Securing high-definition video conferencing and telepresence calls

Unified communications expert Matt Brunk discusses out-of-the-box video conferencing and telepresence security, means of improving protection, how to test solutions and more.

My company is looking into high-definition video conferencing and telepresence technology (Cisco, Polycom or HP) for executive calls. We are a bit concerned about security because of the nature of what's discussed in these meetings. How secure are these systems out of the box? Would you recommend additional security measures?

Like many other technologies, video conferencing and telepresence solutions typically use virtual private network (VPN) connections. So the basic strength in security lies within the VPN used and how the VPN connections are managed. VPN encryption and strength of credentials, keeping clients (software) updated and even changing authentication information are more basic maintenance actions to defend against breaches.

More on video conferencing and telepresence security

Video conferencing security threats loom, telepresence rooms a target

Secure video conferencing: Traversing the firewall

Technical tips on video conferencing security from Alcatel-Lucent

Some telepresence solutions do offer onboard encryption, so this is one more step. In large enterprise networks, the use of session border controllers is another strategy to ensure against security issues. Your local premise solutions could include placing telepresence in its own subnet and virtual local area network (VLAN) and then restricting access from other VLANs. If the voice portion is connected to your voice solution, if your voice solution supports it, and if it is an IP solution, you could also deploy voice-only end-to-end encryption. This end-to-end encryption usually works only from IP PBX-to-IP PBX in private network settings.

To test your solution(s), you could easily setup a port mirror in one of your LAN switches at each site and then run Wireshark during a telepresence session. Ideally, when you play back these packet traces using the onboard tools, you will not hear any audible conversation. I expect to see/hear more on endpoint security, especially from McAfee. I recall having a similar and general discussion about a month ago with a certain publisher -- security is an essential element in what we do, and when you stop and think about it, all these layers or roadblocks are very similar to security premise systems used to keep bad guys out and good people honest.

I should also mention that if you are implementing a security solution through one of my customer IP PBXs, then restricting access to the voice ports used for any telepresence gear means you don't allow things like executive override, service observing, silent monitoring, barge-in, and disabled tones and warnings on these ports. You wouldn't want call recording by a call center supervisor gaining access to the board of directors' discussions. You could even set up tenant services or a partition in the IP PBX/voice solution to segregate telepresence users from administrative and call center users completely and remove any dial plan access to the telepresence devices/ports from the other users in administrative or call center capacities.

Dig Deeper on Business Video Conferencing and Telepresence Technology