Personal computing discussed

Moderators: renee, JustAnEngineer

Gerbil Team Leader
Posts: 263
Joined: Wed Mar 14, 2018 12:56 pm

Re: Remote management - what do I need?

Mon Mar 04, 2019 1:29 am

jihadjoe wrote:
Well OP already said that configuring the landlord's router is a no-go, which is why I suggested using LogMeIn Hamachi for the VPN-side. It's free for networks of up to 5 computers, and will basically do a secure VPN without the need for any port forwarding.

I feel the problem is if the current motherboard supports any out-of-band management interface at this point in time. If not, a new motherboard is required...
Gerbil First Class
Posts: 148
Joined: Wed Dec 14, 2016 8:29 am

Re: Remote management - what do I need?

Mon Mar 04, 2019 9:11 am

I would set up your home PC like a corporate laptop, i.e. encrypt the disk but don't make it a requirement for reboot. Make access via a "standard" login prompt (with a good username and password). Encrypting the disk is primarily to keep it safe from being physically removed and installed and accessed in another system. It's not stopping anyone who can get into your system remotely from stealing all your personal info.

If you can port forward and static IP assign your personal PC on the home router side (i.e. fix it at and port forward), you are 99.9% there.

I don't know how "bullet proof" reliable you want to make the connection, but I wouldn't worry about the dynamic IP WAN address, as I have found "dynamic" normally means it changes once every few years. Plus, it only happens during reboots to the hardware connecting to the ISP. This could be different for your condition, but if not, you (mostly) can control this timing, or at least monitor the IP value at each reboot, and change your config accordingly when it happens. You can pour 200 hours into getting a dynamic IP solution up and running, or spend 30 minutes every few years with a reconfig.
Minister of Gerbil Affairs
Posts: 2746
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)

Re: Remote management - what do I need?

Wed Mar 06, 2019 11:58 am

mikewinddale wrote:
a thief could just transplant my Ryzen CPU (and its fTPM) into their motherboard, or they could transplant a discrete TPM into their motherboard.

The TPM should detect a change like this and prevent bitlocker from decrypting. At least that's how it's supposed to work.

IIRC the TPM compares a hash of the OS (and hardware?) config from the last shutdown with what it sees this time and if it doesn't match it doesn't unlock. If you transplant your hard drive and TPM to another machine with a different OS install on it and try to access the bitlocker drive from the different OS you'll find it locked despite the TPM being present.

I can't remember if they would be able to boot your OS install on another mobo if they had both your TPM and OS install but that doesn't get them anywhere without being able to login to your windows account. If they tried to boot a windows password cracker (like OPH crack) or offline password reset tool the TPM would see the different OS wouldn't unlock so the tools wouldn't work. The pin is a useful extra layer of security but depending on who you're trying to protect against it might not be needed.

Also the BIOS power on password is a bit redundant with Bitlocker. I know it's an extra layer of security but it's not adding much beyond inconvenience given what you're trying to do.
Your mother ate my dog!

Who is online

Users browsing this forum: No registered users and 6 guests