TeamViewer Security Information



Similar documents
TeamViewer Security Information

TeamViewer Security Information

TeamViewer Security Information

Security Guide for the BD Remote Instrument Support Solution BD Biosciences workstations

The friendly All-In-One solution for. Remote Maintenance, Support, Remote Access and Home Office. Simple, fast and secure over the Internet

The friendly, all-in-one solution for. Remote Maintenance, Support, Remote Access, and Home Office. Simple, fast, and secure over the Internet

Security Policy Revision Date: 23 April 2009

REMOTE ASSISTANCE SOLUTIONS Private Server

TeamViewer 7 Manual Remote Control

Lecture 23: Firewalls

Manual TeamViewer 3.6

TeamViewer 9 Manual Management Console

TeamViewer 7 Manual Remote Control

BeamYourScreen Security

Manual - TeamViewer 6.0

MIKOGO SECURITY DOCUMENT

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

TeamViewer 8 Manual Remote Control

TeamViewer 9 Manual Remote Control

Firewalls, Tunnels, and Network Intrusion Detection

CTS2134 Introduction to Networking. Module Network Security

Security Technology: Firewalls and VPNs

VPN Lesson 2: VPN Implementation. Summary

Critical Security Controls

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Implementing and using the NetSupport Connectivity Server

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Chapter 4 Firewall Protection and Content Filtering

TeamViewer 9 Manual Wake-on-LAN

Expertcity GoToMyPC and GraphOn GO-Global XP Enterprise Edition

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Ti m b u k t up ro. Timbuktu Pro Enterprise Security White Paper. Contents. A secure approach to deployment of remote control technology

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

How To Use An Iboss For Free On A Network With A Network (Networking) On A Pc Or Mac Or Ipod On A Server (For A Pnet) On An Ipon (For Free) On Your Ipon On A

Table of Contents. Cisco Cisco VPN Client FAQ

TeamViewer 10 Manual Remote Control

White Paper. BD Assurity Linc Software Security. Overview

NEFSIS DEDICATED SERVER

How To Set Up A Net Integration Firewall

Client Server Registration Protocol

DIS VPN Service Client Documentation

Unisys Internet Remote Support

How do I secure and manage an out-of-band connection to network devices?

Unleashing the power of real-time collaboration:

How To Set Up A Vns3 Controller On An Ipad Or Ipad (For Ahem) On A Network With A Vlan (For An Ipa) On An Uniden Vns 3 Instance On A Vn3 Instance On

Potential Targets - Field Devices

Introduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Unleashing the power of secure, real-time collaboration

Networking and High Availability

The All-in-One Support Solution. Easy & Secure. Secure Advisor

GoToMyPC and. pcanywhere. expertcity.com. Remote-Access Technologies: A Comparison of

INTRODUCTION TO FIREWALL SECURITY

Section 12 MUST BE COMPLETED BY: 4/22

Packet filtering and other firewall functions

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

How To Manage My Smb Ap On Cwm On Pc Or Mac Or Ipad (Windows) On A Pc Or Ipa (Windows 2) On Pc (Windows 3) On An Ipa Or Mac (Windows 5) On Your Pc

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

If you have questions or find errors in the guide, please, contact us under the following address:

SaaS Security for the Confirmit CustomerSat Software

for Networks Installation Guide for the application on the server August 2014 (GUIDE 2) Lucid Exact Version 1.7-N and later

Recommended IP Telephony Architecture

Networking and High Availability

NETASQ MIGRATING FROM V8 TO V9

Security Overview Introduction Application Firewall Compatibility

McAfee SMC Installation Guide 5.7. Security Management Center

3. Security Security center. Open the Settings app. Tap the Security option. Enable the option Unknown sources.

How To. Instreamer to Exstreamer connection. Project Name: Document Type: Document Revision: Instreamer to Exstreamer connection. How To 1.

Grandstream Networks, Inc. UCM6100 Security Manual

Securing Remote Desktop for Windows XP

WebEx Remote Access White Paper. The CBORD Group, Inc.

