Meraki

Community

Anyone have a slick way to block all Remote Access Tools?

Red-Five
Here to help
‎Mar 18 2022 12:28 PM
‎Mar 18 2022 12:28 PM

Anyone have a slick way to block all Remote Access Tools?

I was hoping to find a Content category that would block remote access tools (gotomypc, logmein, etc) but didn't find one.  Anyone have a good way to setup a generic block to these types of connections?

 

Thanks

5 Replies 5
Make_IT_Simple
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Mar 18 2022 12:35 PM
‎Mar 18 2022 12:35 PM

I don't believe there is an easy way. I would personally search for all known ports used by remote access tools and block them. 

In response to Make_IT_Simple
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 18 2022 2:29 PM
‎Mar 18 2022 2:29 PM

Many of these tools have an automatic fallback to TCP/80, TCP/443 or even HTTP/S. This will likely not work.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
Make_IT_Simple
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Mar 18 2022 2:36 PM
‎Mar 18 2022 2:36 PM

Did you try blocking all remote monitoring & management?

Make_IT_Simple_0-1647639394159.png

 

lambrit
New here
‎Sep 16 2024 7:14 AM
‎Sep 16 2024 7:14 AM

Anyone have an update on this...checking talos on this most of the remote desktop tools are categorized as online meetings.    So teamviewer/anydesk is categorized the same as Teams...which fundamentally makes no sense.  

Curious if this has evolved?

0 Kudos
In response to lambrit
Dunky
Head in the Cloud
‎Sep 18 2024 8:20 AM
‎Sep 18 2024 8:20 AM

Can you not Deny at Layer 7 as below:

Dunky_0-1726672705803.png

 

And add L3 Deny rules for teamviewer.com etc provided the MX has seen the DNS lookup, or if using internal DNS setup a teamviewer.com domain and resolve to 127.0.0.1 ??

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.