Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Security Best Practice: Blocking TeamViewer

Subscribe

Check Point Reference: SBP-2008-08
Date Published:
Severity:
Last Updated:
Source: SmartDefense Research Center
Protection Provided by: VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
VSX
  • NGX R65
InterSpect
  • NGX
Who is Vulnerable?
TeamViewer users
Vulnerability Description
TeamViewer is a cross-platform remote control application that allows the user to take complete control over a computer anywhere on the Internet, even through firewalls. TeamViewer also has file-sharing and chat capabilities.

The use of TeamViewer may circumvent the organizational security policy.

Vulnerability Details
Some organizations prefer to prevent their employees from using remote control applications, since many of these applications are prone to multiple vulnerabilities. Also, remote connections can potentially take up a lot of bandwidth, because these sessions transmit picture, mouse, and keyboard data from the remote computer. In addition, remote connections capabilities such as file transfer are a potential source of virus and worm infections.

Protection Overview
By enabling this protection, SmartDefense will block TeamViewer version 3.

In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Remote Control Applications > TeamViewer.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: TeamViewer
Attack Information: TeamViewer application connection attempt [over HTTP] detected

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Remote Control Applications.
2. Select the following:

TeamViewer

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: TeamViewer
Attack Information: TeamViewer application connection attempt [over HTTP] detected

VPN-1 VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Remote Control Applications > TeamViewer.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: TeamViewer
Attack Information: TeamViewer application connection attempt [over HTTP] detected

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > Remote Control Applications.
3. Select the following protection:

TeamViewer

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: TeamViewer
Attack Information: TeamViewer application connection attempt [over HTTP] detected