Remote Desktop It is Easy and Free
Working from home

Remote Desktop It is Easy and Free

Remote Desktop is Free if One Uses the Windows Client

 

home

You need to work from home; Just enable Microsoft Remote Desktop on your PC at the office, open a port for (RDP) or (RDC) on your firewall. 

office

Install Microsoft Remote Desktop on your home PC, aim it at your office's IP address and your ready to go. This solution is free and easy. What more could you ask for?

thenoids

Rogue Nations thank you for your assistance - The Russian Federation, China, Iran, North Korea hackers have direct access to your PC. You locked down the PC with antivirus software, and Microsoft Security, You can trust that right?

weak link

Your Data is only as Safe as your Security is Strong - Your data may not seem like much to you, you just have business documents, some banking stuff, and records of sales. It's really no big deal. So what if the data is compromised.

Puttingyourcompanyatrisk

Windows Defender notes a virus - You clean the PC, and few days Pass. A little notice pops on your screen. "This system has been locked. It can be unlocked if you call this number and pay us "X" number of dollars in bitcoin."

servers

You can pay them the money if you like, but don't expect to get your data back. Often just one infected computer can take out the corporate network, or your clients, the banks. You will have to explain how productive Remote Desktop made you and how beneficial it was.

explain

Security affects us all, we do not operate our computers in isolation anymore. There are bad people out there. They love small businesses because we have fewer resources to fight off predators. They steal money from you and use your computers to steal from others.

chineesefailure

Even if the Worse happens, do not despair we cannot fail. We learn from our experiences, get backup up and try again. So if you have been nailed by a security breach, we are here to help you rebuild.

security

You can help by getting secure. We can help you do it right. We employ a Unified Threat Management Management system (UTM). Your internal, and external connections are secure along with all your computers.

Security

We will lock down all Aspects of your Business including Tablets and Phones. Nothing gets in or out of your systems without being scrutinized.

freedomtoworkfromanywhere

Managed Security is Freedom! In order for traffic to flow freely there must be rules of engagement. Read on for a recent ransomware case we just handled.

 
When using computer systems that are used on the internet there are inherent risks that cannot be seen by the operator of the computer. Many operating systems such as Microsoft Windows have built in firewalls and even a virus / malware scanner. With Microsoft bundling a security package one might believe there is nothing really to worry about. If a PC is on the internet, typically the internet service provider will filter some garbage, and your router / firewall a bit more. Hopefully your computer is on a firewall with all inbound ports blocked. Now your biggest liability is in what you download either in the form of files, or the web content itself. So with no further questions, we are safe. Well not really, one is never safe!
 
That sounds glum doesn’t it? Well as technical service providers, it is our job to look at glum and either eradicate it, or mitigate it as much as possible. Our business model is built around desktop support. In order to do that, we have to be good at disaster prevention, remediation and restoration. We use technology such as Antivirus scanners, Malware scanners, Ransomware prevention strategies, Unified Threat Management, and have backup solutions. We can never guarantee complete internet safety. Rarely can small businesses afford all the technology they require to be safe, so we do the best we can with what we have.
 
One of our clients who could not buy a firewall, and just has some old routers in place called with a virus alert from Windows Defender. (He uses Windows Desktop to access his PC’s at the office. He was sure the Windows, his ISP would keep bad things from happening.) We were not terribly worried about the alert, he gets them from time to time, and usually they are false positives. We immediately used out remote technology to get on his office PC where the alert came from, and got the details. We have two virus scanners on the office PC’s, one threw an alert, and the other did not. We notified the company who did not throw the alert and sent them the PC logs. Turned out we had a real bonafide virus. The virus was in a directory called bitcoin. Knowing our client the way we do, we were 90 percent sure he did not place bitcoin on his computer. There were a couple other directories on there as well with recent dates.
 
Next stop was the security logs. We found a user logging on who is not among our users. The logon times correspond to the times the directories we found were created. Next we checked the user manager on his servers, and the workstation that was compromised. The user name the attacker was using did not show up. Drop down to powershell and issue a net user command, the user shows up on the workstation. We did this on the server and the user did not. Best we can tell from the logs this user set himself up an account of ghostuser, and granted himself admin rights to at least the workstation. If you have Symantec endpoint virus protection, that is a user account that they use in their product. Typically this user being in your system is not a red flag in and of itself. When the you trace the IP of the attackers location to the Russian Federation. Then combine the user name with that ip, and the login times of the file creations, you have proven a bonafide security breach. This is likely ransomware related.
 
How could this happen? A typical router’s firewall does not look for odd behavior. The router’s firewall is just a gate, and this router is no exception. It has a few ports open for business applications. One such port is RDP 3389 which is the Remote Desktop port. By opening 3389 all traffic destined for his office and is tagged with 3389 as its destination is sent to the workstation at that address. The attacker then checks to see what services are turned on at the workstation. There are always a few, but one really easy to compromise service is RDP. So the attacker launches software that finds all the holes in the workstation that are available for him to make use of. With Windows firewall locked down tight, and the virus scanners working hard, there are ways to get around the workstation’s security. Microsoft can’t keep up with the people who love to exploit their services. Don’t worry, Mac and Linux are not fool proof either, we have seen them get exploited as well.
 
If you have been in the position of this client, don’t feel badly. It is human nature to only throw money at technology you can see and use right now. It’s easy to think “I will get to this later”, but later never comes. Please know that as assuredly day turns to night this can and will happen to you if your not prepared. This customer is not in a position right now to install a good security system. He agreed to allow us to close the RDP hole on his router, and set his remote workers up to use LogMeIn by Citrix. The software works, but video resolution bugs him it maxes at 1400×900 and his work PC has to be set to that. It has shortcomings. At least he has some security in the fact that there is one less path into his office network for evil people to travel down.
 
Once we had determined his office computer was the only thing compromised it’s time to backup the data. Wipe the hard drive, reinstall the OS, then his apps, then the virus scanners, then the data. Replace his router firewall with a Watchguard Unified Threat Management System. Add IpSec VPN to the Watchguard and every device that needs access to the office. This give allows safe use of Windows Desktop in an encrypted environment. They could shave the complexity and required support to maintain two computers per remote worker. With Watchguard VPN the remote workers can do all their work on their laptops securely from anywhere in the world just as though they are in the office. Even with mustiple virus / malware scanners and great UTM things still happen. You need a great business resumption and disaster recovery system tested and in place. We are short time away from offering a complete managed security and disaster recovery package, using state of the art equipment. For more information, please take a look at our Watchguard Unified Threat Management Solution which will be an integral part of the security and disaster recovery package.

 

Leave a Reply

* Checkbox GDPR is required

*

I agree

Close Menu
%d bloggers like this:
x Shield Logo
This Site Is Protected By
The Shield →