MHA issues Advisory on Secure use of ZOOM Meeting Platform
Posted On: 16 APR 2020 4:30PM by PIB Delhi
https://www.welivesecurity.com/2020/03/30/work-from-home-videoconferencing-security-in-mind/
https://blog.paloaltonetworks.com/2020/04/network-video-conferencing-security/
https://www.cyber.gov.au/publications/web-conferencing-security
https://sentreesystems.com/newsletter-topics/web-conferencing-security-tips/
https://www.computerworld.com/article/3535924/do-s-and-don-ts-of-videoconferencing-security.html
Posted On: 16 APR 2020 4:30PM by PIB Delhi
The
Cyber Coordination Centre (CyCord), under the Union Ministry of Home
Affairs (MHA), has issued an advisory on secure use of ZOOM Meeting
Platform by private individuals. This advisory states that the platform
is not for use by Government officers/officials for official purposes.
The document makes reference to earlier advisories of the Indian Computer Emergency Response Team(Cert-In)
and states that Zoom is not a safe platform. The guidelines have been
issued to safeguard private individuals who would still like to use the
platform for private purposes.
The
broad objective of this advisory is to prevent any unauthorized entry
into a Zoom Conference Room and prevent the unauthorized participant to
carry out malicious attacks on the terminals of other users in the
conference.
The details of protective measures to be taken by individuals may be accessed in the document attached at this link.
CERT-In Advisory CIAD-2020-0020
Web Conferencing Security
Original Issue Date: April 15, 2020
Severity Rating: High
Severity Rating: High
Description
The
recent COVID-19 pandemic has led organizations, educational
institutions and many others to incorporate web conferencing for
communication from home.
Web conference is a service which enables users to conduct meetings, conferences, presentations, trainings through the internet over TCP/IP connections without being physically present at one single location. Web conferencing allows real time communication offering streams of data through text messages, voice and video calls.
Fraudsters have found this as an opportunity to conduct unauthorized activities resulting in obtaining of sensitive information of individuals and organization such as employee information, product knowledge, trade secrets etc. It is necessary to protect confidential data from prying eyes.
Few security issues while using web conferencing are:
Web conference is a service which enables users to conduct meetings, conferences, presentations, trainings through the internet over TCP/IP connections without being physically present at one single location. Web conferencing allows real time communication offering streams of data through text messages, voice and video calls.
Fraudsters have found this as an opportunity to conduct unauthorized activities resulting in obtaining of sensitive information of individuals and organization such as employee information, product knowledge, trade secrets etc. It is necessary to protect confidential data from prying eyes.
Few security issues while using web conferencing are:
- Attackers joining the meeting if no password to join is required or if they get to know the access code.
- Attacker sending malicious links in chat to extract information.
- Data shared using third parties might be used by attackers to obtain information.
- Vulnerabilities if not patched on time could allow attackers to exploit the target system.
Best practices for using Web Conferencing
- Install the web conferencing system through a distinguished vendor which allows encryption of data with SSL/TLS limits, provides intrusion control and allows non-persistent flow of data.
- Update the system regularly for any vulnerabilities with the latest software and patches.
- Review security and privacy settings to prevent attackers from exploiting the system.
- Information about the meeting should be given only to concerned individuals via authorized email. Providing of access codes to join the meeting to participants will lead to restriction of data flow.
- Consider using waiting room features: Place participants in a separate virtual room before the meeting and allow the host to admit only people who are supposed to be in the room.
- Keep an eye on uninvited guest during the web conference. The meeting may be locked for others to join once all valid participants have joined.The host of the web conference should monitor whether only the intended participants have joined in.
- Screen sharing should be limited to the host which will restrict sharing of content by the other participants by mistake.
- If you do record a meeting, make sure that you get permission from all participants and give the recording a unique name when you save it.
- Participants should be aware of their surroundings. Basic rules such as using headphones, muting the microphone when not speaking, using a blank background during video conferencing should be incorporated.
- Give information to others in the meeting on a need to know basis by assigning level of information access to all participants.
- Kids who have classes through web conferencing should be advised to use the system in a safe and secure manner. They should be advised to discuss only on the topic mentioned by the teacher and not divulge personal information.
- Once the web conference is over, the provider should erase all data from its server.
References
https://www.welivesecurity.com/2020/03/30/work-from-home-videoconferencing-security-in-mind/
https://blog.paloaltonetworks.com/2020/04/network-video-conferencing-security/
https://www.cyber.gov.au/publications/web-conferencing-security
https://sentreesystems.com/newsletter-topics/web-conferencing-security-tips/
https://www.computerworld.com/article/3535924/do-s-and-don-ts-of-videoconferencing-security.html
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Source: https://www.cert-in.org.in/
Comments
Post a comment