Is it a new working model conceived or facilitated by the network of networks? What role does Security play in this scenario?
By Osvaldo Callegari*
Continuing with the delivery about remote systems and their security, it is Teamviewer's® turn. We will see its particularities and the controls in terms of security.
Within the specifications of the product we find:
The QuickSupport module
Designed for easy and quick access to the client's computer, it has been optimized with customization possibilities adapted to the needs of each company. This makes it possible to include, but is not limited to, disclaimers and corporate terms and conditions. In addition now, the small executable that works without installation, automatically registers the ID of the contact in the list of associates so that the collaborator can connect with a single click. In this way, customers can communicate directly with technicians and send them messages via chat, thus eliminating the need to call or send an e-mail.
The QuickJoin Function
Just released together with TeamViewer 6 and downloaded independently, it allows multiple participants to enter the ID and connect simultaneously with a single presenter, which is perfect for group presentations.
With QuickJoin users are directed to a virtual waiting room while all participants connect. The presenter, who is in control, can check the number of participants connected in the virtual waiting room and start the presentation whenever he wants.
The Host Module
It allows permanent access 24/7 to all computers or servers, it has also been updated. Now you can add logos, colors and text to the interface to match the corporate image. To improve support sessions and obtain greater efficiency, it is possible to automatically reconnect after restarting the computer remotely.
The design and performance have also been revamped with the latest version; the
The initial screen is divided into two tabs, favoring a faster and easier navigation between the remote control option and the online presentation option.
Connection performance has improved significantly, especially in enterprise networks by increasing speed.
Version 6 is specific for Windows users, in which the highest security standards are respected, including AES-256 encryption.
For non-commercial use we have a free version, being able to acquire the various professional options.
Remote connection is now possible in one click from Android devices. This application, easy to use and free for non-commercial use, offers quick access to Windows, Mac and Linux computers located anywhere in the world.
In turn it is available for iPhone and iPad, in the Android version it is allowed full access to the computer from the mobile device, making it the practical application for people on the move.
Home users can connect and control the home computer while allowing computer scientists to offer assistance via Android from anywhere.
Connecting on Android system is very easy; the user only has to enter the ID and password of the computer to which he wants to connect with the device. In addition, TeamViewer's partner lists allow you to save the information of your trusted contacts on your computer, thus facilitating the connection. To improve the experience, the history is stored in the Android application, allowing a faster reconnection with recent contacts. Once connected, users can view the full screen of the remote computer and manipulate it with the mouse while enjoying full control.
Typical Android features, such as pinch to zoom, optimize the experience of users, who use programs or query files as if they were sitting in front of the computer. Remote restart is also possible from a mobile device, in the event that the computer needs to be restarted during the connection.
TeamViewer's Android app offers numerous options for customizing parameters, improving quality based on individual preferences.
"Mobility is an important part of business," says Holger Felgner, Head of TeamViewer GmbH.
"The desire to stay connected creates the real need for remote control software, to be able to access the workplace while on your way to the office or while participating in a meeting.
Thanks to this app, the user can stay present while where they need to be. In addition, the cross-platform solution allows access to any type of computer, since the application is compatible with Windows, Mac and Linux."
The Android app is available for version 1.6 and later and meets high security standards, such as AES-256 encryption.
For non-commercial use, the Android application is free, while for professional versions it is included in certain licenses.
How do I log in to Teamviewer?
Creating a session and connection types: When you create a session, TeamViewer determines the best connection type. After our master server gives it the operating ok, in 70% of cases the connection will be established directly via UDP or TCP (even with standard gateways, NAT and firewalls).
The rest of the connections are routed through the network of highly redundant routers via TCP or http-tunnelling. You do not have to release any ports to work with TeamViewer.
The company as the router of the services cannot read the encrypted data traffic.
Encryption and authentication
TeamViewer works with a full encryption system that is based on RSA public/private key exchange and AES session encryption (256 bit).
This technology is similarly used for https/SSL and can be used
consider completely safe according to the current standard. As the private key never leaves the client computer, this procedure ensures that the interconnected computers maintain security.
Each TeamViewer client has already deployed the public key of the master cluster and can thus encrypt messages for the master server and verify the signature of the master server.
PKI (Public Key Infrastructure) effectively prevents man-in-the-middle attacks or MitM ("Man in the Middle").
Despite encryption, the password is never sent directly, but through a challenge-response procedure and is only saved on the local computer.
Process safety
How are Teamviewer IDs validated? TeamViewer IDs are automatically generated by the same program according to certain hardware characteristics.
TeamViewer servers check the validity of the ID before making any connection, so it is not possible to generate or use fake IDs.
Protection against brute force attacks
When a potential customer asks about TeamViewer security, they're probably interested in encryption as well. It seems logical that the most feared is the risk that a third party may come to know the connection mechanism or that the access data to the application is intercepted.
In reality, very often these are very elementary attacks that are usually the most dangerous. In the context of computer security, brute-force attacks often consist of attempts to find out by the method of testing a password that protects a resource. With the growth of the power of standard computers, the time needed to figure out even long passwords has been greatly reduced.
As a defense against brute force attacks, TV exponentially increases latency between connection attempts. For 24 attempts it takes 17 hours. Latency restarts only after entering the correct password.
Code Signing
Another additional security feature is that all our software products are signed with VeriSign Code Signing.
Thanks to this, the origin of the software can always be easily identified. If it changes, the digital signature is automatically rendered unusable.
Where is TeamViewer hosted?
Datacenter and backbone: These two topics are related to both availability and security. TeamViewer's central server is located in an ultra-modern data center with multiple redundant carrier connection and redundant power supply. Branded hardware (Cisco, Foundry, Juniper) is used exclusively. Access to the data center is only possible after a thorough identity check through a single gateway.
Our servers are protected against attacks from within by CCTV, intrusion detection, 24-hour surveillance and on-site security personnel.
Application security in TeamViewer
Blacklist and whitelist: Especially if you use TeamViewer for the maintenance of unoccupied computers (i.e. TeamViewer is installed as a Windows service), it may be interesting, apart from the rest of the mechanisms to ensure security, to restrict access to these computers to a specific number of clients.
With the whitelist function, you can expressly indicate which TeamViewer ID has permission to access this computer, while with the blacklist function you can block certain system IDs.
There is no feature that allows TeamViewer to operate completely in the background.
Even if the app works as a Windows service in the background, TeamViewer will always be visible via an icon in the system tray. After establishing the connection, there will always be a small control panel visible above the system tray;
Important additional information:
It is not designed to covertly control computers or personnel.
Password protection
To spontaneously help customers, TV generates a session password (a one-time password).
If a customer communicates their password to you, you can connect to the computer by entering the ID and password.
After the restart of the client terminal, a new session password is generated, so that another person can only access their computers if explicitly invited. When used for remote support of unoccupied computers (e.g. servers), an individual password is set that ensures access to this computer.
Inbound and outbound access control
You can individually configure TeamViewer connection modes. So, for example, you can configure your remote support or computer for presentations so that incoming connections are not possible.
By limiting the total capacity only to the functions really needed, potential weak points for potential attacks are being eliminated.
Within the particularities of remote systems, there will always be challenges when it comes to vulnerability, since in this medium of communications and technology nothing is said.
With the last part we will see the third product analyzed and a summary of what was published in the three editions. Brands and products are registered trademarks and products of their own companies.
To contact the author write to [email protected]
Leave your comment