How to Lock Down TeamViewer for More Secure Remote Access

0
76
How to Lock Down TeamViewer for More Secure Remote Access

Here we can see, “How to Lock Down TeamViewer for More Secure Remote Access”

Run the appliance and choose “Basic” installation (to prevent TeamViewer from installation as a Windows Service), then run TeamViewer and log into the appliance together with your new password.

You’ll be prompted immediately after logging in to enter the safety code from your two-factor security code.

TeamViewer may be a great free program, whether you would like to access your computer from afar or help friends and relatives with their computer. But its default settings are remarkably insecure, instead favoring simple use. Here’s the way to lock down TeamViewer, so you’ll make use of its features without opening yourself up to attack.

The Problem with TeamViewer

Back in 2016, there was a rash of computers compromised through TeamViewer. And just in December 2017, TeamViewer was forced to issue an emergency fix for a significant vulnerability within the program. Even when there aren’t any glaring security holes or widespread attacks, though, it’s very easy for a TeamViewer user to possess their computer compromised if they don’t have all the proper settings so as. And if you check out reports of past compromised machines, most victims were using an unsecured setup.

By default, TeamViewer isn’t a very secure application. It favors simple use over difficult-to-navigate security procedures. This is often useful when you’re trying to assist your dad in solving his computer woes from across the country: you’ll have him download one file, run that file, have him offer you the straightforward numeric computer ID and password, and boom, you’re controlling his computer and solving the crisis. But leaving TeamViewer therein simple first-run mode (which really should only be utilized in such an easy state for those one-off emergencies) is simply posing for trouble.

TeamViewer has plenty of security options you’ll toggle on and tweak, however, and it’s very easy to travel from a not-secure TeamViewer experience to a secure TeamViewer experience with only a touch tinkering.

Before we proceed, however, there are a couple of things we’d such as you to stay in mind while reading through the tutorial. First, not everyone must activate every option we propose. Second, you would like to balance your needs and workflow against the safety changes you make—you wouldn’t want to, for instance, activate the feature that needs a user at the pc to accept the incoming TeamViewer request if you’re using TeamViewer to attach to your unattended computer.

Second, suppose TeamViewer is installed on your computer through your work, by a tech support company you’ve hired, or by a relative who helps troubleshoot and maintain your computer. In that case, we’d encourage you to read over this text (and potentially cash in on a number of the tips) but also to consult the person responsible for your TeamViewer experience.

Basic Security Practices

Before we get into the nitty-gritty of TeamViewer’s settings, let’s mention a couple of basic security practices (that, frankly, apply to almost any program, not just TeamViewer).

1.Exit TeamViewer, and Run It Only When You Need It

Our first suggestion is an instantaneous action you would like to require and a general suggestion for future use. First, compromises are often the results of poor security practices, and we’re getting to do one thing right away: shut TeamViewer temporarily off and update it, and, while the appliance is turned off, we’re getting to update the safety on your TeamViewer account through the company’s webpage. (More on this within the next section.)

As a general future consideration, only run the TeamViewer application once you need it. That way, even when there’s a vulnerability within the program (like the one just discovered and patched), you won’t be in nearly the maximum amount of danger. Likewise, an application that isn’t running can’t cause any trouble for you. While we understand that some people keep TeamViewer on 24/7 as a part of their workflow, and if you need to, fine. But if you use it occasionally in your home, or you’re one among the people that only turns it on sometimes to troubleshoot a relative’s computer, then don’t leave it running all day, every day. This is often the only best thanks to avoiding giving someone access to your machine.

Also See:  How to Remotely Access Your Computer from Your Phone

With that in mind, pack up your TeamViewer application if it’s currently running before proceeding onto subsequent steps.

2.Create a Strong Password

After shutting down the TeamViewer app, it’s time to log into your TeamViewer account at https://login.teamviewer.com. If you employ TeamViewer without an account, we might strongly encourage you to check in for a free account, as it’s far more secure. Not only do many of the safety tips we’re getting to highlight throughout this tutorial believe features are only available to account holders, but you can’t cash in on the recently unrolled behind-the-scenes security features—account monitoring and trusted devices—without an account.

