Windows 10 pro Monitoring

[biob]

Hi

I’m about to give my daughter a PC. I’ve installed Windows 10 pro. Have created a standard user (my daughter) and an admin account(me).

i won’t to be able to use something like RDP to occasionally monitor her screen. Is this possible with RDP?

Also, any other recommendations for keeping my daughter safe online would be greatly appreciated.

 

[74R8477]

How old is your daughter? To be honest the worst thing to do is to monitor her all the time. Simple things like AdBlocker (to protect her from harmful ads) and maybe a firewall (see PfSense) on your router could be enough.

"Black Mirror Season 4: Arkangel" <-- for when you don't know what parental controls in the future might do 😅

Just make sure you talk to her about it, that she needs to be wary of the dangerous/strange stuff she can see online.

[Rkiver]

If you  insist on  monitoring,  something like https://veyon.io/ works well. Schools  use it, and  it can be passive or  active monitoring, 

 

But depending on age will  define a  lot of things,  left alone with the computer, or only can use it  in a family area. Filtering say  via OpenDNS free family and child filter (rather simple to use and works well), rather than full on active monitoring.

But more than anything else, communication is key.

 

[Dice]

A pop-up blocking a site ... will only make her curious and want to try that same site on another computer

[theUNK0WN]

On 7/3/2019 at 6:47 AM, Dice said:

A pop-up blocking a site ... will only make her curious and want to try that same site on another computer

Well, it depends on a lot of things honestly. Keep in mind OP is asking for advice about computer monitoring for his daughter. So, I would assume OP's daughter is on the young side. Not sure how young but I would assume young enough to not know things about scams, theft, gambling, twerking, drugs, etc.

If a popup gets blocked and she asks about it, just tell her (half) the truth - bad people trying to steal information. 🙃 Honestly, majority of popups nowadays are either scams/malware or nudity.

On topic, I don't think RDP will be useful in this case, since you can only view the session if the other user is signed-out. As suggested above, Veyon looks like a good tool to use but if you want to be a little inconspicuous, run a privileged msf session 😎

[articzebra]

It can be easy to form a reply which is biased towards your own preferences, beliefs, philosophies in examples like this and so I think all that stuff should be left out.
You can monitor someone pretty easily, especially if they use the same computer. In fact, it's probably the easiest thing to do when and if you share the computer. You could use something like TeamViewer which can be setup to be configured so to not require authentication upon logging into the machine. I'm not sure how far you can take TeamViewer in terms of discretion though, I think no matter what you do with TeamViewer the branded menu pops up at the bottom of the screen informing the user there is an incoming connection and then subsequently shows a connected session as well. The only alternative would be something like VNC whereby you can monitor what's going on much like TeamViewer but usually with reduced functionality. The only solution for something like this would be assuming total control over the system by means of installing a remote administration tool which has been specifically designed to be discrete and powerful. TeamViewer will work but it can easily be uninstalled, reconfigured and even blocked from connecting through the internet ie firewall rules etc. VNC would also work but again, if you're using a known branded product, the chances are, it's not going to be hidden away on the system which means more chance of your presence becoming visible. A RAT on the other hand will operate completely silently (if setup correctly) and will allow you to monitor and control users logged in on the system. It will also quite easily pick up passwords and anything else sent and received in clear text so then it becomes a question of whether knowing exactly what your daughter is saying or doing and why is actually acceptable in this instance. I mean, sure, monitoring someone for their own privacy and safety, especially your own kids is great but reading their incoming chat messages, knowing all their passwords, and potentially knowing their secrets? Yeah, that's probably not acceptable in any decent person's mind.

I can understand where you are coming from with the desire to watch her movements whilst she uses the computer but I would advise ensuring what you do does not go over the threshold for actions considered ethical and acceptable. I mean, if you wouldn't want this whole thing being blown out of proportion and thrown in a newspaper (not that it will happen but it's a wise idea to act based on what if such a situation could happen) it's probably a good idea to stick to something minimal and not completely instrusive and well, weird. I've read quite a few articles about family members, partners and so-called 'friends' going to ridiculous lengths to see what the other(s) are doing and it never looks good from an outside perspective. What you do now could come back to bite you in the ass and so self preservation and your goals with all this should be completely ironed out and make complete sense before committing to potentially invading the personal privacy of your daughter. Again, not that I'm saying that what you are asking about is wrong because hell, the fact that sites like this exist which show HOW EASY it is to exploit computer systems, to steal info, to manipulate people, to hack etc makes for implementing solid contingency plans and security frameworks. I just don't think most dads want to be THAT dad who goes THAT far, if you get what I mean? There is protecting your family and then being a control freak and potentially abusive and yeah, having studied counselling/therapy for quite a while; being able to assume control over the private lives of another person, be it family or friend or whoever, can be abusive if taken to the extremes.

