Remote control software such as TeamViewer and Sunlogin can expose your Elastic Compute Service (ECS) instances to unauthorized access, data theft, and malware propagation. Cloud Firewall's Intrusion Prevention System (IPS) includes built-in rules to detect this software. By default, these rules run in Monitor mode, which logs traffic without blocking it. Switch the rules to Block mode to actively prevent remote control software from running on your instances.
Security risks
Uncontrolled remote control software exposes your hosts to the following risks:
Unauthorized access by insiders: An employee who installs remote control software on a remote host gains full control of that host without entering credentials, and can steal or delete data.
Attacker exploitation: An attacker who integrates remote control software with a compromised host can perform visualized operations via webshells, gaining full host permissions, stealing data, and inserting additional webshells.
Worm and trojan propagation: Worms and trojans can use remote control software as an entry point to insert webshells and gain full host permissions.
Block remote control software
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose Prevention Configuration > IPS Configuration.
On the Internet Border > Basic Protection tab, change the mode of specific or all related rules to Block.
