How to block TeamViewer on your network, in this article we’ve covered all you need to know.
Steps To How To Block Teamviewer On Your Network
Step 1: Block DNS
Firstly, you must block DNS records resolution from teamviewer.com. This would be simple if you are operating your own DNS server. Now, first thing is to launch the DNS management console. For the TeamViewer domain i.e., teamviewer.com, you must now establish your own top-level record Keep the new record in its current state. If you don’t point this record someplace, your network connections to this new domain will be immediately terminated.
Step 2: Ensure Clients Connection
Now, log into your router or firewall and create an outgoing firewall rule. This new rule will block all TCP and UDP traffic on port 53 from all IP address sources. Only the IP addresses of your DNS server are allowed.
This restricts clients to only resolving records that you’ve authorized via your DNS server. The request can now be forwarded to other external servers by these authorized servers.
Step 3: Block access to IP Address Range
You may be relieved that connections have been blocked now that the DNS record has been blocked. However, if you aren’t, it will help because TeamViewer will sometimes connect to its known addresses despite the DNS being blocked.
There are now solutions to this issue as well. You’ll need to restrict access to the IP address range in this case. To log in to your Router.
You’ll need to create a new Firewall rule now. The directed connections to 220.127.116.11./24 will be blocked by this new firewall rule.
TeamViewer’s IP address range is 18.104.22.168/24. 22.214.171.124 – 126.96.36.199 is the new translation.
Step 4: Block TeamViewer Port
This step is probably unnecessary, but it can provide an additional layer of protection. If port 5938 is unavailable, TeamViewer connects using ports 80 (HTTP) and 443 (SSL) instead. Here’s how you can disable that port:
Log in to your router or firewall.
Disallow TCP and UDP port 5938 from all source IP addresses with a new outgoing firewall rule.
Step 5: Group Policy Restriction
Consider adding Software Restrictions to Group Policy if you have an Active Directory Network. Here’s how to go about it:
TeamViewer EXE can be downloaded from their website.
Create a new GPO using the Group Policy Management Console.
Go to User Configuration > Windows Settings > Security Settings > Software Restriction Policies in your GPO to find Software Restriction Policies.
Choose “New Software Restriction Policies” from the context menu.
In the New Hash Rule popup window, click “Browse.” Open the TeamViewer setup EXE. Close those windows and apply your new GPO to everyone by linking it to the domain.
Step 6: Deep Packet Inspection
If none of these methods work, you may need to install a firewall with Deep Packet Inspection and Unified Threat Management. These devices have been programmed to look for and block typical remote access tools.
These procedures should ensure that TeamViewer is reliably blocked on your network. This protects you from users trying to use this software to obtain remote access to your network or to bypass filters on their own PCs at home. Because the ports and IP addresses may change in the future, it’s a good idea to double-check your configuration on a frequent basis to make sure it’s still working. All of the other common remote access technologies should be subjected to the same restrictions. You can never be too safe when it comes to security.
In this article, we have outlined all the steps in order to help how to block TeamViewer on your network. If you have any other queries or suggestions let us know in the comment area.
Read all How-To articles and Fixes related to Software here.