Remote Access Tools for CompTIA A+ 220-1102

RDP (Remote Desktop Protocol): Microsoft's protocol for remote desktop access to Windows computers. Port: TCP 3389 (and UDP 3389 for enhanced performance). Enables: full graphical desktop access, remote file transfer, remote printing, remote audio. Enable RDP: System Properties → Remote → Allow remote connections to this computer. Requires: user must be in the Remote Desktop Users group or be an administrator. Windows Home: cannot accept incoming RDP connections (can initiate outgoing). Windows Pro/Enterprise: can accept RDP. mstsc.exe: Remote Desktop Connection client (built into all Windows editions). Options: display resolution, local device redirection (printers, drives, clipboard), performance settings, RemoteApp. Security: RDP is frequently targeted by attackers. Best practices: use NLA (Network Level Authentication) — requires authentication before desktop loads (more efficient, more secure). Change default port from 3389. Use VPN and only allow RDP over VPN. Use strong passwords + MFA on RDP accounts. Restrict who can RDP (specific user groups). Enable RDP Gateway for internet-facing RDP.

SSH: encrypted protocol for command-line remote access. Primarily used for Linux/Unix/macOS servers. Port: TCP 22. Replaces insecure Telnet (port 23 — plaintext). Windows SSH: Windows 10/11 include an optional SSH client (OpenSSH) and server. Enable: Settings → Apps → Optional Features → Add a feature → OpenSSH Client / OpenSSH Server. SSH usage: `ssh username@hostname` or `ssh username@IP`. Key-based authentication: more secure than passwords. `ssh-keygen` generates a key pair. `ssh-copy-id user@host` copies public key to server. Private key remains on client — used to authenticate without typing a password. SSH tunnel (port forwarding): encrypts traffic for other protocols through an SSH tunnel. SCP (Secure Copy Protocol): `scp file.txt user@host:/path` — copies files over SSH. SFTP (SSH File Transfer Protocol): graphical or command-line FTP-like file transfer over SSH. FTPS ≠ SFTP: FTPS is FTP with TLS. SFTP is a completely different protocol over SSH.

VNC: cross-platform remote desktop protocol. Uses RFB (Remote Framebuffer) protocol. Port: TCP 5900 (first display), 5901, 5902, etc. (additional displays). Not native to Windows — requires VNC server software (RealVNC, TigerVNC, TightVNC, UltraVNC). Cross-platform: VNC clients and servers available for Windows, macOS, Linux, Android, iOS. Security: base VNC protocol has weak encryption — use SSH tunneling or VPN for secure VNC access. VNC server on macOS: macOS includes a built-in VNC server via Screen Sharing (System Preferences → Sharing → Screen Sharing). Third-party VNC viewers required on Windows to connect to macOS screen sharing. Use cases: non-Windows remote desktop (Linux/macOS), embedded systems with VNC server, cross-platform environments.

TeamViewer: popular commercial remote access tool. No firewall configuration needed (works through NAT/firewall via relay). Uses ID numbers instead of IP addresses. Encrypted with AES-256. Free for personal use; commercial license required for business. End user can share their session ID for unattended or attended support. Zoom Remote Control: participants in a Zoom meeting can request or grant remote control. Microsoft Quick Assist: built into Windows 10/11. Two users connect; one shares a code that the other enters. The helper then has remote control. Settings → Get help or search 'Quick Assist'. AnyDesk: lightweight alternative to TeamViewer. Remote Assistance (Windows): older Windows feature — user sends invitation file (RA file) or easy connect code; support takes control. Replaced by Quick Assist in modern Windows. Apple Screen Sharing / Remote Desktop: for macOS environments.

RDP attacks: brute force login attempts against exposed RDP (port 3389) are extremely common — many ransomware infections start via compromised RDP. Countermeasures: require MFA for RDP. Use VPN — only allow RDP from VPN IP range. Enable account lockout policy (5 failed attempts → lockout). Change RDP port (minor obscurity). RDP Gateway: Microsoft's secure gateway for RDP — acts as a HTTPS (port 443) proxy for RDP connections. Users authenticate to the gateway first; gateway relays to internal computers. Telnet: plaintext protocol (port 23) — never use for administration. Replace with SSH. Least privilege for remote accounts: service accounts used for automated access should have minimal permissions. Session recording: enterprise remote access tools should log and record sessions for audit. Remote desktop firewall rules: scope RDP rules to specific IP ranges (firewall → inbound → RDP → Scope: [specific IPs]).