Once logged in, click on your name within the upper right corner of the screen and, from the sink menu, select “Edit profile.”

You’ll be within the “General” section of the “Profile settings” menu. There are two sections hereof immediate interest to us: the “Change password” link and, therefore, the two-factor authentication (which we’ll get to during a moment). First, select “Change password.”

Please enter your current password and replace it with an extended, strong new password. Confirm the password, then select “Change password.” got to brush abreast of your strong password crafting skills? We’ve got you covered.

3.Enable Two-Factor Authentication

Before we proceed, there’s something we must strongly emphasize. Enabling two-factor authentication on your TeamViewer account increases the safety of the login credentials for your TeamViewer account. It doesn’t, by default, apply the 2-factor system to the particular client. You’ll set a really strong password on your TeamViewer account and switch on two-factor authentication. Still, if you allow the client password set to the default 4 digit numeric password, then the two-factor authentication would do nothing to guard you.

It is critically important that you complete the whole tutorial here and (as we demonstrate within the later sections) either set a really strong password on your TeamViewer client or, better yet, lock your client to your account (thus locking it to the 2-factor authentication).

After you modify your password, as you probably did within the previous step, you’ll be automatically signed out of your TeamViewer account. Then, log back in and return to an equivalent location within the Profile > General menu. Next, select the link “Activate,” next to “Two factor authentication.”

If you’re unacquainted with two-factor authentication, you’ll read abreast of it here. In short, two-factor authentication adds another layer of identification to the login process (instead of just your email and password, you would like your email, password, and, therefore, the unique code generated by the authentication app on your cellphone). TeamViewer supports several authenticators, including Google Authenticator (iOS/Android) and Authy (iOS/Android). Take a flash to put in one among the applications above if you aren’t already using one.

Once you’ve selected “Activate,” you’ll see this tiny menu describing two-factor authentication. Next, click “Start activation.”

At now, you’ll see a screen just like the one below, with an outsized black QR code within the center. Open up your authenticator of choice, press the button to feature a replacement service, and scan the QR code.

If scanning it doesn’t work for a few reasons, you’ll always click the “enter the key key manually” link and sort it in rather than scanning it. Then, once you’ve successfully added it to your authenticator, click “Next.”

Check the safety code for TeamViewer within your authenticator app and enter it now. Then, click “Activate” to verify.

On the ultimate step, print the emergency recovery code. Store this code in a safe place. If you lose access to your authenticator, this is often the only way you’ll be ready to remove the 2-factor authentication.

At now, we’re now through with the website. After printing the emergency code, you’ll sign off on the location.

4.Update TeamViewer

If you run TeamViewer infrequently, or if automatic updates got turned off somewhere along the road, you’ll not be running the original up-so-far version. However, the TeamViewer installation file is small, so it’s trivial to grab the freshest copy and run it to make sure your TeamViewer application is up so far before we even open it up again.

You can download an updated version of the desktop application here. Next, run the appliance and choose “Basic” installation (to prevent TeamViewer from installation as a Windows Service), then run TeamViewer and log into the appliance together with your new password.

You’ll be prompted immediately after logging in to enter the safety code from your two-factor security code. So reference your authenticator app and enter it now.

To play it extra safe, after completing the login process, you’ll select Help > Check for brand spanking new Version from the toolbar to verify you’re running the maximum up-to-date version number.

Lock Down TeamViewer’s Security Settings

At now, you’re already before the sport by simply replacing your password with a replacement and stronger one and turning on two-factor authentication. While that secures your TeamViewer account generally, we still have to do a touch add to the particular TeamViewer application itself.

We want to stress something we highlighted at the start of the tutorial: the settings and options you decide on are highly hooked to how you employ TeamViewer. So, for example, suppose you’re configuring TeamViewer as how to remotely access your computer while you’re far away from home. In that case, you’ll make different choices than if you’re fixing the TeamViewer client on your elderly parents’ computer. So we might encourage you to secure the very best number of settings you’ll without reducing the utility of TeamViewer to the purpose that it’s more of a hindrance than a help.

