Home > Network Security > Blocking TeamViewer Connection Using Cisco ASA Firewall

Blocking TeamViewer Connection Using Cisco ASA Firewall

TeamViewer (TV) is application that used to create remote access connection to PC anywhere. Even if the PC located behind the firewall.

Similiar like YahooMessenger, TV provide every client with the PIN and password. Everyone who want to access the other TV client need to know the PIN and password of the opposite PC. And every party that want to make connection must be connected to the TV server (servers domain is *.teamviewer.com and/or *.dyngate.com) usualy using TCP port 80.

PC that running TV is potentialy act as a backdoor in the enterprise network. Yes, to make remote connection we need to know the PIN and password, but using Social Engineering technique, untrusted person can gained it.

Because TV client using port 80 for the outbound connection, it is difficult to block using port basis. So, because TV client must be connected first to the TV server, we can use another aproach, that is blocking every dns request for the *.teamviewer.com and/or *.dyngate.com

So, these are the configuration if we use Cisco ASA Firewall (i am using OS ver 8.x):

regex TV-RGX “\.teamviewer\.com”
regex DG-RGX “\.dyngate\.com”

class-map type regex match-any TV-CLS
match regex DG-RGX
match regex TV-RGX

policy-map type inspect dns TV-PLC
parameters
message-length maximum 512
match domain-name regex class TV-CLS
drop

policy-map global_policy
class inspection_default
inspect dns TV-PLC

service-policy global_policy global

Advertisements
  1. sagal
    March 25, 2011 at 12:59 am

    Thanks…. Have you tested?

    • irwanp
      April 16, 2012 at 2:07 pm

      Yes i have, and it’s worked well…

  2. April 16, 2012 at 1:43 pm

    thank you!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s