Cisco Blogs

Keep Videoconferencing Conversations Confidential

March 19, 2012 - 0 Comments

Follow these tips to secure critical company information from prying eyes

Videoconferencing—conducting meetings with anyone, at anytime, from anywhere—seems like a win-win solution. Videoconferencing both saves time and cuts down on travel costs. And it can help employees collaborate more efficiently and stay better connected.

What can go wrong? As it turns out, videoconferencing can open a giant security hole in your business. Like a tap on your CEO’s phone or a bug hidden under your conference table, videoconferencing can allow eavesdroppers access to your company’s confidential conversations.

Beware videoconferencing vulnerabilities

As a technology that operates over the Internet, videoconferencing can provide the bad guys with a way into your network. Last month, Rapid7 proved to the world just how risky an unsecured videoconference system can be. The vulnerability management company scanned the Internet for just two hours to find videoconferencing systems that were installed outside the firewall and configured to automatically answer calls.

Behaving like many hackers and calling these unsecured systems, Rapid7 easily gained access to 5,000 different conference rooms of companies that often work with highly sensitive data, including law firms, medical centers, and venture capital companies. Having gained this access to these companies’ IP-based video cameras, they were able to easily zoom in on papers sitting on the conference table, read presentation slideshows, and even capture keystrokes as people entered their passwords.

Videoconferencing systems can also be vulnerable to man-in-the-middle attacks. A hacker can eavesdrop on the videoconference by breaking into the line or disrupting communications, even redirecting the traffic to or through his own computer.

If you’re only going to set up videoconferencing stations internally, say, from your company’s main office to a remote location or branch office, your security risk is low. The videoconferencing broadcast will stay secured on your internal network, and hackers won’t have an opportunity to break in. But if you’re going to conduct videoconferences with third parties, like partners or customers, your video traffic will traverse the Internet and you’ll have to take more rigorous security measures.

Start with a secure infrastructure

A videoconferencing or telepresence system sits on top of your existing network, so it must be built to provide a secure network foundation.  Then choose a telepresence solution that uses standards-based encryption and digital certificates, such as Cisco TelePresence for Small and Medium Business, so that it can securely connect with other videoconferencing systems. The videoconferencing system also must be installed behind your firewall. And, if the system has a feature that lets callers automatically connect without a passcode, disable it immediately. According to Rapid7, failure to implement these two security measures can give hackers easy access to conference rooms and the activities in them.

Next, inspect the other security features built in to your telepresence solution, such as a secure channel for videoconferencing traffic that provides secure signaling and handling, and make sure they’re all turned on. Be aware, however, that encrypting the videoconference channel may require more network bandwidth to ensure a smooth and clear conferencing experience.

Implementing a videoconferencing system that meets your business needs while being secure can be tricky. For many small businesses, it’s worth getting help from a local Cisco reseller that specializes in security risk management.

What security measures have you put in place for your videoconferencing system?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.