What are the best practices regarding data security on the internet when using QRemote?

QRemote can transfer data in an unencrypted fashion (plain text), or you can set up your encryption key to encrypt the data, which is preferable for transfer over the open internet.

QRemote, without modification, will transfer your QuickBooks accounting raw data, including customer names and invoice details, between the client and the server in an unencrypted fashion (plain text). This is the fastest way, but if your data is on the open internet and not already protected by a VPN or similar system, we highly recommend you add a layer of protection to the process by setting up your encryption key to encrypt the data during transmission.

QRemote has two data security features. 

1) Password - QRemote Server will verify the password sent by QRemote Client for authentication and will only allow connecting if the password specified in QRemote Server matches the password sent by QRemote Client. The default password is "QODBC#QRemote$1".

2) Encryption - This feature will add additional data security by encrypting the data before transferring the data over the internet. By default, Encryption is turned OFF. You may turn ON the encryption feature to encrypt the data transfer between QRemote Server and QRemote Client. For more information, click here.

General/Common for intranet and internet users:

• It is advisable to change the default QRemote Client and Server password. The default Encryption Key/Password is set "QODBC#QRemote$1."
• Never use standard/generic password/encryption keys such as P@ssw0rd, 123456789, Abc@123#, qwerty@123#, etc.
• The new password should be a complex/strong password. The password should be at least eight characters long and should contain an upper-case alphabet, a lower-case alphabet, a numeric and a Non-alphanumeric character (unique character): (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/) 
• Make sure you open port "4500" on the machine using the QRemote Server and Client.

For intranet (LAN) users

• Make sure you open port "4500" on the machine using the QRemote Server and Client for the local domain only.
• Ensure the internet router/firewall does not allow port forwarding of 4500 to any of your local machines.
• It is advisable to change the QRemote Server and Client password frequently. 

For internet (WAN) users:

• Make sure you open port "4500" on the machine using the QRemote Server and Client for local and public/private domains.
• Make sure the internet router/firewall does the port forwarding to the specified computer only.
• Configure your firewall or internet router to accept the incoming connection(s) from trusted IP Addresses or domains.
• Do not use the default password of QRemote Server and Client. Please change the default password to a complex password.
• It is highly recommended to change the QRemote Server and Client password frequently.
• Share the password of the QRemote Server only to the authorized person(s).
• It is recommended to enable Encryption. For more information, click here.

Also, refer to,

How to create or configure a QRemote DSN

How to turn On/Off Encryption on QRemote