If you’re worried that cloud-based video conferencing is at risk of hacking, you’re right. But not if you choose the right system.
Cyber security is a consideration for everyone nowadays. And for none more so than businesses and IT departments. As technology develops, and the cloud-based apps and tools we use to communicate with each other only multiplies, it sometimes seems easier to simply put a blanket ban on using those tools that pose a risk.
Only last year, Google’s Project Zero exposed critical vulnerabilities in the WebRTC open source that enables video calling for Chrome, Safari, Firefox, Facebook Messenger, Signal and many others. Just by accepting a call, a memory heap overflow could be triggered that would allow the hacker to take over the victim’s account. Whilst this identification allowed the problem to be addressed, how long until another flaw in the system is identified?
More recently, with increasing numbers of people using Zoom for video calling during the Covid-19 lockdown, security breaches are being highlighted. Despite people using passwords and security features.
But this doesn’t mean that all cloud-based video conferencing solutions are at risk of hacking. Here are our tips for secure video conferencing:
How to prevent hacking through your video conferencing system:
Place Endpoints Inside Firewalls
One way to mitigate risk of hacking of your video conferencing system is to place endpoints inside firewalls. It sounds simple, but the reality is that having endpoints outside of firewalls has become common practice, as it’s a quick fix to enable video calling with other organisations and external bridging services. The trouble is that users don’t always change default logins. And vulnerabilities in the software are not protected by the firewalls either. Both of which allows hackers easy access. Another problem is being targeted for ‘denial of service attacks’ or H.323 nuisance spam callers.
By taking these endpoints out of the public internet and placing them inside the firewalls of the users private network, these risks are removed. StarLeaf is the leading provider for secure cloud-based video calling. It allows you to make cross-provider calls to anyone with or without an existing video calling system, but maintains the endpoints inside the user’s private network. It’s all thanks to the StarLeaf NAT/ firewall traversal solution which requires only a single port to connect securely to the StarLeaf cloud. This connection is secured further by Transport Layer Security (TLS) which encrypts media and signalling so that all communications and software updates are secure.
Run a Closed Network with Existing Security
Operating video calling through a closed network is a great way to keep your network secure. But it will reduce the usability of the system and therefore decrease the value of the investment. For users to be able to connect with external users, the IP addresses need to be pre-approved, providing a considerable admin task for IT. Particularly when home broadband connections often change their IP address on a regular basis. Or a VPN connection would provide a solution, but that does rely on end users having the skills to do this relatively tricky task. And how many execs or home workers have the time to fiddle around with that?
We think that video conferencing – and any technology for the matter – should be simple, and easy to use. To make life easier, tasks simpler and save time and therefore money. Which is why, again StarLeaf comes out on top for us. Because the StarLeaf cloud allows you to open your network to external video calls from anywhere without compromising on security. It’s simple, easy and secure.
Avoid Man-in-the-Middle Attack with Authentication
People think that you don’t need separate authentication on a video call because you can see the other person. But a hacker can intercept a call and sit unobserved, watching,, listening and even recording what is being said without you knowing. StarLeaf endpoints and cloud-based servers all have a signed certificate burned into them which are mutually required to enable the connection. Which means all people on the call have been authenticated and no man-in-the-middle can access the connection.
You can also avoid hackers by taking away the default ‘automatic answer’ function in your video conferencing system. Auto-answer of incoming calls poses a real security risk, especially when simply answering an unknown call can be all it takes to permit hackers. Choosing a system like StarLeaf where auto answer isn’t possible, eliminates the risk of this being the default setting or someone setting it up without realising the security implications.
Video Communication with ISO/IEC 27001
Because of their commitment to secure, video conferencing, StarLeaf have developed a product that has considered all challenges. Their systems are monitored 24/7 and all data is, in turn, backed up securely. All of its security features have earned it international security recognition with ISO/IEC 27001 certification. The rigourous standards demanded from the certification place StarLeaf at the forefront of global video communication security.
Rebekah Allendevaux, senior partner at Allendevaux & Company, the ISO/IEC 27001 implementation firm, said, “StarLeaf has attained the most respected and internationally recognized information security and compliance standard. As a global organization entrusted with real-time conference media, presence, chat messages, recorded meetings and content sharing, the safeguards translate into customer trust and confidence.”
Encryption for Media & Signalling
Video conferencing systems use the Advanced Encryption Standard (AES) to encrypt media which prevents unauthorized persons from hearing or seeing your calls. But most of them do not provide encryption on signalling as well. This makes it possible for hackers to access the conference ID and PIN numbers which will then allow them to access meetings that take place on the bridge/ MCU. We like the StarLeaf system because it encrypts both media AND signalling giving you piece of mind that your call is secure.
Test Test and Test Again
The best way to ensure your security isn’t compromised is to take the view of a hacker and try to find the weaknesses. We are able to reassure our customers that StarLeaf undertake regular penetration testing from expert third parties. The latest of which found no major or critical issues and the non-priority issues were taken care of. They also have an active bug bounty programme which challenges freelance security researchers to continually test their security. And so far so good!So for secure video conferencing that does not put your business at risk of hacking, StarLeaf is the answer you are looking for. To see how simple to use the StarLeaf system is, contact us for a free trial… or if you want to see it in action, take a look at this video…