TeamViewer Security Information



Similar documents
TeamViewer Security Information

TeamViewer Security Information

TeamViewer Security Information

RevShield Software Suite Network Security Review

Remote Maintenance, Support, Home Office and Presentations

The friendly All-In-One solution for. Remote Maintenance, Support, Remote Access and Home Office. Simple, fast and secure over the Internet

meetings, presentations, training sessions and teamwork

Security Policy Revision Date: 23 April 2009

The friendly, all-in-one solution for. Remote Maintenance, Support, Remote Access, and Home Office. Simple, fast, and secure over the Internet

Security Guide for the BD Remote Instrument Support Solution BD Biosciences workstations

BeamYourScreen Security

MIKOGO SECURITY DOCUMENT

White Paper. BD Assurity Linc Software Security. Overview

CTS2134 Introduction to Networking. Module Network Security

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Manual - TeamViewer 6.0

PRIVACY, SECURITY AND THE VOLLY SERVICE

Transition Networks White Paper. Network Security. Why Authentication Matters YOUR NETWORK. OUR CONNECTION.

ReadyNAS Remote White Paper. NETGEAR May 2010

Lecture 23: Firewalls

Secure Data Hosting. Your data is our top priority.

TeamViewer 7 Manual Remote Control

Unisys Internet Remote Support

Security Whitepaper. NetTec NSI Philosophy. Best Practices

DataTrust Backup Software. Whitepaper Data Security. Version 6.8

The All-in-One Support Solution. Easy & Secure. Secure Advisor

Complying with PCI Data Security

DFW Backup Software. Whitepaper Data Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

Executive Summary and Purpose

ELPBack Online Backup Whitepaper Data Security Version 5.5.x Jun 2008 Protecting Tomorrow with yesterday ELPBack Offsite Backup Whitepaper Data

Blaze Vault Online Backup. Whitepaper Data Security

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Implementing and using the NetSupport Connectivity Server

The Conference Room of Today. Easy & Secure. Instant Meeting

Fact Sheet FOR PHARMA & LIFE SCIENCES

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Expertcity GoToMyPC and GraphOn GO-Global XP Enterprise Edition

TeamViewer 8 Manual Remote Control

TeamViewer 9 Manual Remote Control

A Rackspace White Paper Spring 2010

TeamViewer 7 Manual Remote Control

How Reflection Software Facilitates PCI DSS Compliance

Manual TeamViewer 3.6

SSL SSL VPN

HP IMC Firewall Manager

TeamViewer 9 Manual Management Console

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications VIDYO

Payment Card Industry Self-Assessment Questionnaire

REMOTE ASSISTANCE SOLUTIONS Private Server

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

LAB FORWARD. WITH PROService REMOTE SERVICE APPLICATION. Frequently Asked Questions

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Ahsay Online Backup. Whitepaper Data Security

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Unleashing the power of real-time collaboration:

Live Guide System Architecture and Security TECHNICAL ARTICLE

BOWMAN SYSTEMS SECURING CLIENT DATA

KeyLock Solutions Security and Privacy Protection Practices

Fax

NEFSIS DEDICATED SERVER

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

GoodData Corporation Security White Paper

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

Data Superhero Online Backup Whitepaper Data Security

HP A-IMC Firewall Manager

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

TeamViewer 10 Manual Remote Control

Unleashing the power of secure, real-time collaboration

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Alaska Alternate Assessment. Website Security Assurances. June App3.6_Test_Site_Security

Injazat s Managed Services Portfolio

Websense Content Gateway HTTPS Configuration

IBX Business Network Platform Information Security Controls Document Classification [Public]

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

SecureAge SecureDs Data Breach Prevention Solution

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Beyond Remote Control Features that Take Remote Control Capabilities to the Next Level of Network Management

Topics in Network Security

Barracuda SSL VPN Administrator s Guide

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Networking and High Availability

Bit Chat: A Peer-to-Peer Instant Messenger

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Web Conferencing: Unleash the Power of Secure, Real-Time Collaboration

PowerChute TM Network Shutdown Security Features & Deployment

Network Management System (NMS) FAQ

SysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan

HIPAA Privacy & Security White Paper

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Cornerstones of Security

Transcription:

