Remote connection to a computer via Wi-Fi — an indispensable tool for working with files, configuring a system, or providing technical support remotely. However, not all users know that there are dozens of ways to organize such access, and not all of them are secure. In this article, we'll look at legitimate connection methods (from built-in tools) Windows We'll also tell you how to protect your device from unauthorized intrusion via a wireless network.
It's important to understand: remote access always carries risks. Even if you're setting up a connection for personal use, attackers can intercept traffic or exploit software vulnerabilities. Therefore, we'll pay special attention to security settings — from choosing strong passwords to using VPN and two-factor authentication. And if you plan to connect to a work PC, be sure to coordinate with your network administrator: many companies block remote access at the corporate level.
1. Built-in Windows tools: RDP (Remote Desktop Protocol)
RDP — the fastest and most stable way to connect to a computer running Windows Pro/Enterprise (In Home editions, this feature is only available for connecting to other PCs, not for receiving connections.) The protocol supports audio, clipboard, and even 3D acceleration, making it ideal for working with resource-intensive applications.
To activate remote desktop:
- 🖥️ On the target PC: open
Settings → System → Remote Desktopand turn on the slider. Write down the computer name (can be found inSettings → System → About). - 🔒 In the section
Additional optionsset the requirement Network Level Authentication (NLA) - this will protect against brute force attacks. - 🌐 On the connecting device: enter in the search bar
mstsc, run the utility and enter the IP address or computer name. Connecting from another network may require port forwarding on the router (port3389by default).
If RDP doesn't work over the internet, check:
- 🔌 Firewall settings: Is incoming traffic allowed on a port?
3389? - 📡 Router configuration: is the port forwarded to the local IP of the target PC?
- 🔄 Dynamic IP: If you don't have a static address, use services like No-IP or DynDNS.
⚠️ Attention: Port3389— a favorite target for hackers. Never open it online without VPN or at least changing the standard port to a non-standard one (for example,3390).
2. Remote access programs: TeamViewer, AnyDesk, Chrome Remote Desktop
If RDP is not available (for example, on Windows Home), third-party utilities come to the rescue. They operate through cloud servers, so they don't require router configuration, but they can limit data transfer speeds in free versions. Let's look at three of the most popular solutions:
| Program | Advantages | Flaws | Price |
|---|---|---|---|
| TeamViewer | Cross-platform, file transfer, chat, mobile support | Limitations in the free version for commercial use | From $50/month |
| AnyDesk | Low latency, high transfer speed, minimalistic interface | Less collaboration features (no built-in chat) | From $10.90/month |
| Chrome Remote Desktop | Free, integrated with your Google account, easy setup | Requires Chrome browser, limited security settings | For free |
For setup TeamViewer:
- Download the program from official website on both PCs.
- On the target computer in the section
Remote access managementSet a permanent password (do not use a temporary ID!). - On the connecting device, enter Partner ID and password.
Set a complex password (12+ characters)
Disable automatic program startup
Set up two-factor authentication
Update your software regularly
Restrict access by IP (in the program settings) -->
⚠️ Attention: In 2023, there were cases of account hacking recorded TeamViewer through data leaks. Always link the program to your account and enable it. two-step authentication.
3. Remote access via SSH (for Linux and Windows 10/11)
SSH (Secure Shell) is a protocol for secure computer management via the command line. It is indispensable for server administration or Raspberry Pi, but requires basic knowledge of how to work with the terminal. Windows 10/11 The SSH server is built into the system and can be used to connect. PuTTY or Windows Terminal.
To enable the SSH server on Windows:
- Open
Settings → Applications → Additional componentsand installOpenSSH server. - Start the service via PowerShell as administrator:
Start-Service sshdSet-Service -Name sshd -StartupType 'Automatic' - Check the connection from another PC:
ssh username@[IP address](replace
usernameto the username and[IP address]to a local or external IP).
For Linux (For example, Ubuntu):
- Install SSH server:
sudo apt update && sudo apt install openssh-server - Allow the port
22in the firewall:sudo ufw allow 22
How to generate SSH keys for a secure connection?
To generate keys, run the command ssh-keygen -t ed25519 on the client PC, then copy the public key to the server using the command ssh-copy-id user@hostThis will allow you to connect without entering a password, but using a cryptographic key pair, which is much more secure.
SSH over Wi-Fi is vulnerable to man-in-the-middle (MITM) attacks if you connect from public networks. Always use a VPN or change the default port 22 to a non-standard one (e.g., 2222).
4. VNC (Virtual Network Computing) for graphical interface
VNC allows you to control your computer with a graphical interface as if you were sitting in front of it. Unlike RDP, it works on all platforms (including macOS And Linux), but it requires more resources and is less secure. Popular implementations: TightVNC, RealVNC, UltraVNC.
Instructions for TightVNC:
- 📥 Download the server and client parts from official website.
- 🔧 On the target PC, run
TightVNC Serverand set a password in the settings (sectionSecurity). - 🌍 For internet access, forward the port
5900(or another one, if changed in the settings) on the router. - 🖱️ On the connecting PC, enter the IP address in
TightVNC Viewerand log in.
⚠️ Attention: VNC transmits data unencrypted by default. For security, configure SSH tunneling or use RealVNC with encryption enabled (optional) Encrypt network traffic).
5. Configuring the router for remote access
If you're connecting to your PC via the internet (not a local network), you'll need to configure your router. Here are the basic steps:
- 🔄 Port forwarding (Port Forwarding): Redirect external requests to the local IP of the target PC. For example, for RDP, this is the port
3389, for SSH —22. - 🏠 Static IP: If you have a dynamic IP, use services DDNS (For example, No-IP or built into the router).