To get started, head to Extras > Options from the menu bar.

All the setting changes we’ll make are located within the extension Options menu. to assist hamper on confusion, we’re getting to work our way right down the choices menu, submenu by submenu.

General: No Automatic Startup and Account Assignment

To start, select the “General” tab from the left navigation pane.

There are two big settings you would like to configure here. First, you would like to verify that “Start TeamViewer with Windows” isn’t checked unless you’ve got a pressing reason to possess it on. If you’re the tech support giver, you don’t get to have TeamViewer start with Windows. On the opposite hand, if the tech support receiver can’t handle fumbling around to start TeamViewer whenever they call you, it’d be a necessary evil to enable this setting on their machine—but as we said before, it’s best only to run TeamViewer when you’re actively using it, which suggests unchecking this box.

At rock bottom, you’ll find a neighborhood labeled “Account assignment.” Click on the “Assign to account” button and assign your computer to a selected TeamViewer account. If this is often your pc that only you would like access to, you would like to assign the pc to your account. If this computer belongs to the person you regularly help, you would like to assign their computer to your account.

We can’t overemphasize what a rise in security this offers. If your account features a strong password and two-factor authentication enabled, this suggests that rather than a weak default random password the TeamViewer client creates each session, anyone attempting to access the remote computer will need your login, your strong password, and access to your authenticator.

Also See:  we couldn't update the system reserved partition windows 10

Security: No Easy Access, Strong Passwords, and Whitelists

Our next stop is that the security section. Select “Security” from the left pane.

Here you’ve got some choices to form regarding password access and Windows access. First, we’ve got the “Personal password” section. Here you’ll set a private password for this TeamViewer client (for remote access), and you’ll grant “easy access” (wherein the listed account doesn’t get to enter a password to access the machine as long as they’re logged into their TeamViewer account).

Some people like to manually set a really strong password for their machine (rather than believe the randomly generated ones that TeamViewer uses by default). As long as you set a really strong password and use the Whitelist function, we’ll get to it during a moment, and this is a secure option. Without the whitelist, though, the private password exposes another vector of attack since someone would only need your TeamViewer ID and password to access the machine—they wouldn’t even need a two-factor authentication token.

We’d discourage you from using the “easy access” function unless you’ve got a really strong password on your TeamViewer account and you’ve enabled two-factor authentication, as this removes the necessity for a manually or randomly generated password to access the machine (as long as you’re logged into your TeamViewer account). But, again, you would like to balance security concerns against simple use.

Suppose you’re sticking with the randomly generated passwords (wherein the top user, like your mom, will be got to offer you the password each time). In that case, we might encourage you to vary from the weaker default password length to “Very secure (10 characters)”. Alternatively, you’ll disable this function if you’ve opted for a strong manual password within the previous step.

Here you’ve got some choices to form regarding password access and Windows access. First, we’ve got the “Personal password” section. Here you’ll set a private password for this TeamViewer client (for remote access), and you’ll grant “easy access” (wherein the listed account doesn’t get to enter a password to access the machine as long as they’re logged into their TeamViewer account).

Some people like to manually set a really strong password for their machine (rather than believe the randomly generated ones that TeamViewer uses by default). As long as you set a really strong password and use the Whitelist function, we’ll get to it during a moment, and this is a secure option. Without the whitelist, though, the private password exposes another vector of attack since someone would only need your TeamViewer ID and password to access the machine—they wouldn’t even need a two-factor authentication token.

We’d discourage you from using the “easy access” function unless you’ve got a really strong password on your TeamViewer account and you’ve enabled two-factor authentication, as this removes the necessity for a manually or randomly generated password to access the machine (as long as you’re logged into your TeamViewer account). But, again, you would like to balance security concerns against simple use.

Suppose you’re sticking with the randomly generated passwords (wherein the top user, like your mom, will be got to offer you the password each time). In that case, we might encourage you to vary from the weaker default password length to “Very secure (10 characters)”. Alternatively, you’ll disable this function if you’ve opted for a strong manual password within the previous step.

