Videoconferencing is new on the scene. It used to be something you only saw in science fiction. Remember the earth-to-space video communications in 2001? It wasn’t until the 1980s that anything similar became practical outside of the movies. The first videoconference between Africa and North America took place fairly recently: June of 1995. Like the Internet itself, once it got going videoconferencing evolved at lightning speed.
Now it’s everywhere, and the quality is something not even the characters in 2001 could have imagined. But there’s a dark side: videoconferencing set up outside a firewall can introduce vulnerabilities that it doesn’t take a HAL to figure out how to breach.
Rapid 7 is a company that specializes in finding security gaps in computer systems, and an investigation it conducted in 2012 exposed some glaring oversights in carelessly configured videoconferencing.
HD Moore of Rapid 7 found it easy to look around the boardrooms of top law firms, oil companies, and venture capital firms through their videoconference setups. Many systems are on the Internet with few safeguards, and Moore could have easily eavesdropped on attorney-client conversations or made himself privy to a board meeting.
Some videoconference systems can be set up to automatically accept inbound calls, and this makes it possible for anyone to dial in and make themselves right at home. Mr. Moore scanned the Internet for companies that had their videoconferencing configured outside a firewall while their systems were set up to automatically accept inbound calls.
After scanning only three percent of the Internet, Moore found 5,000 vulnerable systems, including a venture capital firm that was hosting a conference with company financials being projected on the screen while Moore was hacked into the system. One of the largest videoconferencing equipment vendors even sells its equipment with auto-answer enabled by default.
As if this didn’t represent enough potential for skullduggery, this summer the German magazine Der Spiegel accused N.S.A. of hacking into the United Nations’ videoconferencing system. According to its report, N.S.A. cracked the U.N. encryption code and spied on E.U. plans.
In light of all this, should we conclude that videoconferencing is inherently risky?
No, videoconferencing doesn’t need to be insecure at all. The RHUB appliance can be set up inside a firewall or in the DMZ. Deploying an RHUB appliance behind the firewall or in the DMZ allows both company employees and external attendees access to video conference. It’s easy to exclude external attendees altogether by just clicking an option on the setup screen, though exceptions can be created for specific external attendees.
We maintain transmission security of passwords and meetings with strong SSL security. SSL security or our proprietary encryption can be used for all other data transmitted in the meeting.
With video conferencing becoming a critical asset for most businesses, it’s important not to introduce security holes that put other business assets at risk. We can help you with a videoconferencing solution that provides security you can depend on. Give us a call at 866-758-0984 or email us at firstname.lastname@example.org and let us tell you why the RHUB appliance is one of the most secure devices on the market. We give you space-age quality with down-to-earth protection for all your sensitive company information.