Should teamveiwer be installed on Servers?

ed1270kos · 2018-07-17T12:15:57.000Z

Hello IT pro`s,

I was thinking about installing Teamviewer on some severs. What are the pros and cons of that in your opinion? THX

wcrorlando · 2018-07-17T12:17:26.000Z

I put teamviewer on a separate PC, then RDP to the servers. Let’s me monitor what’s going on, but I don’t need many connections. YMMV

henrytaylor2 · 2018-07-17T12:28:56.000Z

One negative is it creates a potential vulnerability but i guess it depends on your risk mitigation techniques and how you plan to use it. Also it depends on the function of the server is. i would probably not risk it on mission critical servers. All in all i would say that there are loads of factors that could affect this decision. i would go with what you think is right. if it feels too risky it probably is.

henrytaylor2 · 2018-07-17T12:29:16.000Z

also, good luck!

bryandoe · 2018-07-17T12:31:55.000Z

At a minimum I wouldn’t put it directly on servers, but personally I’d set up a VPN and RDP instead.

stevesachs · 2018-07-17T12:32:01.000Z

If it’s properly locked-down, not a problem. I use Splashtop, and it works well.

I’m pulling away from public Internet access to RDP. It seems to be too big a target these days. If I can keep the RDP connection on the internal LAN, I’m OK with it. Splashtop allows me to get to a remote server without the same exposures.

bryandoe · 2018-07-17T12:48:28.000Z

I’m pulling away from public Internet access to RDP. It seems to be too big a target these days.

It’s been a big target for years. Nothing wrong with it internally.

I don’t even allow any of my servers internet access unless they need it. If they need it, they only get what they need.

Rod-IT · 2018-07-17T13:11:19.000Z

Why would you want TeamViewer on servers?

If you want to access them from externally, you want a VPN, no ifs or buts, you want VPN.

If you are internal, use RDP / SSH

Carl-Holzhauer · 2018-07-17T13:13:43.000Z

I wouldn’t, I’d use RDC over a VPN

corbin · 2018-07-17T13:27:59.000Z

I don’t put it on servers, only desktops and I can always RDP from there internally into the servers. If you need to connect to servers from the outside, i’d set up a VPN connection.

If you decide to ignore the suggestions and put it on the servers, enable 2FA for teamviewer. At least if someone takes over your account they still couldn’t connect to the server without your phone.

JohnFreeman · 2018-07-17T13:30:50.000Z

I personally wouldn’t unless you’re protecting the data as otherwise it’s a massive vulnerability. By time you figure the work of deploying Bitlocker, Veracrypt, or Rollback Rx onto the server, you really have to wonder what’s the point of doing all this work for the little bit of ease it’ll provide you.

matthewk · 2018-07-17T16:35:13.000Z

I would advise against it. Servers already have remote admin tools you can use without installing additional third-party applications. They just increase the number of vectors you can be attacked from.

Not only that, but direct Internet access to remote server admin tools is a bad idea in general.

jtmarsh67 · 2018-07-17T16:57:16.000Z

What we do here is if a vendor requires access to a server we set up a vpn connection for them and turn it on when they request and off after they are done We have some that want access to run apps we have a vm that we can start and they can use team viewer in to that vm to run their application. Big no to server and internet access unless it is one of our web or media servers, and those are isolated from our production networks.

khairulzuanabdmajid · 2018-07-18T04:28:55.000Z

no you don’t need to install TV in server. RDP over VPN is the better way. I agree with @jtmarsh67. I also ask vendor how long they want to use rdp. so i can set the time and day they can connect to our app server.

jtmarsh67 · 2018-07-18T15:30:11.000Z

jtmarsh67:

What we do here is if a vendor requires access to a server we set up a vpn connection for them and turn it on when they request and off after they are done We have some that want access to run apps we have a vm that we can start and they can use team viewer in to that vm to run their application. Big no to server and internet access unless it is one of our web or media servers, and those are isolated from our production networks.

We log a ticket in the helpdesk with a request type of vendor remote which is color coded to stand out from a regular ticket to remind us to check the connection if we have not received notification to break it down from the vendor.

dota7allstars · 2018-07-24T23:23:03.000Z

I would not recommend having teamviewer installed on servers as they sometimes do pose vulnerability risk and the setup is alittle tedious such as setting an account as well as registering the teamviewer ID and password to your own teamviewer, basically means both your PC and the server’s PC needs teamviewer especially the same version otherwise it will not be able to sync, thats the 2nd cons of having a teamviewer installed on server PC

dineshmehta · 2018-08-15T19:51:40.000Z

It’s always a good practice to have multi layers to connect servers to increase the Server security. So first connect any computer in the office using VPN / Teamviewer and then Remote the server from there.