Site icon Eminence Papers

Proposal for Secure Video Conferencing

Proposal for Secure Video Conferencing

Executive Summary

For organizations that conduct remote activities or those that do not require the physical presence of employees in the company, the use of video conferencing can facilitate communication between employees in different physical locations. Video conferencing involves the transmission of audio and video as well as the sharing of data, such as presentations and files, between users who are in different locations. The number of participants in a video conference can differ based on the video conferencing solutions that are chosen. Some of the video conferencing solutions addressed in this proposal include Skype from Skype Communications S.A.R.L, GoToMeeting, and Cisco Webex from Cisco Systems. While some video conferencing solutions, such as GoToMeeting and Cisco Webex, support WebRTC conferencing, other solutions, such as Skype, require the installation of software in the devices being used for video conferencing. WebRTC conferencing removes the need for installation of software in the devices and makes use of web browsers to facilitate video conferencing.

In this proposal, three video conferencing solutions are analyzed. The analysis of the video conferencing solutions includes noting the various capabilities provided by the systems. Some of the common features noted in the solutions include the support for video and audio conferencing, cross-platform support, as well as support for instant messaging. In addition to the capabilities of video conferencing systems, the various advantages and disadvantages present in the different systems are included in the analysis. The implementation of video conferencing solutions in the organization presents various challenges. An example of this is data exfiltration, which can occur in the organization. Some of the best practices for the organization to observe are included in the proposal. The use of the Cisco Webex video conferencing system is recommended.

Functional Requirements for Videoconferencing

Video conferencing includes the transmission of both video and audio signals between two or more individuals who are in different locations. Various components are required to facilitate video conferencing. These components include video cameras and microphones to provide video and audio input as well as speakers or headphones and computer screens to provide output. The history of video conferencing was first noted in the 1920s at AT&T Bell Labs and the introduction of webcams in the 1990s (Wolfe, 2019). The communication between the various participants of a video conference is facilitated by the use of the User Datagram Protocol (UDP). This is because UDP has low latency and loss-tolerating connections when compared to TCP, requires handshaking, and implements packet loss prevention measures.

The establishment of video conferencing systems in a company requires the definition of various functional requirements. The functional requirements of a system define the behavior of the system, which includes what the system is expected to do (Ericksson, 2019). In this case, the functional requirements of the video conferencing system will determine the various actions that the video conferencing system will do to facilitate communication between the participants of the video conference. One of the functional requirements of the video conferencing system includes support for the transmission of audio, video, and other types of data, such as presentations. Additionally, after the transmission of either audio, video, and data, the video conferencing system should also be able to receive, display, and present the received data.

Another functional requirement of the video conferencing system is that the communication between the users of the system should be secured. Securing the communication between the individuals in the video conference can be achieved using end-to-end encryption technology. The use of end-to-end encryption ensures that communication between the individuals in the video conference remains confidential and unauthorized individuals do not intercept the communication. Additional security that forms part of the functional requirements of the video conferencing system includes the support for authentication measures. The implementation of authentication measures means that only authorized individuals should be allowed to join and participate in a video conference. In some cases where those involved in a video conference lack external output and input devices, the video conferencing system should utilize the video and audio components of the devices, such as the computer’s inbuilt camera, microphone, and speakers to provide input and output of the audio, video, and data of the video conference.

Some of the video conferencing solutions available include Skype, GoToMeeting, and Cisco Webex. Similar to most video conferencing solutions, Skype, developed by Skype Communications S.A.R.L, offers various video conferencing capabilities. Some of the capabilities of Skype include the support for video conferencing, authentication and encryption capabilities, instant messaging, as well as screen sharing. For users who have Skype, the video conferencing capabilities are free, while premium aspects such as voicemail are also available. An advantage of Skype is that it is cross-platform. Another advantage of Skype is that it is free for both personal and business setups. Skype also has the benefit of being easy to use, as well as the provision of high-quality video conferences. A disadvantage of Skype is that the communication between the participants of the video conference is not secure enough, and the communication can be intercepted. An additional disadvantage is it requires an internet connection to function. The requirement to purchase some of the capabilities of Skype presents a disadvantage to the video conferencing system.

