Proposal for Secure Video Conferencing System
|✅ Paper Type: Free Essay||✅ Subject: Information Technology|
|✅ Wordcount: 4361 words||✅ Published: 8th Feb 2020|
Video conferencing is a real-time visual connection that happens between two or more people residing in a separate location with the aim of disseminating information. With most businesses using video conferencing for collaboration, as well as business executives are participating in at least one video call per week, it is more important than ever to ensure business conferencing solutions are secure. Then, there is need for secure regular transmission of sensitive data and personal information running on the video conferencing systems. The need for optimizing video security is growing as companies look for new and innovative ways to make employees more productive and video collaboration unified communications rapidly now that it has overtaken the traditional face to face meeting.
Video conferencing is a way to pass across correspondences and empowered real-time transmission of quality video and audio between several locations (Margret Rouse, 2017). Video conferencing involves the use of computers connected to a similar network, microphone, web camera, and headphones. This project examines the cost -effectiveness, configuration, functionality, use, and collaboration capability of the video conferencing systems.
Finally, three products have been selected in this project as a case study, and each with core similarities in that they all provide video conferencing and they are unique regarding features they provided. Skype, GoToMeeting, and Cisco WebEx offer file sharing and instant messaging capabilities along with free voice calling in many cases. To protect the organization there should be an adequate protection of network against known vulnerabilities to ensure confidentiality, integrity, and availability of the information shared across the video conferencing technology (Janice, 2017).
Functional Requirements for Videoconferencing
Video conferencing started as a result of picturephone prototype research by AT&T in early 1956. And in 1964 the first video conferencing –(picturephone) was introduced at the World’s Fair held in New York. Since then, video conferencing has continued to evolve till date using it to hold routine meetings, sharing files and documents, negotiating business deals, interviewing job candidates. Functional requirements of a video conferencing system describe what a software or hardware system should do, and, in this case, the organization needs a secure video messaging system in place. Requirements include 24/7 availability, secure messaging, HD video calling, screen sharing capabilities, group and private chat, high level of security and encryption for data in motion and at rest (Janice, 2017).
If you need assistance with writing your essay, our professional essay writing service is here to help!Essay Writing Service
The components must ensure multiple point connectivity and ability should be implemented. The conferencing system should allow the transfer of media data like video, audio, power-point presentations, and others, which must be displayed on the screen. The video conferencing systems should have both full screen and or a mix of multiple endpoint views and should enhance life-like HD video and audio communication.
Among the video conferencing hardware requirements includes- Camera, this is used to record a video signal sent to people on the other end of the communication. Another important hardware requirement is Code Unit; this unittakes audio and video feed and transmits to through IP network and it also decompresses incoming audio and video stream and maintains data link within the network. Another important hardware unit requirement is Video display which provides monitor display for live video conferencing session, it can be LCD, HD plasma or LDP projector. Also, there is a need for Microphone and speakers, which can be analog microphone pods for participants at the other end of the communication.
There available software used for video conferencing, among the software includes Desktop End-point software – that are browser-based, End-Point Software facilitates immediate access to video conferencing, and it relies on an existing microphone and speaker’s system. The software should rely on inbuilt computer features and components like camera and USB connectors, for images and must work with integrated system audio components like speakers and microphones to transfer information.
The clients’ browser should have Web Real-Time Communication (WebRTC) capabilities that will allow video conferencing. Video conferencing also need reliable “Broad Band Internet Access” that will provide smoother streaming of video/audio clarity, and consistent presentation. A “web conference software” adds important features to video conferencing, this feature facilitates voice over the internet protocol, application sharing, and private text chats. And they usually come with playback ability, instant messaging and inbound faxing (eztalks.com, 2018).
1- Video and audio conference
2- Allow real-time transfer of files
3- Cross-Platform communication
4- Call via VoIP and no packet loss
5- Phone calls and sharing of text messages
6- Screen sharing and remote desktop
7- Communication lines are secure with strong authentication and encryption features.
