Ask the Expert

Securing high-definition video conferencing and telepresence calls

My company is looking into high-definition video conferencing and telepresence technology (Cisco, Polycom or HP) for executive calls. We are a bit concerned about security because of the nature of what's discussed in these meetings. How secure are these systems out of the box? Would you recommend additional security measures?

    Requires Free Membership to View

Like many other technologies, video conferencing and telepresence solutions typically use virtual private network (VPN) connections. So the basic strength in security lies within the VPN used and how the VPN connections are managed. VPN encryption and strength of credentials, keeping clients (software) updated and even changing authentication information are more basic maintenance actions to defend against breaches.

More on video conferencing and telepresence security

Video conferencing security threats loom, telepresence rooms a target

Secure video conferencing: Traversing the firewall

Technical tips on video conferencing security from Alcatel-Lucent

Some telepresence solutions do offer onboard encryption, so this is one more step. In large enterprise networks, the use of session border controllers is another strategy to ensure against security issues. Your local premise solutions could include placing telepresence in its own subnet and virtual local area network (VLAN) and then restricting access from other VLANs. If the voice portion is connected to your voice solution, if your voice solution supports it, and if it is an IP solution, you could also deploy voice-only end-to-end encryption. This end-to-end encryption usually works only from IP PBX-to-IP PBX in private network settings.

To test your solution(s), you could easily setup a port mirror in one of your LAN switches at each site and then run Wireshark during a telepresence session. Ideally, when you play back these packet traces using the onboard tools, you will not hear any audible conversation. I expect to see/hear more on endpoint security, especially from McAfee. I recall having a similar and general discussion about a month ago with a certain publisher -- security is an essential element in what we do, and when you stop and think about it, all these layers or roadblocks are very similar to security premise systems used to keep bad guys out and good people honest.

I should also mention that if you are implementing a security solution through one of my customer IP PBXs, then restricting access to the voice ports used for any telepresence gear means you don't allow things like executive override, service observing, silent monitoring, barge-in, and disabled tones and warnings on these ports. You wouldn't want call recording by a call center supervisor gaining access to the board of directors' discussions. You could even set up tenant services or a partition in the IP PBX/voice solution to segregate telepresence users from administrative and call center users completely and remove any dial plan access to the telepresence devices/ports from the other users in administrative or call center capacities.

This was first published in September 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: