this presentation discusses various web conferencing tools, how to use them. This also discusses what safety precautions we can adopt to keep our web conferencing sessions safe. It also share the tips to use Google Meet effectively.
7. Zoom Bomb: CSUB ASI Board Meeting
Breached by Trolls
https://www.youtube.com/watch?v=OEs6mdMgAKU
8. Zoom-bombing disrupted a House
Oversight Committee meeting
https://www.zdnet.com/article/zoom-bombing-disrupted-a-house-oversight-committee-meeting/
10. Video Conferencing Security Best
Practices
• Is your current video solution is
a legacy system, or is more than
five years old?
A few things that will help you
decide if your current system is
too big a risk are:
• the type of data encryption the
system uses;
• how callers log in;
• and how the system manages
data.
https://highfive.com/blog/5-steps-for-secure-video-conferencing
Outdated System
11. Video Conferencing Security Best
Practices
• 128-bit Advanced Encryption
Standard (AES) protection The keys are automatically
generated at the beginning of
each video session, and according
to research, are so strong, it
would take a supercomputer one
“billion billion” years to breach a
128-bit AES key.
https://highfive.com/blog/5-steps-for-secure-video-conferencing
Logically unbreakable
12. Video Conferencing Security Best
Practices
• single sign-on (SSO) for user
authentication
SSO credentials are tied to a
user’s authorization and
entitlements profile, IT can
track where, when and how
credentials are used
https://highfive.com/blog/5-steps-for-secure-video-conferencing
it greatly reduces the risk of
user credentials being lost,
stolen or compromised
13. Video Conferencing Security Best
Practices
• Domain-based approach to
security The first mistake is connecting it
directly to the Internet without
using a firewall.
The second is setting it to
automatically answer incoming
video calls, which provides
remote intruders with easy
access.
https://highfive.com/blog/5-steps-for-secure-video-conferencing
enables the system
administrator to control
access to video conferences
by assigning various levels of
permission to users
14. Video Conferencing Security Best
Practices
• A video conferencing policy • Users must get permission to record a video
conference from everyone on the call.
• Personal mobile devices should not be used
to record video conferences.
• Sensitive information should be discussed in
designated video conference rooms and not
in public places or open office spaces.
• Video conferences conducted at a user’s desk
should train the camera to focus on the users
face, and any visible confidential data should
be removed from camera view.
• Cameras and microphones should be turned
off when not in use.
• Remote control of cameras is for
authenticated users only.
https://highfive.com/blog/5-steps-for-secure-video-conferencing
sensitive information, such as
hospitals and financial
institutions will want to be
specific about who users can
connect with via video
conference
15. Tips for protecting the video
conferencing environment
Always ensure that meetings are password-protected
Don’t share meeting information on public platforms.
Use host controls to your advantage.
Utilize waiting rooms or lobbies.
Notify users if the meeting is being recorded.
Disable file transfer features.
Always update to the latest version.
16. The host joins first.
Tips for protecting the video
conferencing environment
Lock calls after everyone joins
Make sure that every attendee speaks at the start of the
call, maybe even on video. It helps deal with isolation and
identifies unknown attendees.
Prevent the recording of meetings
Don’t allow participants to screen share by default.
18. Question = How does Google Meet,
Microsoft Teams and Zoom differ in
their approach?
Microsoft Teams and Google Meet require users
to have accounts with them,
whereas Zoom allows users to participate using
their web browsers.
19. Google Meet (previously known as
Google Hangouts Meet )
• Google's Multi-layered security
• Meet has no need for frequent security patches, simply because the
application works fully in your browser.
• Google Meet supports the same robust privacy commitments and
data protections as the rest of Google Cloud’s enterprise services.
• In G Suite Enterprise and G Suite for Education, customers can use
additional advanced security functionalities like Access
Transparency.
https://www.fourcast.io/blog/security-privacy-in-google-meet-video-conferencing
20. Google Meet Features
• Meet doesn’t have user attention-tracking features or software.
• All data in Google Meet is encrypted in transit by default between
the client and Google for video meetings on a web browser, on the
Android and iOS apps, and in meeting rooms with Google meeting
room hardware.
• All Meet recorded meetings are stored in Google Drive and get
encrypted by default, like all data that you store in Drive.
https://www.fourcast.io/blog/security-privacy-in-google-meet-video-conferencing
21. Google Meet Features
• To secure your online meetings further, Google has taken several
anti-intruder measures to make sure your video meetings are safe
from unwanted guests. These include anti-hijacking measures for
both web video meetings and telephony dial-ins.
• The way Google Meet works, guests can enter video meetings via a
simple meeting link in the browser or Meet app. Very convenient,
but is this safe? Yes it is! Google makes it nearly impossible for
external people with bad intentions to crack your video meeting IDs
programmatically.
https://www.fourcast.io/blog/security-privacy-in-google-meet-video-conferencing
22. Avoiding unwanted guests with
secure meeting IDs
• Google Meet meeting codes are 10 characters long, with 25
characters in the set. This makes it impossible for outsiders to “guess”
meeting codes and join an internal video meeting that way.
• Pro tip: pay attention not to share your meeting links to externals
that don’t need to get access to your video meetings. This could for
example happen when you share a screenshot of your meeting room
where the meeting link is visible in the browser. These days a lot of
companies are sharing such screenshots on LinkedIn to show how
they stay in touch with their employees.
https://www.fourcast.io/blog/security-privacy-in-google-meet-video-conferencing
23. Mitigating External participants risk
through identified meeting links
• External participants from
outside the host’s domain can
join a video meeting directly
with the encrypted link. But
they can do this only if they
are on the Calendar invite for
this video meeting, or if they
have been invited by in-
domain participants from the
Google Meet session.
https://www.fourcast.io/blog/security-privacy-in-google-meet-video-conferencing
24. Mitigating External participants risk
through identified meeting links
• Any other external participants must request to join the meeting,
and this request must be accepted by a member of the host
organisation of the meeting before this person can actually enter the
meeting. Unexpected or unwanted meeting guests can simply be
refused to enter the meeting by one of the meeting hosts.
• In addition to that measure, Google also makes it impossible for
externals to join a scheduled video meeting in Google Meet more
than 15 minutes before the meeting actually starts. This is reducing
even more the opportunity window for malicious ‘meeting-bombers’
to attempt to break in your video meeting.
https://www.fourcast.io/blog/security-privacy-in-google-meet-video-conferencing
25. Good practices for Google Meet
• Only meeting creators and calendar owners can mute or remove
other participants. This ensures that instructors can't be removed or
muted by student participants.
• Only meeting creators and calendar owners can approve requests to
join made by external participants. This means that students can’t
allow external participants to join via video, and that external
participants can’t join before the instructor.
• Meeting participants can’t rejoin nicknamed meetings once the final
participant has left. This means if the instructor is the last person to
leave a nicknamed meeting, students can’t join later without the
instructor present.