TELECONFERENCE – RedDefense Global has received in recent months some inquiries from our clients regarding the necessary guidelines to choose a system or application that provides a secure connection for teleconferences.
Also, the controversy arose some time ago over Zoom, which is a communications technology company based in San José, California, which provides its clients with remote communication through its application for video conferencing.
We see that there is considerable interest in computer security related to systems that provide remote communication, mainly due to the COVID-19 pandemic; therefore, in RedDefense Global took on the task of analyzing this situation from our perspective and sharing the results with you.
First, it is important to explain that computer security is multilayer or multilayer; therefore, to consider whether a system is secure or not, we must consider all layers to know if it provides real security. These layers are access, transfer, delivery, and privacy.
Take for example Zoom, which was questioned by other technology providers and customers who said, and with good reason, that this application was susceptible to an attack called Zoombombing, an attack which allows an uninvited person to join a meeting by Zoom. Now let us think for a moment that Zoom is a secure application that provides high-level security to its customers, but it turns out that it sells its customers’ information to third parties. Could an application with such practices be considered safe by and for its clients? The answer is no.
Our idea is to analyze each security layer in teleconferencing applications, understand what the security protocols in each layer consist of, and let them decide. Now they will know what to look out for when looking for a truly secure teleconferencing application.
TELECONFERENCE – Analysis
LAYER 1 – ACCESS TO THE APPLICATION
It is very easy to define if an application provides high security standards at the access layer. We must pay attention to two points:
Multi-factor authentication access: Multi-factor authentication, or MFA, is a security system that verifies the identity of a user by requiring multiple credentials. It is a critical component of Identity and Access Management (IAM). Rather than just requiring a username and password, multi-factor authentication access requires additional credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition. If your teleconferencing system does not have a multi-factor authentication access, it is better that you make sure that you have a password of more than 15 characters that includes symbols, numbers, and capital letters. Also, you should change it every month.
Requirement to create a password with high security standards : If your teleconferencing system allowed you to create a user password like the following: 123456 or pass1234, you should be clear that neither the teleconferencing application nor your account will be secure.
LAYER 2 – TRANSFER
Yes, as you were thinking, we mean encryption. It is true that many of these companies claim to have secure encryption systems, and the truth is that there are quite a few encryption systems, but in this case, the application should offer end-to-end (E2E) encryption. This type of end-to-end (E2E) encryption is a communication system in which only users can view or read messages. In principle, it prevents potential spies, including telecommunications providers, Internet providers and even the communication service provider, from accessing the cryptographic keys necessary to decrypt the conversation.
Another point to highlight in the transfer layer is related to the actions and configurations that the application allows the user to perform. For example, when you use your teleconferencing application, can you see and control who connects to collaboration sessions? If you cannot perform these actions, you will have a virtual meeting with a hacker to whom you are giving business or personal information without being able to realize it in time.
Also, it is important to note that the information that you share in your teleconferencing application such as text conversations, images, and documents, could be stored by the application “for non-specific purposes.” As a user of your application, can you safely delete information from your profile? If the application does not allow you to delete the shared information, you should find another application.
LAYER 3 – DELIVERY
It could be that all the security guards are well configured in your device and application; Will it be like that in the computer to your receiver’s device? If not, there is a possibility that your recipient’s computer is infected with one of the hundreds of viruses, keyloggers, or ransomware that exist which could steal your recipient’s information and yours. In this case, it is the employer who must protect the company’s information by providing secure devices to its employees.
LAYER 4 – PRIVACY
This layer is the best known, expanded, controversial and violated. If your teleconferencing application provider sells your personal data for business profit, CHOOSE ANOTHER PROVIDER.
We hope this document will help you choose good teleconferencing application providers.
Until next time…
In RedDefense Global, our objective is to educate our clients and friends in relation to the vulnerabilities that may be present in their technological systems so that they can be aware of these and can take the corresponding measures before a hacker takes. advantage of them.