Rdpwrap: Security concerns.

You'll need to open RDP port on router/modem to reach the destination computer.

Thanks. So if I open the default port 3389 the computer should be reachable, but how do I identify it? From within the LAN I can use the Computer's Name, but that certainly can not be unique, so how do I identify that I whish to connect to the specific computer?

You can give the computer a static lan address (192.168.1.10 or 10.0.0.10) in your modem/router config and set a simple host (rdphost) as for outside access you can run a dynamic IP update (afraid.org/noip/dnydns) create an easy to remember host for the dynamic IP

So, unless port 3389 is open and someone knows my "outside" IP address, my PC should be unreachable from the outside world, regarding RDP? My concern is really that somehow my PC might be exposed to the internet, which I do NOT want, hence the thread title "Security concerns." Also, how certain can we be of the implementation of rdpwrap, regarding some bug which might expose the PC?

So, unless port 3389 is open and someone knows my "outside" IP address, my PC should be unreachable from the outside world, regarding RDP?

Yes.

My concern is really that somehow my PC might be exposed to the internet, which I do NOT want, hence the thread title "Security concerns."

Since somebody doesn't know your login and password, it doesn't matter your PC is reachable via Internet or not.

Also, how certain can we be of the implementation of rdpwrap, regarding some bug which might expose the PC?

It's technically impossible to introduce such bugs, RDP Wrapper doesn't modify protocol or network packets.

Thank you for your thorough answer! Is there a way to log the rdp login attempts to my PC? Is there some log file or something like that?

Yes, each login try is logged into Windows Event Log.

Also see issue #108, it might be related.

You definitely DO NOT want to open port 3389 to the world. You are better off using ssh, perhaps from this project [1], with an authorized_keys entry that you KNOW is good (your own) while also disallowing password login of ssh. You should also restrict the remote IP address to ones that you know and trust if you can. The idea is to securely login, then do port forwarding from ssh to localhost port 3389 for RDP.

[1] https://github.com/PowerShell/Win32-OpenSSH/wiki

I would tend to agree with @affinityv with his comment. leaving port 3389 open is not good security protocol. If you do this you will be subjected to lots of port scans and attempted brute forcing. If you leave port 3389 open (which I wouldnt advise) at lease ensure you have very secure passwords on all RDP active users

My concern is really that somehow my PC might be exposed to the internet, which I do NOT want, hence the thread title "Security concerns."

Since somebody doesn't know your login and password, it doesn't matter your PC is reachable via Internet or not.

It matters. Login and password doesn't protects you fully. Bah. You should feel "naked" if you use login and password only. As RDPWrapper uses only binaries provided by M$ & RDP was proven to be very weak you might want to read the @affinityv answer or my suggestion based on your question, you are not well "educated" (no hard feelings) in security & IT so don't even touch that ground (3rd) or read about it and learn how & what can happen if you do that.