That being said, securing her computer is completely acceptable in the context of providing basic security and privacy and the MORE secure it is I would argue, the more acceptable and commendable it is. You could start by ensuring all the software she is using is as safe and secure as it can be. That means removing Internet Explorer, Edge and all other browsers with obscene about of consistence security flaws. Ensuring she uses a VPN and that the VPN client is reliable. You could even configure the computer to connect automatically to a VPN server as apposed to not doing. Just the other day I was able to simulate a Flash Update on my lab version of Windows and then download a payload using IE as the first target to exploit and so talking about IE, and browsing, it's frightening how easy it is to take advantage and get into a system. Firefox is so much more secure and many of the simple stumbling blocks you find with IE and Edge for example just aren't there with Firefox. That being said, it's also A LOT more customizable and so you can mod Firefox to the point where it's a whole lot more safer and secure. Make sure all software is updated in general. Making sure the system is clean moreover is probably a good start which means ensuring it hasn't already been compromised or is easily a sitting duck and waiting to be compromised.

Here are a few good extensions you can get to add for Firefox just that little bit more security and privacy;
- NoScript Security Suite (when configured correctly will block ALL scripts on a website, even the ones which aren't potentially harmful. Yup it will BREAK a website if it has to and it won't load at all or will be completely messed up if NoScript is enabled but this is good because it means you can choose what scripts are running and from who, where and when. It's also installed on the Tor Bundle (or was) and so that says a lot about it's potential for increasing security and privacy

- HTTPS Everywhere (extension that pushes traffic through the encrypted HTTP protocol and can even be configured to ONLY accept traffic through HTTPS, which can admittedly break some sites which do not offer complete encryption but is well worth getting because it enforces a very important feature of web browsing to be active and in use at all times)

- AdBlock Plus/uBlock (Both amazing extensions for blocking pretty much ALL of the popups, malicious ads and even scripts and trackers found on the internet and have been around for a long time, especially AdBlock)

- Privacy Badger (another great extension for customizing what trackers are enabled on what site and combined with other extensions like AdBlock, Disconnect etc add even more layers of privacy potential)

- Disconnect (same as above, great extension for blocking and monitoring trackers on the web)

- Facebook Container (this will prevent Facebook from following you around the web and can be set so that the Facebook icon/beacon is not enabled on the sites you visit so it cannot identify that you visited the website upon which the icon/beacon was placed)

- LastPass (very popular password manager which can effortlessly store as many passwords as you can throw at it which makes securing them a lot easier and also you can forget them as you can easily log in and autofill them when visiting websites)

In certain version of Windows 10, especially the ones about the Home edition you can go into your Local Group Policies and enforce specific controls on the computer, either on a user basis or globally on the system; things like removing access to the registry, control panel, task manager etc can be done. Other settings like ensuring a password is of a certain length, disabling Microsoft account login, dialling up UAC to require credentials on every significant system change. Disabling and hiding the built-in Administrator account, enabling tampering mode in Windows Defender, configuring Windows Defender to be more strict and more aggressive. There are lots of options.

Also, you can use software to apply website blocks which work client-side which means so long as that program is running, it doesn't matter whether someone uses a VPN or not to attempt to bypass the limitations, they aint getting through. You can find lists of known sites to block and can download and then import them as necessary. Chances are, you won't be able to block them all and many people find ways to get through these filters. I can remember doing it quite easily at school many many years ago and that was industry level protection, meant for enterprises and education environments, not a worried dad trying to prevent his kid(s) from accessing the wrong sites.

You can take this as far and wide as you want. It all depends and why you want to do it which is of course your own story and you have your own reasons. Again, it's probably a good idea to think about this and work out both the pros and cons. Ultimately, you will no doubt end up falling back onto using a RAT or something very similiar to get the job done properly and many of the most popular variants have ALL the tools you could ever need to monitor someone/something/people and they are commonly used in a perfectly legal context in workplaces and closed environments for the purpose of protecting a network and it's vast amounts of users. You can also use them illegally too and if you wanted to piece together someones day to day life by merely tracking everything they do, everything they write, click, type, download, upload, install, uninstall etc.

As someone mentioned above, you could fall back on Metasploit and a reverse shell backdoor and perhaps follow up with a bind to ensure a level of persistence. You could also backdoor the computer before someone else uses it which will save you having to effectively social engineer your own daughter and/or compromise the system in the process. That being said, Metasploit payloads are well known to AVs these days and most can pick them out easily without much trouble if they are simply executed fresh from being compiled out of Metasploit. That may mean encoding, compression, encrypting and even modifying the actual source code itself to evade detection and so you are now playing a cat and mouse game with your own computer and it's antivirus solution. If you disable it and revert back to say Windows Defender you leave it open to being exploited for real by real bad guys. If you have a good AV your backdoor will no doubt inevitably get detected if it's like any that is generated with little to no aftermarket configuration and/or knowledge about AV evasion etc. So how do you get that thing onto your system without compromising the system itself in the first place? And without disabling a whole load of features and potentially leaving the system open to further backdoors from people who really are bad in intentions? I've found to get past Windows Security alone in a lab environment requires several laborious steps and often trial and error and experimentation to reduce the AV detection by as little as a few numbers and then to get it past Windows Security whilst ALL of it's critical features are enabled. I can get past it easily by disabling it but then again that's a lab environment and not a computer I would share with a potential daughter and so that's a big difference.

Anyway, there's my rambling and thoughts on the matter. Hope all that made sense. No one can tell you what to do. Just know your intentions and know the limits and at worst, imagine the worst case scenario and how it would impact you and the relationship with your daughter before committing to any decisions.