Like many other technologies, video conferencing and telepresence solutions typically use virtual private network (VPN) connections. So the basic strength in security lies within the VPN used and how the VPN connections are managed. VPN encryption and strength of credentials, keeping clients (software) updated and even changing authentication information are more basic maintenance actions to defend against breaches.
Some telepresence solutions do offer onboard encryption, so this is one more step. In large enterprise networks, the use of session border controllers is another strategy to ensure against security issues. Your local premise solutions could include placing telepresence in its own subnet and virtual local area network (VLAN) and then restricting access from other VLANs. If the voice portion is connected to your voice solution, if your voice solution supports it, and if it is an IP solution, you could also deploy voice-only end-to-end encryption. This end-to-end encryption usually works only from IP PBX-to-IP PBX in private network settings.
To test your solution(s), you could easily setup a port mirror in one of your LAN switches at each site and then run Wireshark during a telepresence session. Ideally, when you play back these packet traces using the onboard tools, you will not hear any audible conversation. I expect to see/hear more on endpoint security, especially from McAfee. I recall having a similar and general discussion about a month ago with a certain publisher -- security is an essential element in what we do, and when you stop and think about it, all these layers or roadblocks are very similar to security premise systems used to keep bad guys out and good people honest.
I should also mention that if you are implementing a security solution through one of my customer IP PBXs, then restricting access to the voice ports used for any telepresence gear means you don't allow things like executive override, service observing, silent monitoring, barge-in, and disabled tones and warnings on these ports. You wouldn't want call recording by a call center supervisor gaining access to the board of directors' discussions. You could even set up tenant services or a partition in the IP PBX/voice solution to segregate telepresence users from administrative and call center users completely and remove any dial plan access to the telepresence devices/ports from the other users in administrative or call center capacities.
This was first published in September 2010