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Case Study for Layer 3 Authentication and Encryption

Websense Content Gateway HTTPS Configuration

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

Web Conferencing: Unleash the Power of Secure, Real-Time Collaboration

Online Meetings and Remote Support. Secure & Easy.

Chapter 4 Firewall Protection and Content Filtering

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

vshield Administration Guide

Installation Guide V1.0

funkwerk packetalarm NG IDS/IPS Systems

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

Dedicated Servers for Demanding Solutions

Virtual Private Networks (VPN) Connectivity and Management Policy

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Transcription:

TeamViewer Security Information 2009 TeamViewer GmbH, Stand 7/2009

Target Group This document is aimed at professional network administrators. The information in this document is of a rather technical nature and very detailed. Based on this information IT professionals can get a detailed picture of the software security before deploying TeamViewer. Please feel free to distribute this document to your customers in order to resolve possible security concerns. In case you do not consider yourself as part of the target group, the soft facts in the section "The Company / the Software" will help you get a picture yourself. The Company / the Software About us The TeamViewer GmbH is based in the south German city of Göppingen (near Stuttgart) and was founded in 2005. We are exclusively dealing with developing and selling secure systems for web-based collaboration. A fast start and a rapid growth have led to several million installations of the TeamViewer software and to users in more than 50 countries around the globe within a short span of time. The software is currently available in 14 languages. The TeamViewer GmbH is privately owned and has been profitable since its foundation. Our Understanding of Security TeamViewer is used a million times around the world for giving spontaneous support over the internet or for accessing unattended computers (e.g. remote support for servers). Depending on the configuration of TeamViewer that means that the remote computer can be controlled as if you were sitting right in front of it. Is the user who is logged on to a remote computer a Windows or Mac administrator, he/she will be granted administrator rights on that computer as well. It is obvious that such a mighty functionality over the potentially unsafe internet has to be protected against attacks in various ways. As a matter of fact, the topic of security dominates all our other development goals - in order to make the access to your computer safe and also to save our very own interest: Millions of users worldwide will only trust a secure solution and only a secure solution secures our long-term success as a business. 1

Quality Management From our understanding, security management is unthinkable without an established quality management. The TeamViewer GmbH is one of the few providers on the market practicing a certified quality management in accordance with ISO 9001. Our quality management is following internationally recognized standards. We have our QM system reviewed by external audits on an annual basis. External Expert Assessment Our software TeamViewer has been awarded a five-star quality seal (maximum value) by the Federal Association of IT Experts and Reviewers (Bundesverband der IT-Sachverständigen und Gutachter e.v., BISG e.v.). The independent reviewers of the BISG e.v. inspect products of qualified producers for their quality, security and service qualities. Security-related inspection TeamViewer underwent a security-related inspection by the German FIDUCIA IT AG (an operator of data processing centers for around 800 German banks) and has been approved for use at bank workstations. References At the present moment (September / 2008) TeamViewer is in use on more than 15,000,000 computers. International top corporations from all kinds of industries (including such highly sensitive sectors as banks and other financial institutions) are successfully using TeamViewer. We invite you to have a look at our references on the internet for getting a first impression of the acceptance of our solution. Surely you will agree that presumably most of the companies had similar security and availability requirements before they have - after an intensive examination - eventually decided for TeamViewer. In order for you to get your own impression, though, find some technical details in the following paragraphs. Creation and Operation of a TeamViewer Session Creation of a Session and Types of Connections. When creating a session, TeamViewer determines the optimal type of connection. After the handshake through our master server, in 70% of the cases a direct connection via UDP or TCP is established (even behind standard gateways, NATs and firewalls). The rest of the connections are routed through our highly redundant router network via TCP or http-tunnelling. You do not have to open any ports in order to work with TeamViewer! As later described in the paragraph "Encryption and Authentication" even we as the operators of the routing servers cannot read the encrypted data traffic either. 2

