TeamViewer是一款用于通过计算机进行在线会议、网络会议、文件和桌面共享的应用程序。TeamViewer主要以其远程控制(Remote Control)共享功能而闻名。这允许用户通过其他计算机屏幕进行远程访问。两个用户可以通过所有控件访问彼此的计算机。
此远程管理和会议应用程序适用于几乎所有操作系统,即Windows、iOS、Linux、Blackberry等。此应用程序的主要重点是访问和授予对他人计算机的控制权。还包括演示和会议功能。
由于TeamViewer对计算机进行在线控制,您可能会怀疑它的安全功能。不用担心,TeamViewer(Well)带有(TeamViewer)基于 2048 位RSA的加密、密钥交换和双因素身份验证。如果检测到任何异常登录或访问,它还会强制执行密码重置选项。
如何在您的网络上阻止 TeamViewer(How to Block TeamViewer on your Network)
尽管如此,您可能还是想从您的网络中阻止此应用程序。在本文中,我们将向您解释如何做到这一点。好吧,事情是TeamViewer不需要任何配置或任何其他防火墙来连接两台计算机。您只需要从网站下载.exe文件。这使得该应用程序的设置非常容易。现在有了这种简单的安装和访问方式,您将如何在您的网络上阻止TeamViewer?
有很多关于TeamViewer用户的系统被黑客入侵的大量指控。黑客和犯罪分子(Criminals)获得非法访问。
现在让我们完成阻止TeamViewer的步骤:
#1. DNS Block
首先(First),您需要阻止来自TeamViewer域的(TeamViewer)DNS记录解析,即 teamviewer.com。现在,如果您使用自己的DNS服务器,就像Active Directory服务器一样,那么这对您来说很容易。
请按照以下步骤操作:
1. 首先(First),您需要打开DNS管理控制台。
2. 您现在需要为TeamViewer(TeamViewer)域 ( teamviewer.com)创建自己的顶级记录。
现在,您无需执行任何操作。保持新记录不变。通过不将此记录指向任何地方,您将自动停止与此新域的网络连接。
#2. Ensure Clients Connection
在此步骤中,您需要检查客户端是否无法连接到外部DNS服务器。您需要确保您的内部DNS服务器;只有DNS连接被授予访问权限。您的内部DNS服务器包含我们创建的虚拟记录。这有助于我们消除客户端检查TeamViewer的(TeamViewer)DNS记录的可能性。此客户端检查仅针对他们的服务器,而不是您的服务器。
按照以下步骤确保客户端连接:
1. 第一步是登录防火墙(Firewall)或路由器。
2. 现在您需要添加一个传出防火墙规则。此新规则将禁止来自所有 IP 地址来源的TCP 和 UDP 端口 53 。(disallow port 53 of TCP and UDP)它只允许您的DNS服务器的 IP 地址。
这允许客户端仅解析您通过DNS服务器授权的记录。现在,这些授权服务器可以将请求转发到其他外部服务器。
#3. Block access to IP Address Range
现在您已经阻止了DNS记录,您可能会因为连接被阻止而松了一口气。但如果您不这样做,它会有所帮助,因为有时,尽管DNS被阻止,TeamViewer仍会连接到其已知地址。
现在,也有办法克服这个问题。在这里,您需要阻止对 IP 地址范围的访问。
1. 首先(First),登录到您的路由器(Router)。
2. 您现在需要为您的防火墙(Firewall)添加新规则。这个新的防火墙规则将禁止到 178.77.120.0./24 的定向连接
TeamViewer的 IP 地址范围是 178.77.120.0/24。现在转换为 178.77.120.1 – 178.77.120.254。
#4. Block the TeamViewer Port
我们不会将此步骤称为强制性步骤,但它比抱歉更安全。它充当额外的保护层。TeamViewer通常在端口号 5938 上连接,并通过端口号 80 和 443 进行隧道连接,即分别通过HTTP和SSL。
您可以按照给定的步骤阻止此端口:
1. 首先(First),登录防火墙(Firewall)或路由器。
2. 现在,您需要添加一个新的防火墙,就像最后一步一样。此新规则将禁止来自源地址的TCP和UDP端口 5938。(UDP)
#5. Group Policy Restrictions
现在,您必须考虑包括组策略软件限制(Group Policy Software Restrictions)。请按照(Follow)以下步骤操作:
- 第一步是从TeamViewer网站下载.exe文件。
- 启动应用程序并打开组策略管理(Group Policy Management)控制台。现在您需要设置一个新的GPO。
- 现在您已经设置了一个新的GPO,请转到User Configuration。滚动(Scroll)到Window Settings并输入Security Settings。
- 现在转到软件注册政策(Software Registration Policies)。
- 将出现一个新的哈希规则(Hash Rule)弹出窗口。单击(Click)“浏览”并搜索TeamViewer设置。
- 找到.exe文件后,打开它。
- 现在您需要关闭所有窗口。现在的最后一步是将新GPO链接到您的域并选择“应用于所有人”。
#6. Packet Inspection
现在让我们谈谈上述所有步骤都无法执行的情况。如果发生这种情况,您将需要实施可以执行深度数据包检查和 UTM(Deep Packet Inspections and UTM)(统一威胁管理(Threat Management))的新防火墙。这些特定设备搜索常见的远程访问工具并阻止其访问。
唯一的缺点是Money。您需要花很多钱才能购买此设备。
您需要记住的一件事是您有资格阻止TeamViewer,并且另一端的用户知道禁止此类访问的策略。建议有书面策略作为备份。
推荐:(Recommended:) 如何从 Discord 下载视频(How to Download Videos from Discord)
您现在可以按照上述步骤轻松地在您的网络上阻止TeamViewer 。这些步骤将保护您的计算机免受其他试图控制您系统的用户的侵害。建议对其他远程访问应用程序实施类似的数据包限制。在安全(Security)方面,您从来都没有做好充分的准备,是吗?
