Security

What you should know about your meeting security

Where does your web conferencing content reside and how secure is it?

There are many areas that are common to all web conferencing platforms, almost all use a store and forward server model where potentially sensitive content is persistently stored on the vendors equipment.  Their servers by default encrypts all presentation content using Advanced Encryption Standard (AES) algorithim.

Session Content is encrypted using a 128 bit Secure Sockets layer (SSL), and uses firewall port 443 (HTTPS secured traffic) rather than using firewall port 80 (standard  HTTP internet traffic). Multiple data centers with multiple providers are employed to ensure business continuity in the event of a catastrophic loss of any single presence.

One notable difference in the system archtecture is WEBEX’s MediaTone Switched Network. In addition to the above mentioned data encryption and 128 bit SSL encryption tunnel for data transfer, content resides on the MediaTone Network in a dynamic switched network via a logical connection; there is no peer-to-peer connection between the local machines.  Content is not persistenly stored as in the case of Store and Forward Server models. The only information that WEBEX retains pertaining to a session is Event Detail Records for billing and reporting purposes.  Persistently Stored content, as in Microsoft Live Meeting and Adobe, provides you with the convenience to use and reuse the same presentations after they are uploaded to the service.  By default, in this model meeting content automatically expires in 90 days up to 180 days after the meeting ends.  Meeting Presenters have the option to delete meeting content at any time or set up auto deletion of content adjusting the content expiration feature.

Security in the Design

Security in the design of the infrastructure,  addresses filtering routers that prevent common attacks on vulnerable servers.  Firewalls restrict data communication to known and authorized ports, protocols, and destination IP addresses. Intrusion detection systems perform real-time monitoring of incoming and out-going traffic, looking for anomolies in the usual pattern of delivering web conferencing services.  System Level of Security prevents malicious attacks by disabling nonessential services which have historically been known vulnerable points of attack.

User access control measures to secure customer’s communications and data

All web conferencing platforms employ a variety of other measures to secure customer’s communications and data.

The most common are:

User Authentication:

Meeting Id’s abd Meeting key. A meeting key is a string composed of numbers , letters , and symbols defined by the administrator which is either randomly generated or defined.

User Access Privileges:

Access to content resources and meeting entry are configurable by the administrator.

Access Control Lists:

For maximum security, meeting organizers can create an access control list (ACL) against which all meeting attendees (presenters and audience members) are cross-referenced before permitted to attend.  The cross-referencing is achieved through through the use of unique user-Id’s, which all meeting attendees  are required to provide, in addition to passwords, This is the most secure access level because participants do not have the opportunity to  change their display names, which means, meeting organizers are able to explicitly specify who is permitted to attend.

Third Party Audit

Finally, all web conferencing services employ third party certifications to address all aspects of proactive information security, from network and system analysis to physical and policy inspection.

See the table below to view some of the main  security features of each Conferencing service.

Web PlatformNetworkDataAccess ControlsThird Party Audit
WebExswitched private nework> 128 bit ssl data transfer
> encoded shared data
> https: port443 traffic
*attendee restricted access
*expel indivdual attendees
*terminate all attendees
*host controls content
*attendee list approval
yes
AdobeConnectPro- premise based server
- dedicated data center
> 128 bit ssl data transfer
> encoded shared data
*host controls content and user priveleges
*host password management and authentication
yes
iMeet- premise based server
- dedicated data center
> 128 bit ssl data transfer
> encoded shared data
> hacker proof filtering routers
> firewall intrusion detector system
> unaddressable data storage
> meeting data purge 180 day default
*host controls content and user priveleges
*host password management and authentication
*host control over attendee entry into meeting
*create one time unique url option with eom expiry
yes
GlobalMeet- premise based server

> 128 bit ssl data transfer
> encoded shared data
> hacker proof filtering routers
> firewall intrusion detector system
> unaddressable data storage
> meeting data purge 180 day default
*host controls content and user priveleges
*host password management and authentication
*host control over attendee entry into meeting
*create one time unique url option with eom expiry
yes