Another video conferencing system is the GotoMeeting. Some of the capabilities of GotoMeeting include desktop sharing, support for audio conferencing, cross-platform, including on mobile devices and computers, and instant messaging. One of the advantages of using GoToMeeting is the ability to share documents in real-time using video conferencing. Additionally, the video conferencing system allows over 200 individuals to connect to the video conference. A disadvantage of GoToMeeting includes the requirement for a reliable internet connection. Another disadvantage of the GoToMeeting system is the cost required to access the various premium features of the system. This cost can include $19 every month for the Starter plan, which limits the number of users to 10, or the Pro Plan, which costs $29 and limits the number of users per conference to 150 individuals. Cisco Systems develops the Cisco Webex video conferencing system. Some of the capabilities provided by Cisco Webex include web and video conferencing, webinars, document sharing, as well as screen sharing. Cisco Webex also provides the ability to record meetings as well as instant messaging. Some of the advantages of Cisco Webex include ease of use, reliability, as well as Secure Sockets Layer encrypted. A disadvantage of Cisco Webex is that it costs users $49 per month and limits the number of users to 25 individuals for each video conference.

Implementation Challenges

Most video conferencing systems require the installation of proprietary software on the computer. However, some video conferencing systems only make use of web browsers that have already been installed on the computer. This form of video conferencing is referred to as WebRTC conferencing. The Cisco Webex and GotoMeeting are some of the video conferencing systems that support this form of video conferencing. This removes the challenges that arise from the installation of software on a computer. A challenge presented by Cisco Webex is that the default browser in Windows-based computers is usually Internet Explorer, and therefore, the users have to change this in the settings.

Data exfiltration refers to the unauthorized transmission of data from an organization. For organizations that use video conferencing systems, the issue of data exfiltration can result in the loss of confidential information such as personal identifiable information (PII) and even trade secrets. Attackers can use video conferencing systems to gain access to the organization network, and this allows them to access the confidential data in the network. The implementation of poor security measures or the lack of security measures can be attributed to data exfiltration in the organization.

The implementation of a video conferencing solution in an organization presents various challenges. One of the challenges is that the video conferencing users have to be informed with the new interface of the video conferencing solution. Additionally, the issue of security in the organization also arises from the implementation of video conferencing solutions. This security issue can include the abuse of superuser accounts. This can be addressed by using privileged identity management in the organization. The high levels of access given to the superuser accounts make their compromise a risk to the organization. Therefore, the implementation of privileged identity management addresses this issue and prevents the risks associated with compromised superuser accounts.

Vendor Risks

The acquisition of software from third parties presents various risks. Examples of vendor risks can include cybersecurity risks or even regulatory and compliance risks. One of the guidelines provided by the various acts, such as the Health Information Portability and Accountability Act (HIPAA), notes the importance of protecting personally identifiable information (PII) (Edemekong & Haydel, 2019). The risk associated with the Skype video conferencing system includes the violation of the guidelines provided by HIPAA. The poor security offered by Skype makes it possible for attackers to gain access to the communication conducted during a video conferencing session. Some video conferencing systems, such as GoToMeeting, offer the capability of recording video conferencing sessions. While this might be useful for future references, it presents the risk of the recorded video being accessed by unauthorized individuals. This can happen in the event the device containing the recorded video is compromised by an attacker or the individual recording the video has malicious intentions. Hence, the loss of confidentiality is also another vendor risk.

On the issue of security, the acquisition of video conferencing systems from third parties presents the possibility of backdoors in the systems being exploited to gain access to the organization’s network. Similar to the exploitation of backdoors by attackers, the video conferencing systems might have some vulnerabilities. An example of this is the vulnerability in Cisco Webex (CVE-2020-3142) that allowed remote attackers to gain access to password-protected sessions without requiring authentication (Donnell, 2019). Additionally, the GoToMeeting video conferencing system presented some vulnerabilities that made the system susceptible to hacking. These vulnerabilities in GoToMeeting include CWE-20, CWE-287, and CWE476 (O’Donnell, 2020). While the vendors have addressed some of the identified vulnerabilities in the video conferencing systems, the existence of such vulnerabilities presents the possibility of unauthorized access into the organization’s network through the video conferencing systems.

Best Practices for Secure Videoconferencing

Adherence to the various security best practices in the organization can ensure secure video conferencing. One of the best practices that can be implemented in the organization includes conducting user awareness and training. While user awareness and training are requirements for basic information system security in an organization, the implementation of video conferencing in the organization presents new challenges that require specialized user awareness and training. The user awareness and training conducted in the organization should aim at educating the various users of the security requirements that would prevent the organization from becoming a victim of cyber-attacks. Another best practice is ensuring that the various security patches provided by the vendors are installed. This also includes the installation of updated systems provided by the vendors. The installation of patches and updates aims at fixing the vulnerabilities identified in the video conferencing system, and this prevents attackers from exploiting the vulnerabilities to compromise the security of the organization.

