O&M engineers use remote control software in routine O&M, such as remote host control, remote desktop connections, remote startups, remote management, and internal network penetration.
Impacts
- Unauthorized operations performed by an employee of an enterprise
After an employee of an enterprise installs remote control software on a remote host, the employee has full permissions on the host without the need to enter the username and password of the host. For example, the employee can steal and delete data on the host.
- Attacks
After an attacker integrates remote control software with a host, the attacker can remotely perform visualized operations on the host by using webshells and has full permissions on the host. For example, the attacker can steal data from the host and insert webshells to the host.
- Spreading of worms and trojans
After remote control software is installed on a host, worms and trojans can insert webshells to the host. This way, worms and trojans have full permissions on the host.
Operations in the Cloud Firewall console
By default, the rules that you can use to disable commonly used remote control software such as TeamViewer and Sunlogin are in Monitor mode.
If you want to disable remote control software on your Elastic Compute Service (ECS) instance, you can log on to the Cloud Firewall console, choose , and click Customize in the Basic Protection section. In the Customize Basic Protection Policies dialog box, change the mode of some or all related rules to Block. This prevents or minimizes the preceding impacts in an efficient manner.