Select “Allow access just for the subsequent partners,” then click “Add.” You’ll be presented with an inventory of your TeamViewer contacts to pick from. By default, you’re the sole person on your contact list. If you’re only using TeamViewer to access your machines, then this is often perfect; you’ll whitelist you and call it good.

However, if you’re fixing a computer for a relative, you’ll get to add yourself as a contact to their TeamViewer account if you would like to use the Whitelist function. You’ll do so by closing the choices menu here, returning to the most TeamViewer window, and clicking on the small double arrow icon next to their name at the rock bottom right corner of the screen (this expands the Computers and Contacts list). Then, finally, click “Add contact” at the rock bottom of the list to feature yourself as a contact.

If you would like to feature anyone else (like, say, a sibling who helps out with mom and dad’s computer), now’s the time to try so.

Once the additional people, if required, are within the contact list, you’ll return to the previous menu, select “Add,” then select all the TeamViewer accounts you would like to feature to the whitelist. Finally, click “OK” to verify.

Advanced Options: Granular Control Over Remote Access Functionality

If you’ve come this far—settings up two-factor authentication, using strong passwords, fixing a whitelist—you’re in great shape and won’t be got to do any more advanced tweaking. The advanced settings menu, however, offers granular control over aspects of the TeamViewer experience that allows you to both protect your computers and, therefore, the computers the people you help from both outside tamperings (as well as user error).

To access the advanced settings select the “Advanced” tab from the left navigation pane.

There’s a warning that you should read the manual before you create any changes. That’s true. You ought to read the manual if you propose mucking around with any settings we aren’t specifically walking you thru. Failure to read documentation is that the path to sorrow.

To access the advanced options, click “Show advanced options.” tons are happening here. Still, we’re only curious about one particular section within the advanced menu, “Advanced settings for connections to the present computer.”

Here you’ll find an entry for “Access Control” that, by default, is about to “Full Access.” rather than leaving it set to “Full Access,” we might strongly encourage you to pick “Custom settings” from the sink menu.

After selecting “Custom settings,” click the “Configure” button directly under the box.

Here you’ll find a good array of granular permissions for your remote access session, which will be configured as “allow,” “after confirmation,” or “denied.” Of course, how you configure these settings is very hooked into your needs, and therefore the settings we’ve within the above screenshot are to point out the various states the entries are often in.

If, for instance, you’re configuring a computer on your house network for straightforward remote access, it might be foolish to toggle “Connect and consider my screen” to “After confirmation” because you’d need to trudge all the way right down to the basement server to confirm remote access manually. And at that time, who needs remote access… you’re already standing there.

On the opposite hand, though, if you’ve got a friend, loved one, for the client, who is worried about privacy and about you having the ability only randomly to hook up with their computer unannounced, then turning on “After confirmation” allows you to mention “Look, this manner I can only hook up with your computer to assist you if you explicitly click OK and permit it.”

The individual Access Control toggles are detailed on page 72 of the TeamViewer 11 manual (PDF). Still, we’ll highlight the settings here that ought to be generally switched to “After confirmation” under nearly every circumstance:

  • Transfer files: Set this one to “After confirmation” for remote computers your service. Why give an intruder a simple thanks to downloading your parents’ tax returns or upload something to their machine?
  • Establish a VPN connection to the present computer: There’s rarely needing to line up an existing virtual network between computers, and unless you’ve got a very good reason to stay this on, you ought to turn it off for security purposes. Set this one to “Denied.”
  • Control the local TeamViewer: If you’re setting this abreast of a relative’s machine, you would like to line this to “After confirmation,” just in case you need to form some small changes to the TeamViewer client down the road. If you’re setting it abreast of your machine, you ought to set it to “Denied.” How often would you like to remotely hook up with your machine and make big changes to TeamViewer?
  • File transfer using the file box: a bit like the transfer files settings, this one should be set to “After confirmation.” This is because if any files are leaving the remote computer, somebody should be confirming it.

In addition to the opposite security precautions we put in situ, these additional precautions ensure that if someone were to realize access to TeamViewer, they wouldn’t be ready to siphon up files or transfer malware to the machine.