The use of video conferencing systems in the organization presents the risk of data exfiltration. To address this issue, the organization can implement various security measures to prevent the transmission of confidential data from the organization. This can include the implementation of firewalls and access control lists to verify the packets being sent in and out of the organization’s network. Organizations that allow employees to use their own devices for video conferencing need to implement a Bring-Your-Own-Device (BYOD) policy in the organization. The definition of the BYOD policy in the organization addresses the security issues associated with employees using their own devices for video conferencing (Ratchford, Wang, & Sbeit, 2018). Another best practice involves setting up strong authentication protocols in the organization. An example of this includes using strong passwords or multi-factor authentication measures to allow access to video conferences.

System Integrity Checks

The implementation of security measures in an organization aims at ensuring data confidentiality, availability, and integrity. Hence, conducting system integrity checks aims at identifying any changes in the system. Additionally, conducting system checks for the files shared between users of the video conferencing systems aims at verifying whether the files sent by one of the participants of the video conference were the same videos received by the intended recipients. In some cases, video-conferencing systems have vulnerabilities that allow attackers to intercept the communication between the video-conferencing participants. This interception can allow the attacker to modify the contents of the data being transmitted. Conducting system integrity checks identifies these changes in the data, hence protecting the shared files and preventing the exfiltration of the files.

Conducting system integrity checks can also show the changes that have been made in the system permission of the files. File systems define the various permissions that various users in the organization have concerning the files transmitted in the video conferencing systems. The occurrence of changes in the files that lack adequate access rights can show the loss of data integrity in the systems. Additionally, the definition of strict access rights concerning the files transmitted in the system can prevent the loss of data integrity in the system. Similarly, loss of data integrity in video conferencing systems can be achieved by implementing various security measures that prevent unauthorized access to data in transit.

References

Donnell, D. O. (2019, November 12). GoToMeeting is found to be potentially susceptible to hacking. Retrieved May 21, 2020, from https://www.notebookcheck.net/GoToMeeting-is-found-to-be-potentially-susceptible-to-hacking.442684.0.html

Edemekong, P. F., & Haydel, M. J. (2019). Health Insurance Portability and Accountability Act (HIPAA). In StatPearls [Internet]. StatPearls Publishing.

Ericksson, U. (2019, October 9). Functional Requirements vs Non Functional Requirements . Retrieved May 20, 2020, from http://reqtest.com/requirements-blog/functional-vs-non-functional-requirements/

Jang-Jaccard, J., Nepal, S., Celler, B., & Yan, B. (2016). WebRTC-based video conferencing service for telehealth. Computing, 98(1-2), 169-193.

O’Donnell, L. (2020, January 24). Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings. Retrieved May 21, 2020, from https://threatpost.com/cisco-webex-flaw-lets-unauthenticated-users-join-private-online-meetings/152191/

Ratchford, M., Wang, P., & Sbeit, R. O. (2018). BYOD Security Risks and Mitigations. In Information Technology-New Generations (pp. 193-197). Springer, Cham.

Wolfe, E. (2019, May 1). The History of Video Conferencing from 1870 to Today. Retrieved May 20, 2020, from https://www.lifesize.com/en/video-conferencing-blog/history-of-video-conferencing

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


Cybersecurity professionals are frequently required to assess the security, risk applications, and systems for business communications before they can be added to an organization’s network. CISOs need to assess risks posed to the organization and develop new security measures or adjust current measures to address these risks appropriately. These evaluations involve comparing competing applications or systems against the organization’s baseline to determine the best balance between business needs and the security and risk appetite of the organization.

Proposal for Secure Video Conferencing

Videoconferencing and collaboration systems vary in cost, configuration, functionality, use, and collaboration capability. These systems are trusted to facilitate sensitive and proprietary discussions through their use of encrypted communication channels. Yet these systems have vulnerabilities and are prone to threats and attacks ranging from phishing, credential compromise, and even malware insertion. Therefore, analysis of possible threats, attacks, and vulnerabilities inherent in these systems is critical in developing defense and protection strategies for voice and video data at all endpoints and during transit.

In this project, you will create a proposal for a secure videoconferencing system, which will include an executive summary, briefing/slide presentation, and lab report. The details can be found in the final step of the project.