How to Block TeamViewer on your Network
TeamViewer is an application for online mеetings, web conferences, file & desktоp sharing over computers. TeamViewer іs famous mostly for its Remote Control sharing feature. This allows υsers to get remote аccess over other computer screens. Two users can access each other’s computer with all controls.
This remote administration and conferencing application are available for almost all operating systems, i.e., Windows, iOS, Linux, Blackberry, etc. The main focus of this application is accessing and granting controls of others’ computers. The presentation and conferencing features are also included.
As TeamViewer plays with online controls over computers, you might doubt its security features. Well no worries, TeamViewer comes with 2048-bit RSA based encryption, with key exchange and two-factor authentication. It also enforces password reset option if any unusual login or access is detected.
How to Block TeamViewer on your Network
Still, you may somehow want to block this application from your network. In this article, we will explain to you how to do so. Well, the thing is TeamViewer does not require any configuration or any other firewall to connect two computers. You only need to download the .exe file from the website. This makes the set up for this application very easy. Now with this easy installation and access, how would you block TeamViewer on your network?
There were a lot of high volume allegations about TeamViewer users getting their systems hacked. Hackers and Criminals get illegal access.
Let us now get through the steps to block TeamViewer:
#1. DNS Block
First of all, you will need to block the DNS records resolution from the domain of TeamViewer, i.e., teamviewer.com. Now, if you are using your own DNS server, just like the Active Directory server, then this would be easy for you.
Follow the steps for this:
1. First, you need to open the DNS management console.
2. You will now need to create your own top-level record for the TeamViewer domain (teamviewer.com).
Now, you don’t have to do anything. Leave the new record as it is. By not pointing this record anywhere, you will automatically stop your network connections to this new domain.
#2. Ensure Clients Connection
In this step, you need to check if the clients can’t connect to the external DNS servers. You will need to ensure that to your internal DNS servers; only DNS connections are granted access. Your internal DNS servers contain the dummy record we created. This helps us remove the slight possibility of client checking DNS record of TeamViewer. Instead of your server, this client check is only against their servers.
Follow the steps to ensure Client connection:
1. The first step is to log in to the Firewall or your Router.
2. Now you need to add an outgoing firewall rule. This new rule will disallow port 53 of TCP and UDP from all the sources of IP addresses. It only allows the IP addresses of your DNS server.
This allows the clients only to resolve the records that you have authorised through your DNS server. Now, these authorised servers can forward the request to other external servers.
#3. Block access to IP Address Range
Now that you have blocked the DNS record, you may get relieved that connections have been blocked. But it would help if you weren’t, because sometimes, despite the DNS being blocked, the TeamViewer will still connect to its known addresses.
Now, there are ways to overcome this problem too. Here, you will need to block access to the IP address range.
1. First of all, login to your Router.
2. You will now need to add a new rule for your Firewall. This new firewall rule will disallow the directed connections to 178.77.120.0./24
The IP address range for TeamViewer is 178.77.120.0/24. This now is translated to 178.77.120.1 – 178.77.120.254.
#4. Block the TeamViewer Port
We won’t call this step as mandatory, but it is better safe than sorry. It acts as an extra layer of protection. The TeamViewer often connects on the port number 5938 and also tunnels through the port number 80 and 443, i.e., HTTP & SSL respectively.
You can block this port by following the given steps:
1. First, log in to the Firewall or your Router.
2. Now, you will need to add a new firewall, just like the last step. This new rule will disallow the port 5938 of TCP and UDP from the source addresses.
#5. Group Policy Restrictions
Now, you must consider including Group Policy Software Restrictions. Follow the steps to do it:
- The first step is to download the .exe file from the TeamViewer website.
- Launch the app and open the Group Policy Management console. Now you need to set up a new GPO.
- Now that you have set up a new GPO go to User Configuration. Scroll for Window Settings and enter Security Settings.
- Now go to the Software Registration Policies.
- A new Hash Rule pop-up window will appear. Click on ‘Browse’ and search for the TeamViewer setup.
- Once you’ve found the .exe file, open it.
- Now you need to close all windows. The final step now is to link the new GPO to your domain and select ‘Apply to Everyone’.
#6. Packet Inspection
Let us now talk about when all of the above-mentioned steps fail to perform. If this happens, you will require to implement a new firewall which can perform Deep Packet Inspections and UTM (Unified Threat Management). These specific devices search the common remote access tools and block their access.
The only downside of this is Money. You will need to spend a lot of money to buy this device.
One thing that you need to keep in mind is that you are eligible to block the TeamViewer and the users at the other end are aware of the policy against such access. It is advised to have written policies as a backup.
Recommended: How to Download Videos from Discord
You can now easily block TeamViewer on your network by following the above-mentioned steps. These steps will protect your computer from other users who try to gain control over your system. It is advised to implement similar packet restrictions to other remote access applications. You are never too prepared when it comes to Security, are you?
