Lockdown Remote Desktop

For a while, I was a brilliant human and exposed my 3389 port to the world (3389 == Default Remote Desktop Port). So what alternatives do you have to securing yourself while enabling remote desktop over the interwebs? There are 6 main ways to accomplish this:

1. VPN

You knew this one was coming, didn’t you? And this is not the most eloquent way to say this, but: if you don’t want STDs or kids, wrap it up. Now convert STDs to attackers on the internet and kids to the lifetime of un-recoverable data in some cases or things published to the world you didn’t initially intend to have published. But wait, how did that relate to a VPN? VPN is the condom, you are… the other part in the condom. Sincerest apologies for the analogy. The future bullet points won’t be so crude.

2. SSH Tunnel

Took me a long time to actually USE this method, but it is SO FREAKING EASY! Set up a server/ firewall/ switch to have port 22 exposed. Download and install Putty. Type in the port of your exposed SSH port. Before clicking anything else, expand Connection>SSH>Tunnels, then type in the source port field 3388. Destination type: where 192.x.x.x is the IP of the device you want to connect to, 3389 is the RDP port. Click Add.

Now go back to Session, make sure you have the ip address or domain you will connect to port 22 on. I’d recommend clicking “save” at this point so you don’t have to type all of that in again. Now click open and connect to your remote device. You DO have to log in!! Once you’ve logged in, just open remote desktop and type where 3388 is the port you chose in “source port” in the previous step. Congratulations, you’ve connected over an SSH tunnel.

3. Firewall

Firewalls are good stuffs. You can use the built in Windows Firewall, your network firewall (like PFSense), or something further out of bounds. Regardless of your choice, if you limit it to only the IPs you need, this is a fairly safe route as well. And while your at it with this one, why not add a custom rdp access port in there?

4. Alternative software

There are software utilities like RDSKnight out there that you could technically use to accomplish this same thing. It has a few more built in tools than just a firewall like Geo blocking, user restrictions, time restrictions, etc. Or maybe Teamviewer/ Screen Connect/ or some other utilities similar in function?

5. Two Step Authentication

Let’s say you do decide to leave yourself exposed. At least try something like Duo.

6. Don’t open it at all.

Admittedly, you don’t have to open it at all. At the end of the day, you do you!

The Importance of Data Security

Data security is as important now as it has ever been. People don’t realize how imperative it is, and lazy IT personnel don’t care enough to do it right from the beginning. I can’t tell you how many times I’ve been to a Doctor’s office only to see them walk away with their computer unlocked or a network attached storage hard drive array/ enclosure sitting out in the open behind the secretary’s desk. You can’t even begin to imagine how sick it makes me to see these things happen. And the doctor’s response when I point it out? “It’s encrypted”. Ah, okay, so the data at rest is encrypted? The traffic between computer to server is encrypted? And this encryption means that if I fell on the floor and sneakily plugged a flash drive in with malware to compromise your system or a keylogger that I wouldn’t have any useful data? Does this mean if the secretary ran to the restroom leaving the front area unattended that I could grab the NAS and run but I wouldn’t be able to access the data? I feel that at least 1 or 2 questions I just asked have an answer that rhymes with “no”.  This is the same with Equifax’s recent data breach. IT systems are just run and left running because they work. They aren’t reviewed properly and in many cases, finding the right tool to monitor important things is not always easy. Or the tool is there but it is not turned on. Or the tool could be used but produces so much overhead that it doesn’t get turned on at all. Breach after breach, we (as humans) just don’t take the time we should to secure our data.

As the IT for several companies, I do what I can to ensure we aren’t over-exposing our customers and we lock down anything we are able to in order to prevent breaches as much as possible. Hopefully the breach with Equifax will blow over as quickly as possible. Until then, do what you can to protect yourself!

One thing I didn’t see mentioned too well on the sites I was reading about this and “how to protect yourself” is that most banks offer a form of identity theft protection. I’d recommend you take advantage of it. For example, Members Preferred Credit Union offers it for just $1.95 a month (credit union in Idaho Falls).

CNBC Provides a decent infographic of what you can do to protect yourself:


To place a fraud alert, these are a couple of the sites you might use:



I’d tell you the one for Equifax, but I’m not feeling confident about entering data on any of their forms for some reason. Aside from the obvious large elephant in the room, I’m not sure why anyone would feel that way?

To find your current credit report on any of the 3 agencies, use the following (you should check this periodically anyways to stay in control of your finances) annualcreditreport.com.

Use links above at your own risk.

Surveillance Cameras & Software Reviews

Surveillance is becoming increasingly popular in households in the United States. I’m not actually basing that on stats online though. I take walks in the evenings and every other house has cameras. It’s definitely a new thing of the future. Cameras are getting cheaper and better. Software is becoming more available and more affordable. I’m just going to discuss quickly a few cameras and the software I’ve used as well as my thoughts on them. Let’s first discuss cameras.

The question to ask is “Digital/IP or Analog/Coax”?

Designed by Freepik
CCTV security camera in city of China.

