How do i secure a computer that is connected to but does not access the internet?

It is connected for remote management purposes, like logging in from time to time to update some files, but it doesnt ever actively access the net. I'm the only one who accesses it or the network its on. I was hoping a router firewall would be enough but i'll have to open a port to do remote access, which from what ive read renders the computer vulnerable to anyone who finds it. My main concern that it might be targeted is that its part of a public display and someone might want to break in and post porn on it. What should i do?

 

So no one knows anything about securing computers?

 

How are you accessing the remote computer-http, telnet, ftp, You generally don't need to open a port for remote management; the connections are outgoing and there is no one listening on those ports. A NAT router should work, but you need to tell us more about your connections- You are accessing the internet unless this is all on a LAN.

 

I am considering logmein which i dont think i need to open ports on, but i wanted to keep RDP as a fallback which does require port forwarding. Wouldnt the computer im connecting to need to be listening for this? I'm not concerned about securing the connecting computer, i want to make sure the computers im connecting to, the ones that wont be accessing the net, are secure against someone hacking it over the net.

 

Is this a LAN, or do the computers you are connecting to have individual WAN IP addresses? Does the remote accessing computer directly connect to the internet (have a WAN IP address)? The computers you are connecting to generally need to open ports so you can connect-they act as servers (accept inbound connections). Not enough information.

 

Its RDP, you connect to it over the net to other computers connected to the net, i suppose in the conventional sense the computers im connected to would be regarded as a server, however RDP doesnt make this designation.

So i have

Client (my admin computer) -> internet -> remote computers' router -> remote computers

where each client has its own wan ip. They most likely will be networked together for simple file drops across all of them (instead of having to remote into each one), but i can disable that if necessary. The wireless router of course will have a strong wpa2-psk password, and the firewall will be enabled with a set of ports open for RDP. The only thing i specifically wont be doing is using software firewalls due to their resource consumption. What else can i do to secure this? Is this enough to protect against a determined hacker?

 

Hey there, I'm not at all experienced with handling networks, but may I suggest using group policies so you can remotely secure the computer, install or update software etc., stuff like that.

Not sure if your infrastrucutre supports this one tho, I'm just throwing ideas.