Encryption and Authentication TeamViewer works with a complete encryption based on RSA public/private key exchange and AES (256 Bit) session encoding. This technology is used in a comparable form for https/ssl and can be considered completely safe by today's standards. As the private key never leaves the client computer, it is ensured by this procedure that interconnected computers - including the TeamViewer routing servers - cannot decipher the data stream. Each TeamViewer clients has already implemented the public key of the master cluster and can thus encrypt messages for the master server and check the signature of the master, respectively. The PKI (Public Key Infrastructure) effectively prevents "Man-in-the-middle-attacks". Despite the encryption the password is never sent directly but only through a challenge-response procedure and is only saved on the local computer. TeamViewer encryption and authentication 3

Validation of TeamViewer IDs The TeamViewer IDs are automatically generated by TeamViewer itself based on hardware characteristics. The TeamViewer servers check the validity of the ID before every connection so that is not possible to generate and use fake IDs. Protection from Brute Force Attacks If prospective customers inquire about the security of TeamViewer, they regularly ask about encryption. Understandably the risk that a third party could gain insight into the connection or that the TeamViewer access data is being tapped is feared the most. In reality it is very often very primitive attacks that are the most dangerous ones. In the context of computer security brute force attacks are often attempts to guess a password which is protecting a protected resource by trial and error. With the growing computing power of standard computers the time needed for guessing even longer password has been increasingly reduced. As a defence against brute force attacks, TeamViewer exponentially increases the latency between the connection attempts. For 24 attempts it already takes 17 hours. The latency is only reset after successfully entering the correct password. 10000 TeamViewer Brute Force Defense Delay in minutes 1000 100 10 1 1 4 6 8 10 12 14 16 18 20 22 24 Attempts Chart: Time elapsed after n connection attempts during a brute force attack 4

Code Signing As an additional security feature all our software is signed via VeriSign Code Signing. Due to this the publisher of the software can always be reliably identified. Has the software been changed afterwards the digital signature becomes automatically invalid. Even the customisable QuickSupport module is being signed dynamically during its generation. Datacenter & Backbone These two topics concern the availability as well as the security. The central TeamViewer server is located in a highly modern data centre with multi-redundant carrier connection and redundant power supply. Exclusively brand-name hardware (Cisco, Foundry, Juniper) is being used. The access to the data centre is only possible after a thorough identity check through a single entrance gate. CCTV, incursion detection, 24/7 surveillance and on-site security personnel protect our servers against attacks from within. Application Security in TeamViewer Black- & Whitelist Especially if TeamViewer is used for maintaining unattended computers (i.e. TeamViewer is installed as a Windows service) it can be interesting - in addition to all other security mechanisms - to restrict access to this computers to a number of specific clients. With the whitelist function you can explicitly indicate which TeamViewer IDs are allowed to access this computer, with the blacklist function you can block certain TeamViewer IDs. No Stealth Mode There is no function which enables you to have TeamViewer running completely in the background. Even if the application is running as a Windows service in the background, TeamViewer is always visible through an icon in the system tray. After establishing a connection there is always a small control panel visible above the system tray therefore TeamViewer is deliberately unsuitable for covertly monitoring computers or employees. Password Protection For spontaneous customer support TeamViewer (TeamViewer QuickSupport) generates a session password (one-time password). If your customer tells you his/her password you can connect to the customer's computer by entering the ID and password. After a reboot on the customer's side a new session password will be generated so that you can only reach your customer's computers if you are explicitly invited to do so. When deploying TeamViewer for unattended remote support (e.g. of servers) you set an individual fixed password which secures the access to this computer. 5

Access control incoming and outgoing You can individually configure the connection modes of TeamViewer. So for instance you may configure your remote support or presentation computer in a way that no incoming connections are possible. Limiting the functionality to the actually needed functions always means limiting possible weak points for potential attacks. Further Questions? If you have any further questions we are always looking forward to your calls at (US) +1 (800) 951 4573 and (UK) +44 (0) 2080 997 265 or your emails to support@teamviewer.com. Contact TeamViewer GmbH Kuhnbergstr. 16 D-73037 Göppingen Germany service@teamviewer.com Executive: Dr. Tilo Rossmanith Trade register: Ulm HRB 534075 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information