Secure connection to the customer

tomsjaanis

Hi,

I have received a frustrating email from the customer regarding securing a connection to the client’s users.

Considering both scenarios, which would be the best solution for establishing a secure connection with the customer?

Note: Our company has purchased licenses for each ServiceDesk agent, and we are advising the client to use TeamViewer QS.

Scenario 1:
A user has himself installed TeamViewer for personal purpose and keeps TeamViewer client running on the office computer to be able to access it remotely from a PC at home/remote via standard hosted TeamViewer Cloud services.
Risk: Since user Is already logged on to the office computer the TeamViewer session is bypassing security mitigations like the need to be in physical office, MFA, requirement to use a Client workstations etc.

 

Scenario 2:
An attacker sends an email with a TeamViewer link to a Client employee. Attacker can present itself as a valid source, example as an Company service desk employee.
Risk: Attacker bypassing any security measures and will direct utilize the logged in user credentials.

Preferable we would like to block all non-Company traffic towards the official TeamViewer cloud services to mitigate both above, and instead only allow/support Company initiated TeamViewer traffic. But as of now our possibilities network wise to limit the Company traffic from "personal" TeamViwer traffic is difficult.

Chisa_R

Hi @tomsjaanis,
Welcome to the TeamViewer Community 😊

Thank you for your question about security. We take this topic very seriously, so let’s explore the available options together.

We have a Security Handbook that outlines a range of features and best practices for strengthening security. Sharing this handbook with the client is a good starting point, as they can implement the measures that best fit their situation.

💡Since QuickSupport is a streamlined module designed for simple use, it does not support advanced configurations. If specific settings or security controls are required, installing the TeamViewer Host or the full client would be a more suitable option.

We’d like to point out that the following two features may be especially relevant (only if they install TeamViewer Host or full client):

• Allowlist — You can restrict access to the device so that only approved accounts or devices can connect. More details are available in the handbook.
• Deny incoming connections — If the client does not use TeamViewer frequently, they can set their office device to deny incoming connections by default. When they need support, they can temporarily switch the setting to Full Access. This can be especially effective in Scenario 2. More details can be found here.
  

If you’d like us to go into more detail about any specific feature, please let us know!

Best,
Chisa