Our next stop is vital if you’re using randomly generated passwords to keep the remote computer safe. Beneath the Access Control section, there’s an entry labeled “Random password after each session.” Select “Generate new” from the dropdown menu to make a random replacement password whenever someone tries to attach it to TeamViewer.

Again, like all the choices we’ve gone over, adjust this one to suit the scene you’re using TeamViewer for. For example, if reading you an extended and random password over the phone isn’t viable for the person you’re helping, then opt instead to use the strong manual password option we checked out under the “Security” tab earlier within the tutorial.

Finally, if you’ve configured the remote computer with a limited user account (a wise choice if you’ve found out a computer for a non-tech savvy relative), you’ll scroll right down to the “TeamViewer options” and check “Changes require administrative rights on this computer.”

This ensures that only someone on the pc with administrative access (whether that’s you or an adult within the small household) will be ready to make changes to the TeamViewer settings. Additionally (or), you’ll also set a password right within the TeamViewer application with the “Protect options with a password.”

Also See:  how to customize the lock screen on windows 8

For the Wary: TeamViewer Alternatives

We’re not personally in any rush to abandon TeamViewer, but if you’ve experienced a compromise on your TeamViewer setup, we completely understand if you’re curious about trying an alternate remote desktop application. Here are some alternative applications you would possibly consider:

  • Windows Remote Desktop: Available for Windows and macOS (as a client to access Windows machines). It’s free and pretty easy to line up. Still, it features a big limitation: users of any version of Windows can hook up with other Windows PCs using Remote Desktop, but Windows home editions can’t host a connection. For help fixing Windows Remote Desktop, see our tutorial here.
  • Splashtop: Free for private use if you’re just using it over the local network, but $16.99 a year for the “Anywhere Access Pack” that permits true remote access. Desktop clients are available for Windows, macOS, and Ubuntu Linux. Splashtop offers a similar experience to TeamViewer, including remote desktop control, file transfer, and so on.
  • Chrome Remote Desktop: a comparatively new offering from Google, Chrome Remote Desktop may be a free Chrome browser extension that sets up a secure remote desktop connection between the user’s Chrome browser and, therefore, the remote computer. It’s cross platform and works wherever Chrome does. the big shortcoming is that it’s a more limited feature set, and if the system you’re trying to repair has browser problems, you’ll need an alternate thanks to accessing the remote desktop.

We’ve suggested the three alternatives here due to their similar simple use and solid track records, not because they’re inherently better than TeamViewer or resistant to potential exploits. As always, weigh your options carefully and apply the equivalent principles we discussed regarding TeamViewer—leave the tool off when not in use, use strong passwords, etc.—when using an alternate remote desktop solution.

Although configuring TeamViewer as intensively as we just did is much more work than simply running the appliance in its default state, let’s be real here. Your data and security (and the info and security of the people you help with TeamViewer) is worthwhile. When there are dozens of security options right at your fingertips, like we just demonstrated, there’s no excuse for running TeamViewer with no user account, no two-factor authentication, and a weak password.

Conclusion 

I hope you found this guide useful. If you’ve got any questions or comments, don’t hesitate to use the shape below.

User Questions:

  1. Is VPN secure?

The ICSI Networking and Security Group found that 38% of the 283 Android VPNs studied contained some malware presence. Therefore, a VPN application might not always be safe when using free tools.

  1. Can Remote Desktop be hacked?

Remote desktop hacks become a standard way for hackers to access valuable password and system information on networks that believe RDP functions. In addition, malicious actors are constantly developing more and more creative ways to access private data and secure information that they will use as leverage for ransom payments.

  1. Can a hacker video you?

There’s a good reason numerous people put tape over their computer webcams or use a fanatical webcam cover to shut them off: Webcams are often hacked, which suggests hackers can turn them on and record you once they want, usually with a “RAT” or remote administration tool that’s been secretly uploaded.

Also See:  Microsoft Is Asking the Internet To Vote for Its New Default Font

4.TeamViewer Security Best Practices.

TeamViewer Security Best Practices. from teamviewer

  1. Locking down TeamViewer in Light of Recent Events

Locking down TeamViewer in Light of Recent Events from sysadmin