Dameware client install -> how does it work and how do i block it?

When the client isn't installed, i'm able to provide admin credentials and install remotely.
In light of all ransomware attacks, this gives me the creeps. How is Dameware able to do this, and how do i block it so other programs can't be installed?

Parents
  • This is not specific to Dameware. A lot of software when given admin creds can install over the network. Best way to fix these kinds of issues is make sure your permissions are locked down so that people don't have admin rights, use a product like Access Rights Manager to help you with this. A good review of Active Directory to see what permissions people have is a necessity and server configuration manager along with server and application monitor will help you to determine what software is installed on what servers and you can then revert them to a previous state if you do see issues with new software being installed. If you have VMAN you could also do vmware snapshots and combined with decent backup / antivirus software you have then covered your back against ransomware.

    Most networks are zero trust these days too. So if your ports are locked down properly to every single server then you'll find it hard to install software that requires specific ports. If you were to block the 61** ports then Dameware would not be able to communicate. This is similar to other apps that use specific ports.

    I wouldn't worry about Dameware too much though.

  • Thanks for your extensive answer. We're migrating our servers to RDP access only this is why i'd like to lock down every other possible means of connecting.
    What protocol do these programs use to install?

Reply Children
  • When teams hand over their apps and servers from transformation into an operational state, they should provide a list of port requirements for each application to you, this makes your job a little easier. RDP uses 3389 but of course if thats the only port you leave open a lot of other stuff won't work. So its a case of speaking with a network / security engineer to do an audit or using a good security product like security and event manager combined with netflow and NPM to determine what comms are flowing around your network. 

    Here are all the ports for Dameware, so you can block it if you wish. support.solarwinds.com/.../Ports-Required-for-Dameware