There are six steps to the project, and the project as a whole should take about two weeks to complete. Begin with the workplace scenario and then continue to Step 1

Step 1: Develop Functional Requirements for Videoconferencing

The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will need based on its geographic dispersion and business needs.

In developing those requirements, research three videoconferencing solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements.

The functional requirements and the three possible solutions will be a section of your Proposal for Secure Videoconferencing. In the next step, you will review the challenges of implementing those solutions.

Step 2: Discuss Implementation Challenges

In the previous step, you outlined the requirements for secure videoconferencing for the company and outlined three potential solutions. Part of your final proposal should also include the advantages and disadvantages of the implementation options for the three systems you selected. This section of the proposal also must include the changes the media company will need to make to implement the systems.

Additionally, explain how system administration or privileged identity management will operate with these systems. You will also need to examine how data exfiltration will occur with each of the new systems.

The changes to the systems and challenges for the implementation of these potential solutions will be an important section of your Proposal for Secure Videoconferencing. In the next step, you will take a closer look at the track records of each of the potential videoconferencing vendors.

Step 3: Identify Vendor Risks

You’ve finished outlining the pros and cons of three videoconferencing systems. Now, it’s time to take a close look at how they serve their clients. This will take some research. Look at the systems’ known vulnerabilities and exploits. Examine and explain the past history of each vendor with normal notification timelines, release of patches, or work-arounds (solutions within the system without using a patch). Your goal is to know the timeliness of response with each company in helping customers stay secure.

This step will be a section of your Proposal for Secure Videoconferencing.

In the next step, you will outline best practices for secure videoconferencing that will be part of your overall proposal to management.

Step 4: Develop Best Practices for Secure Videoconferencing

The last few steps have been devoted to analyzing potential videoconferencing solutions. But obtaining a trusted vendor is just part of the security efforts. Another important step is to ensure that users and system administrators conduct the company’s videoconferencing in a secure manner. In this step, outline security best practices for videoconferencing that you would like users and systems administrators to follow. Discuss how these best practices will improve security and minimize risks of data exfiltration as well as snooping.

This “best practices” section will be part of the overall Proposal for Secure Videoconferencing.

In the next step, you will develop system integrity checks within a virtual lab environment.

Snooping

The term “snooping” pertains to monitoring activity surreptitiously. This can be synonymous with sniffing, which is the eavesdropping of network traffic. Packet-capturing tools like Wireshark “sniff” traffic on the network.

Snooping can occur in organizations in some of the following ways::

Authorized snooping: Monitoring of the network and worker conduct, looking for patterns of behavior or deviations from the norm.

Unauthorized snooping: Looking over someone’s shoulder, listening to private conversations of coworkers or others without a “need to know,” seeking access to information.

Snooping in public places is more common and can occur at cybercafes, hotels, meetings, public events, and other gathering places. Malicious snooping activities at such public places usually include stealing passwords, credit card numbers, or personal information. Encryption can provide some level of protection against snooping.

Some of the harmful consequences of snooping are intellectual property loss, identity theft, or financial loss. Someone can steal information, gain access to information, or gain organizational competitive knowledge or unfair advantages through snooping.

Technology users can use several techniques to minimize the dangers of snooping such as minimizing work-related conversations in public, using privacy screen protection for laptops, keeping all documents in a safe and secure location, never entering passwords in hotel lobby computers, using encrypted sessions for all work, and securing access to computing devices.

Step 5: Develop System Integrity Checks

As part of the overall proposal, the CISO has asked you to develop system integrity checks for files shared between users of the videoconferencing systems. These checks will ensure file protection and prevent exfiltration of sensitive files.

The lab exercise will show how this is done. In this step, you will generate a lab report that will be part of your final assignment. The lab instructions will tell you what the report needs to contain.

Step 6: Submit Your Proposal for Secure Videoconferencing and All Related Materials

It’s time to prepare your materials on secure videoconferencing for management. Your task is to recommend a system that best meets the business functionality and security requirements of the company. As part of that recommendation, you will also prepare a set of high-level executive briefing slides to give the CEO and CIO an overview of your study.

The assignments for this project are as follows:

  1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members.
  2. Executive summary: This is a one-page summary at the beginning of your Proposal for Secure Videoconferencing.
  3. Proposal for Secure Videoconferencing: Your report should be a minimum six-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations.
  4. Lab report: Generated from Workspace.

Submit all four components to the assignment folder.

Exit mobile version