- 🛡️ Security:
- Change the standard port to a non-standard one (eg.
3390instead of3389). - Restrict access by IP in the router settings (section
Firewall). - Turn it off
UPnP- This will eliminate the vulnerabilities of automatic port forwarding.
- Change the standard port to a non-standard one (eg.
Example of port forwarding for TP-Link:
- Open your router's control panel (usually
192.168.0.1or192.168.1.1). - Go to
Forwarding → Virtual Servers. - Add a rule: Specify an external port (eg.
3390), local IP of PC, local port (3389) and protocolTCP. - Save the settings and reboot the router.
6. Alternative methods: Wake-on-LAN and cloud services
If the computer is turned off but supports Wake-on-LAN (WoL), it can be "wake up" over the network. To do this:
- 🔌 Enable WoL in BIOS (option
Wake-on-LANorPCIe/PCI Power On). - 🖥️ In Windows: open
Device Manager → Network Adapters → Properties of your network card → Power Managementand enable all WoL related options. - 📱 To send a "magic packet", use applications like Wake On Lan (Android/iOS) or utility
wakeonlanV Linux.
Cloud services like Chrome Remote Desktop or Splashtop They eliminate the need to configure a router, but they rely on third-party servers. Their advantage is simplicity: just install an extension in your browser and log in with your Google account. The disadvantage is limited functionality in the free versions and potential risks of data leakage.
7. Troubleshooting common errors
If the connection does not work, check:
- 🔌 Network connection: ping to the target PC (
ping [IP]) should pass without losses. - 🔒 Firewall/Antivirus: Disable them temporarily to check if they are blocking your connection.
- 📡 Ports: make sure they are open (check through online services).
- 🔄 IP address: if you use DDNS, update it manually (sometimes the DNS cache gives outdated data).
Typical errors and solutions:
| Error | Cause | Solution |
|---|---|---|
Remote Desktop cannot connect. |
Port 3389 is closed or the IP is invalid. | Check port forwarding and static IP |
Authentication failed |
Incorrect login/password or NLA is disabled | Make sure NLA is enabled and the account has remote access rights. |
The network path was not found. (VNC/SSH) |
Blocked by a firewall or router | Add an exception to your firewall and check port forwarding. |
8. Security: How to protect remote access from hacking
Remote access is like an open door to your computer. To prevent it from being hacked:
- 🔐 Complex passwords: At least 12 characters with numbers, uppercase letters, and special characters. For SSH, use keys instead of passwords.
- 🛡️ Two-factor authentication (2FA): turn it on TeamViewer, AnyDesk and on the router.
- 🌐 VPN: connect via WireGuard or OpenVPNto encrypt traffic.
- 🔄 Updates: Regularly update your OS, router, and remote access software.
- 📡 Guest network: If you are connecting from a cafe/hotel, use mobile Internet or VPN.
Attackers often scan the internet for open RDP/SSH ports. According to ShodanIn 2026, more than 500,000 vulnerable devices with open port 3389 were discovered in Russia. Don't become one of the statistics!
⚠️ Attention: If you are setting up remote access for business, be sure to use corporate solutions like Microsoft Intune or CitrixThey provide centralized management, session auditing, and data leak protection.
FAQ: Frequently asked questions about remote access via Wi-Fi
Can I connect to my computer via Wi-Fi if it is turned off?
No, but you can turn it on remotely if your PC is configured to do so. Wake-on-LAN (WoL), and the router supports sending "magic packets" over the Internet. An alternative is to use devices like Raspberry Pi with a PC connected to them via USB (they consume little power and can "wake up" the main computer on command).
Which method is the most secure: RDP, VNC or SSH?
According to the level of security, the methods are ranked as follows:
- SSH with keys + VPN (maximum protection, but only for the command line).
- RDP with NLA + non-standard port + VPN (good balance between safety and convenience).
- VNC over SSH tunnel (less secure, but suitable for graphical interface).
- TeamViewer/AnyDesk without 2FA (convenient, but risky for critical data).
For home use, RDP with NLA enabled and a strong password is sufficient. For corporate tasks, be sure to use VPN And 2FA.
Why does the connection work on the local network but not over the Internet?
There are several reasons:
- The port on the router is not forwarded (check
Port Forwarding). - Dynamic IP has changed (use DDNS).
- The provider is blocking incoming connections (typical for mobile Internet).
- The firewall on your PC or router is blocking traffic.
For diagnostics, check the external IP (for example, on 2ip.ru) and try to connect through mobile Internet (if another channel is used).
Is it possible to control a computer from a phone?
Yes, the following will work for this:
- TeamViewer or AnyDesk (there are mobile apps for Android And iOS).
- Chrome Remote Desktop (works via browser).
- Microsoft Remote Desktop (for RDP, but only on Windows Pro).
- VNC Viewer (For example, RealVNC or bVNC).
On Android can also be used Termux to connect via SSH (requires command line knowledge).
How to restrict access by time or IP?
To restrict access:
- IN RDP: use Local Security Policy (
secpol.msc) →Local Policies → Assign User Rights→ limit the rightAllow logon through Remote Desktop Servicesby time. - IN TeamViewer: in your account settings, add
Trusted devicesand turn it onAccess confirmation. - On router: in the section
FirewallCreate a rule that allows connections only from specific IP addresses (for example, your home or work address).