The first system I bought for my house about 3 years ago was a LaView analog system for about $300 on Newegg that came with 4 bullet cams. Quite honestly compared to other cameras I’ve used in the past, I thought the quality was pretty amazing. Over time, I added cameras to fill up the 8 channel system. The quality is good for a basic home system. Not so good for catching the details. It records on a 3TB hard drive for about 2 years on high quality for each of the cams. The support for LaView is by far the worst I’ve experienced and I’d have to recommend against their brand simply for that reason. Today, the cameras are still running and I still like them. Occasionally the DVR stops recording but continues streaming live feeds so you don’t actually know until you want to look up video. Thankfully, the RTSP streams keep working during this time. How does that help exactly? The stream can be fed to a network recording software such as iSpy or Blue Iris. It gives you that redundancy over the cameras in case one of the systems fail. The software is also what you might use to record video streams from Digital/ IP cameras.

Let’s talk about Digital or IP Cameras. I started off purchasing ELP cameras (cheap Chinese versions) for about $30-40. They work and the quality is clearer than that of my LaView analog system, but due to the quality, the angle was not as wide as advertised and getting them to work initially was…. involved. I didn’t gain confidence in those cameras at first since I wasn’t recording to a dedicated machine. I later discovered it is really only capable of broadcasting a low and high quality stream. Once each of those two streams are attached to a recording device, another recording device cannot pick up the streams anymore. (IE: Surveillance software as well as a remote viewer for the camera) As of recently, I’ve purchased a 4MP camera for about $80. The quality of that camera when compared to the ELP cameras is outstanding. First of all, these guys have done AMAZING work at making the camera visible over the network. Second, I’ve had it connected to 3 systems simultaneously and the stream just doesn’t fail. It’s one of the most resilient cameras I’ve found so far within the home camera systems. As a matter of fact, it is always the first camera to connect to my software.

What software should I use?

Speaking purely in terms of home use, there were 3 major contenders in the race. There are many brands, but these were the ones I found to be affordable, easy to use, and reliable.

  1. iSpy | This software is free unless you want to have remote viewing enabled. I’ve used this software for probably 3-5 years now and it has been great for what I’ve needed.
    • Pros: It is free. There is a local viewing through a web browser (sometimes flaky). It seems to keep running. It has crashed a few times, but it restarts itself quickly. Supports many cameras. Ability to buy a subscription to get some additional features. Many options available.
    • Cons: The software can take a while to connect to all cameras (outside of the fact the cameras sometimes take time to connect). It’s updated regularly (seemingly too often actually) and new features are seldom added from what I’ve seen. There have been some minor interface changes, menus combined, lots of new cameras supported (all great things), but just no new face lift to the interface. I think their main focus is making it work online more so they can bring in cash flow through subscriptions (I don’t blame them). It takes a long time to get the settings tuned in just right to get the effect you are after. Sometimes video doesn’t record correctly and renders a corrupt recording file.
  2. Blue Iris | I am definitely not for paying software usually, so it took me a long time to actually test out this software. It is about $60-70 for a full license (no subscriptions thankfully). This is my new first choice.
    1. Pros: Fast, sleek looking, web interface for remote viewing, updated regularly, works with a wide range of cameras, lots of features, lightweight on computer resources, high quality recordings, user friendly GUI, 64 bit, inexpensive, great online documentation and user manual.
    2. Cons: No free version. The light edition only supports 1 camera or you buy the full version supporting 64 cameras. (A little more choice would be great on the pricing model). Support can be somewhat rude (check out the forums and the way the staff member responds to people). No viewing of AVI files through the software or while the file is being recorded. You have to use the native bvr format for easy playback.
  3. Milestone XProtect | Free for up to 12 cameras on a subscription license. Professional software. This would be my second choice. Crazy, I know, but their pricing model doesn’t feel solid. I feel they may attempt to change the plan to restrict what the “free users” get since it’s a subscription model.
    1. Pros: Fast, professional, clean, easy to use, automated, used in large corporations, supports up to 12 cameras with unlimited recording time.
    2. Cons: Expensive. Subscription license. Records to proprietary format that would require having the software to view it. “Lost connection” messages with the client, though it does seem to keep recording.

With the rising popularity of cameras in residential settings and the multitude of options, my personal recommendation would have to be Blue Iris on a dedicated computer with 4 Megapixel Digital IP Cameras. I wouldn’t recommend analog cameras as much anymore unless you want a cheap system to get a general idea of what is happening in an area. Even with the ELP cameras, I can get a license plate number which would be harder to achieve with analog cameras in the home price range. I personally wouldn’t spend a lot of money on a higher quality analog system since the way of the future is in the digital cameras.


Have you ever tried to open a can without a can opener? It’s at that very moment you realize the person that made a device to open metal cans is a genius while the guy that put it in a can in the first place without a pop top should be arrested immediately. WannaCry and it’s variants are very similar in this way. They created a phenomenal product to squeeze money out of people. Viruses, trojans, and other malware are not new to the PC world. They already cause issues for end users on a daily basis. Why not add a payment component to it?

With all that said, being in my position as the IT System Administrator for several companies, I have to ensure machines are protected with anti-malware, and that each workstation is updated. Thankfully, of all the machines we manage, not one device acquired WannaCry. The variations are inevitable and I cannot speak for those since they are likely being developed as I type this. It does feel good knowing we have the multi-layer security set up to prevent such a malicious attack like the one by WannaCry.

While I, as the IT Systems Administrator, feel the creators should be “arrested immediately” like the human who invented cans without pop top lids, I also think it is one of the most creative malware programs I’ve seen so far. This of course is not the first ransomware product to come out, but it is the first one to gain this much publicity.