Solved

Block Team Viewer

Posted on 2013-06-15
16
2,471 Views
Last Modified: 2013-06-18
Hello,
I need to completely block team access from outside to internal clients. I need to make sure in my network that no on uses team viewer in my network

I have following design

Internet>>Router>>ASA>>Inside

I would highly appreciate any help.

Thahnks
0
Comment
Question by:cciedreamer
  • 7
  • 5
  • 2
  • +2
16 Comments
 
LVL 4

Expert Comment

by:MrC63
ID: 39250416
What brand of router is it, and what's the ASA device?  Is it a Cisco ASA?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39250421
I have Cisco Router 1840 and Cisco ASA 5540.


Thanks for the help.
Samir
0
 
LVL 4

Expert Comment

by:MrC63
ID: 39250485
Thanks, that helps.  

Next I want to clarify something.  You say you don't want anyone to use TeamViewer in your network.  Does this mean you want to block all TeamViewer activity even if it was between two computers inside your network, or is your concern Teamviewer access from computers outside your network (but between computers inside the network it would be fine), or is it all of the above?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39250492
I appreciate your help.
I want block outside my network and allow for certain pc's that I want to allow and block other computers.

Thanks
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39250507
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39250519
Sorry I just forgot to mention that my internal clients are using TMG Proxy to connect to internet. Thus team viewer grant to access to outside going through proxy.
0
 
LVL 4

Expert Comment

by:MrC63
ID: 39250592
This is a bit of a confusing configuration.  You have both a router and a firewall (both almost the same) and now a third proxy?  

Which system (or systems) is TeamViewer currently able to access?  I'm afraid I can't give you much more advice until I know where TeamViewer is gaining access to your internal network.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39250595
I am allowing my internal users to access internet using our proxy server instead of going direcly through ASA.
My TMG firewall is behind Cisco ASA.
I want to make sure in my internal network on one uses team viewer except for them I allowed.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Expert Comment

by:MrC63
ID: 39250597
How does your proxy server access the Internet?  Does it go through the ASA (and then subsequently through the router) ?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39250602
Yes. It goes through the ASA and then router
0
 
LVL 4

Expert Comment

by:MrC63
ID: 39250614
This is an exceptionally unusual configuration. Is there a specific reason why you go through a proxy, then a firewall and then a router.

Since you have an ASA firewall, why not use it as the point of entry / exit and eliminate the others.  This would allow you to manage both inbound and outbound traffic from a single source, rather than trying to use different devices / programs to control access.

Maybe there is something else you haven't described that justifies the three layers?  If you need to use all three, and if you need to allow access to certain PC's, this becomes exponentially more complex.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 39251661
Why not set up a GPO that forbids them from installing 3rd party software without admin permissions?

Just go into AD and change their user rights.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39251807
Is there any to block them through TMG ? since my internal users are proxy in there browsers
0
 
LVL 4

Accepted Solution

by:
MarcusSjogren earned 500 total points
ID: 39254637
The biggest advantage of using TeamViewer is that they are not blocked by firewalls and routers. You would probably need a layer 7 filter to be sure about filtering it, like Websense or Fortigate.

TeamViewer isn't just using dns to resolve its routers/servers but also bare IP-addresses. Hence the need for filtering equipment.
0
 
LVL 4

Expert Comment

by:MarcusSjogren
ID: 39254674
Just found out that Cisco actually have a module called CSC which can be installed in the ASA and its a content filter which can filter for example remote software.
0
 
LVL 3

Author Closing Comment

by:cciedreamer
ID: 39255434
That's the right clue ! I blocked them through Websense
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Printing Using Remote Desktop Windows 7 sometimes has issues with printing to a local printer using a Remote Desktop Connection (RDC). The 1st step is to verify that printers are checked on the Local Resources tab of the Remote Desktop C…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now