TeamViewer Security Information 2013 TeamViewer GmbH, Last update: 11/2013

Target Group This document is aimed at professional network administrators. The information in this document is of a rather technical nature and very detailed. Based on this information IT professionals can get a detailed picture of the software security before deploying TeamViewer. Please feel free to distribute this document to your customers in order to resolve possible security concerns. If you do not consider yourself as part of the target group, the soft facts in the section "The Company / the Software" will help you get a picture. The Company / the Software About us The TeamViewer GmbH was founded in 2005 and is based in the south of Germany, in the city of Göppingen (near Stuttgart) with subsidiaries in Australia and the U.S. We are exclusively developing and selling secure systems for web-based collaboration. Within a short span of time, a fast start and a rapid growth have led to more than 200 million installations of the TeamViewer software and to users in more than 200 countries around the globe. The software is available in more than 30 languages. Our Understanding of Security TeamViewer is used a million times around the world for giving spontaneous support over the internet, accessing unattended computers (e.g. remote support for servers) as well as for hosting online meetings. Depending on the configuration, TeamViewer can be used to remotely control another computer, as if one was sitting right in front of it. If the user who is logged on to a remote computer is a Windows, Mac or Linux administrator, they will be granted administrator rights on that computer as well. It is obvious that such a mighty functionality over the potentially unsafe internet has to be protected against attacks in various ways. As a matter of fact, the topic of security dominates all of our development goals, both to make the access to your computer safe and to protect our very own interest: Millions of users worldwide only trust a secure solution and only a secure solution secures our long-term success as a business. 1

Quality Management From our understanding, security management is unthinkable without an established quality management. The TeamViewer GmbH is one of the few providers on the market practicing a certified quality management in accordance with ISO 9001. Our quality management follows internationally recognized standards. We have our QM system reviewed by external audits on an annual basis. External Expert Assessment Our software TeamViewer has been awarded a five-star quality seal (maximum value) by the Federal Association of IT Experts and Reviewers (Bundesverband der IT-Sachverständigen und Gutachter e.v., BISG e.v.). The independent reviewers of the BISG e.v. inspect products of qualified producers for their quality, security and service qualities. Security-related inspection TeamViewer underwent security-related inspections by the German companies FIDUCIA IT AG and GAD eg (they are the largest IT services provider in the cooperative financial system in Germany with data processing centers for more than 1200 banks) and has been approved for use at bank workstations. References At present, TeamViewer is in use on more than 200,000,000 computers. International top corporations from all kinds of industries (including such highly sensitive sectors as banks, other financial institutions, health care and governments) are successfully using TeamViewer. We invite you to have a look at our references on the internet for getting a first impression of the acceptance of our solution. Surely you will agree that presumably most of the companies had had similar security and availability requirements before they - after an intensive examination - eventually decided for TeamViewer. In order for you to get your own impression, though, find some technical details in the following paragraphs. TeamViewer Sessions Creation of a Session and Types of Connections When establishing a session, TeamViewer determines the optimal type of connection. After the handshake through our master servers, in 70% of the cases a direct connection via UDP or TCP is established (even behind standard gateways, NATs and firewalls). The rest of the connections are routed through our highly redundant router network via TCP or http-tunnelling. You do not have to open any ports in order to work with TeamViewer! As later described in the paragraph "Encryption and Authentication" even we as the operators of the routing servers cannot read the encrypted data traffic. 2

Encryption and Authentication TeamViewer works with a complete encryption based on RSA public/private key exchange and AES (256 Bit) session encoding. This technology is used in a comparable form for https/ssl and can be considered completely safe by today's standards. As the private key never leaves the client computer, it is ensured by this procedure that interconnected computers - including the TeamViewer routing servers - cannot decipher the data stream. Each TeamViewer client has already implemented the public key of the master cluster and can thus encrypt messages from the masters and check its signature respectively. The PKI (Public Key Infrastructure) effectively prevents "Man-in-the-middle-attacks". Despite the encryption the password is never sent directly but only through a challenge-response procedure and is only saved on the local computer. TeamViewer encryption and authentication 3

Validation of TeamViewer IDs The TeamViewer IDs are based on various hardware and software characteristics and are automatically generated by TeamViewer. The TeamViewer servers check the validity of the ID before every connection so that is not possible to generate and use fake IDs. Brute-Force Protection Prospective customers who inquire about the security of TeamViewer regularly ask about encryption. Understandably, the risk that a third party could gain insight into the connection or that the TeamViewer access data is being tapped is feared the most. However, in reality, very primitive attacks are the most dangerous ones. In the context of computer security, a brute force attack is a trial-and-error-method to guess a password, which is protecting a resource. With the growing computing power of standard computers the time needed for guessing long password has been increasingly reduced. As a defence against brute force attacks, TeamViewer exponentially increases the latency between the connection attempts. For 24 attempts it already takes 17 hours. The latency is only reset after successfully entering the correct password. TeamViewer does not only have a mechanism in place to protect its customers from attacks from one specific computer, but also from multiple computers known as Botnet attacks, trying to access one particular TeamViewer-ID. 10000 TeamViewer Brute-Force Defense 1000 Delay in minutes 100 10 1 1 4 6 8 10 12 14 16 18 20 22 24 Attempts Chart: Time elapsed after n connection attempts during a brute force attack 4

