite target of hackers and "kakers", and the latter are noticeably more than the former.
There is a VPN for remote access
To avoid such "situation" there should be a backup.

M

Maxim Ivanov, 2020-04-26
@mapazzzm

This is how non-trivially an ordinary enikey worker with zero knowledge calls himself a system administrator. No offense. Craving for knowledge - already excellent. I would look into the eyes of OK, who introduced the position of "senior programmer" to the state. Something tells me that he did not write any programs ...
ZY . To the kind colleagues who unsubscribed in the comments above, my respect. They answered all the questions, I repeat on my own - through the phone you are behind the provider's name, there is no reason to worry. As correctly advised - if you are worried, disable the checkbox in the properties of the system in remote access.