Video Conferencing Security

Exercise
Name some of the
Video Conference
Tools you have
used or heard of.

Exercise
By what method you can guarantee
100% protection from threats while
using web conference tools?

work-from-home (WFH)
Image by Lynette Coulston from Pixabay
Vulnerabilities

Zoom Bomb: CSUB ASI Board Meeting
Breached by Trolls
https://www.youtube.com/watch?v=OEs6mdMgAKU

Zoom-bombing disrupted a House
Oversight Committee meeting
https://www.zdnet.com/article/zoom-bombing-disrupted-a-house-oversight-committee-meeting/

https://cyberhoot.com/cybrary/zoom-bombing/

Video Conferencing Security Best
Practices
• Is your current video solution is
a legacy system, or is more than
five years old?
A few things that will help you
decide if your current system is
too big a risk are:
• the type of data encryption the
system uses;
• how callers log in;
• and how the system manages
data.
https://highfive.com/blog/5-steps-for-secure-video-conferencing
Outdated System

Practices
• 128-bit Advanced Encryption
Standard (AES) protection The keys are automatically
generated at the beginning of
each video session, and according
to research, are so strong, it
would take a supercomputer one
“billion billion” years to breach a
128-bit AES key.
Logically unbreakable

Practices
• single sign-on (SSO) for user
authentication
SSO credentials are tied to a
user’s authorization and
entitlements profile, IT can
track where, when and how
credentials are used
it greatly reduces the risk of
user credentials being lost,
stolen or compromised

Practices
• Domain-based approach to
security The first mistake is connecting it
directly to the Internet without
using a firewall.
The second is setting it to
automatically answer incoming
video calls, which provides
remote intruders with easy
access.
enables the system
administrator to control
access to video conferences
by assigning various levels of
permission to users

Practices
• A video conferencing policy • Users must get permission to record a video
conference from everyone on the call.
• Personal mobile devices should not be used
to record video conferences.
• Sensitive information should be discussed in
designated video conference rooms and not
in public places or open office spaces.
• Video conferences conducted at a user’s desk
should train the camera to focus on the users
face, and any visible confidential data should
be removed from camera view.
• Cameras and microphones should be turned
off when not in use.
• Remote control of cameras is for
authenticated users only.
sensitive information, such as
hospitals and financial
institutions will want to be
specific about who users can
connect with via video
conference

Tips for protecting the video
conferencing environment
Always ensure that meetings are password-protected
Don’t share meeting information on public platforms.
Use host controls to your advantage.
Utilize waiting rooms or lobbies.
Notify users if the meeting is being recorded.
Disable file transfer features.
Always update to the latest version.

The host joins first.
Tips for protecting the video
conferencing environment
Lock calls after everyone joins
Make sure that every attendee speaks at the start of the
call, maybe even on video. It helps deal with isolation and
identifies unknown attendees.
Prevent the recording of meetings
Don’t allow participants to screen share by default.

Background Blur
https://www.businessinsider.in/slideshows/miscellaneous/here-are-the-best-funny-images-and-memes-
to-use-as-a-zoom-background/slidelist/74921244.cms#slideid=74921267

Question = How does Google Meet,
Microsoft Teams and Zoom differ in
their approach?
Microsoft Teams and Google Meet require users
to have accounts with them,
whereas Zoom allows users to participate using
their web browsers.

Google Meet (previously known as
Google Hangouts Meet )
• Google's Multi-layered security
• Meet has no need for frequent security patches, simply because the
application works fully in your browser.
• Google Meet supports the same robust privacy commitments and
data protections as the rest of Google Cloud’s enterprise services.
• In G Suite Enterprise and G Suite for Education, customers can use
additional advanced security functionalities like Access
Transparency.
https://www.fourcast.io/blog/security-privacy-in-google-meet-video-conferencing

Google Meet Features
• Meet doesn’t have user attention-tracking features or software.
• All data in Google Meet is encrypted in transit by default between
the client and Google for video meetings on a web browser, on the
Android and iOS apps, and in meeting rooms with Google meeting
room hardware.
• All Meet recorded meetings are stored in Google Drive and get
encrypted by default, like all data that you store in Drive.

Google Meet Features
• To secure your online meetings further, Google has taken several
anti-intruder measures to make sure your video meetings are safe
from unwanted guests. These include anti-hijacking measures for
both web video meetings and telephony dial-ins.
• The way Google Meet works, guests can enter video meetings via a
simple meeting link in the browser or Meet app. Very convenient,
but is this safe? Yes it is! Google makes it nearly impossible for
external people with bad intentions to crack your video meeting IDs
programmatically.

Avoiding unwanted guests with
secure meeting IDs
• Google Meet meeting codes are 10 characters long, with 25
characters in the set. This makes it impossible for outsiders to “guess”
meeting codes and join an internal video meeting that way.
• Pro tip: pay attention not to share your meeting links to externals
that don’t need to get access to your video meetings. This could for
example happen when you share a screenshot of your meeting room
where the meeting link is visible in the browser. These days a lot of
companies are sharing such screenshots on LinkedIn to show how
they stay in touch with their employees.

Mitigating External participants risk
through identified meeting links
• External participants from
outside the host’s domain can
join a video meeting directly
with the encrypted link. But
they can do this only if they
are on the Calendar invite for
this video meeting, or if they
have been invited by in-
domain participants from the
Google Meet session.

Mitigating External participants risk
through identified meeting links
• Any other external participants must request to join the meeting,
and this request must be accepted by a member of the host
organisation of the meeting before this person can actually enter the
meeting. Unexpected or unwanted meeting guests can simply be
refused to enter the meeting by one of the meeting hosts.
• In addition to that measure, Google also makes it impossible for
externals to join a scheduled video meeting in Google Meet more
than 15 minutes before the meeting actually starts. This is reducing
even more the opportunity window for malicious ‘meeting-bombers’
to attempt to break in your video meeting.

Good practices for Google Meet
• Only meeting creators and calendar owners can mute or remove
other participants. This ensures that instructors can't be removed or
muted by student participants.
• Only meeting creators and calendar owners can approve requests to
join made by external participants. This means that students can’t
allow external participants to join via video, and that external
participants can’t join before the instructor.
• Meeting participants can’t rejoin nicknamed meetings once the final
participant has left. This means if the instructor is the last person to
leave a nicknamed meeting, students can’t join later without the
instructor present.

https://support.google.com/a/answer/7582940?hl=en

Video Conferencing Security

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (19)

Ähnlich wie Video Conferencing Security

Ähnlich wie Video Conferencing Security (20)

Mehr von Ramesh C. Sharma

Mehr von Ramesh C. Sharma (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Video Conferencing Security