Code Signing As an additional security feature, all of our software is signed via VeriSign Code Signing. Due to this, the publisher of the software can always be reliably identified. If the software has been changed afterwards, the digital signature becomes automatically invalid. Even the customizable TeamViewer modules are being signed dynamically during its generation. Datacenter & Backbone These two topics concern the availability as well as the security of TeamViewer. The central TeamViewer servers are located in ISO 27001-certified data centers with multi-redundant carrier connection and redundant power supply. Exclusively brand-name hardware is being used. Personal access control, video camera surveillance, motion detectors, 24x7 monitoring and on-site security personnel ensure access to the data center is only granted to authorized persons, and guarantee the best possible security for hardware and data. There is a detailed identification check at the single point-of-entry to the data center. TeamViewer Account TeamViewer accounts are hosted on dedicated TeamViewer servers. For information on access control, please refer to Datacenter & Backbone above. For authorization and password encryption Secure Remote Password protocol (SRP), an augmented password-authenticated key agreement (PAKE) protocol, is being used. An eavesdropper or man in the middle cannot obtain enough information to be able to brute force guess a password. This means that strong security can even be obtained using weak passwords. Furthermore, the server does not store password-equivalent data. Sensitive data within the TeamViewer account is stored AES/RSA 2048 Bit encrypted. Management Console The TeamViewer Management Console is a web-based platform for user management, connection reporting and managing Computers & Contacts. It is hosted in ISO-27001 certified and HIPPA compliant data centers. Any data transfer is transmitted through a secure channel using SSL (Secure Sockets Layer) encryption, the standard for secure Internet network connections. Sensitive data is furthermore stored AES/RSA 2048 Bit encrypted. For authorization and password encryption, Secure Remote Password protocol (SRP) is used. SRP is a well-established, robust, secure password-based authentication and key exchange method using 2048 Bit modules. 5

Application Security in TeamViewer Black- & Whitelist Especially if TeamViewer is used for maintaining unattended computers (i.e. TeamViewer is installed as a Windows service) the additional security option to restrict access to these computers to a number of specific clients can be interesting. With the whitelist function you can explicitly indicate which TeamViewer IDs and/or TeamViewer accounts are allowed to access this computer, with the blacklist function you can block certain TeamViewer IDs and TeamViewer accounts. No Stealth Mode There is no function which enables you to have TeamViewer running completely in the background. Even if the application runs as a Windows service in the background, TeamViewer is always made visible by an icon in the system tray. After establishing a connection there is always a small control panel visible above the system tray. Therefore, TeamViewer is intentionally unsuitable for covertly monitoring computers or employees. Password Protection For spontaneous customer support, TeamViewer (TeamViewer QuickSupport) generates a session password (one-time password). If your customer tells you their password, you can connect to their computer by entering their ID and password. After a restart of TeamViewer on the customer's side, a new session password will be generated so that you can only connect to your customer's computers if you are invited to do so. When deploying TeamViewer for unattended remote support, (e.g. of servers) you set an individual fixed password which secures the access to this computer. Access control incoming and outgoing You can individually configure the connection modes of TeamViewer. For instance, you can configure your remote support or meeting computer in a way that no incoming connections are possible. Limiting the functionality to the actually needed functions always means limiting possible weak points for potential attacks. Two Factor Authentication TeamViewer assists companies with their HIPAA and PCI compliance requirements. Two factor authentication adds an additional security layer to protect TeamViewer accounts from unauthorized access. In combination with access control through white listing TeamViewer allows you to get HIPAA and PCI ready. With two factor authentication, additionally to username and password, a code generated on a mobile device is needed to sign in to a TeamViewer account. The code is generated via the time-based one-time password (TOTP) algorithm. The TOTP code is protected by SRP and thus perfectly safe against man in the middle attacks. 6

Further Questions? For further questions or information, feel free to contact us at (US) +1 (800) 951 4573 and (UK) +44 (0) 2080 997 265 or your emails to support@teamviewer.com. Contact TeamViewer GmbH Kuhnbergstr. 16 D-73037 Göppingen Germany service@teamviewer.com General Manager: Holger Felgner Registration: Ulm HRB 534075 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information