- Excellent audio and video conference
- Easy to use
- Stable connection and good render quality
- Great mobile applications
- Lightweight and many automations like autodial
- Uses the internet as a requirement and no access to emergency number
- Skype requires a data connection to use it
- Easy to be intercepted
B. GO TO MEETING
- Video and audio conference
- Allow real-time transfer of files
- Simple and Intuitive interface
- Screen and application Sharing
- Work with PC, MAC, and iPad
- Does not need to be download
- Outlook Integration
- Can record Meeting
- Maximum of 25 attendance
- Support PC, MAC, Linux, Solaris, and Unix
- Can time-out after a period of inactivity
- The tool is bill annually for $19 per month
- Screen sharing does not allow dual monitors
C- Cisco Web Ex
- Video and audio conference
- Allow real-time transfer of files
- Instant Messaging
- Ability to invite a participant to a meeting that already started via email, voice conference.
- Abilities to assign privilege to individual participants
- Can record meeting
- Can Switched Architecture
- SSL- Encrypted
- Very expensive
- Not as popular as Skype or GO TO Meeting
Fig 1- Skype Video Conferencing-
Video Conferencing Solutions Implementation Challenges
For a company to implement skype solution video conferencing, the company will be ready for re-educating users about the choice between old interface and new one. Also, users should be informed to consider using computers for video conferencing and not their mobile devices. Equally, since screen sharing does not allow dual monitor, this they must be aware of and must consider this before implementation (Wiki How to do Things-2019).
Since GOTO Meeting software is a browser-based application that runs on web-browser, it only requires an internet connection and an installed web browser on a user’s computer to operate. Most web-based applications like GoToMeeting applications are installed and run on a remote server that users can access with their web browser. The popular web browser like Google Chrome, Firefox, Microsoft Edge, Opera, and others can be used.
Cisco Web Ex:
Just like GOTO meeting application, Cisco Web Ex can also be installed on a web browser like Google, Firefox and other to lunch it, making online meeting setting easy (Matthew Guay, 2019).
Video sharing sites and applications provide great ways to steal data from a company. Companies allow these types of services for legitimate business uses with less emphasis on security. Large data consumption for video web calls, as well as training videos, make large file upload and downloads seems less suspicious. In a video conferencing system attack, once hackers gained access to sensitive data stored by the company on the network, they split the data into compressed files of identical sizes, like how the RAR archive format transforms a single large archive into several smaller segments. Next, they encrypted this data and wrapped each compressed file with a video file. See figure below for graphic.
Figure 4. Data Exfiltration (Science Direct.com 2019).
When an organization implements a solution to the network environment, the expected changes will affect the transition and adoption of the new user’s interface. The new solution will influence new awareness about the implementation of the new solution and the bandwidth capability, and installation on the user’s desktop. Then if necessary, there should be a user training session and installation policy document distributed to all users. There should be adequate privileged identity management to prevents the abuse of super users accounts directly attached to the new solution (Science Direct.com 2019).
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.View our services
Privileged identity management is very important to reduce increase access and power of super users over organization systems and data. It also used to help prevent loss of data and meeting compliance regulations. The super users can be a Database Administrator or System Administrator. If the account of super user is loosely managed, a hacker can be able to identify the privileged user to exfiltrate data that run on the web-based browser that transmits packets on the video conferencing solution. Therefore, there should be both preventive, and detective intrusion systems to mitigate a possible threat, attacks and vulnerabilities inherent in videoconferencing as a strategy to protect the voice, and video data at all endpoints transit during the video conferencing (Gabriela Warren, 2019).
Identify Vendor Risks
There are lots of identified vendor risks for video conferencing systems. For example, Skype has a vendor security risk that may be a threat factor in telehealth sector because of the Health Information Portability and Accountability Act (HIPAA). HIPAA final rules set fines of up to $1.5 Million per violation. This violation arises from unprotected- “Protected Health Information” of the patient and exposure of personally identifiable information of patient’s health insurance information that was transferred electronically. Skype has 24 hours customer service technical assistance.
Additionally, Vendor of Skype should have a solid contractual agreement with their clients that deal with storing and transferring protected health information and PII of patients. Equally, the vendor should procure equipment/ systems that allow for audits trails that will allow tracing of leaked information. There are some state laws that override “conduit exception” of HIPPA that may not satisfy video conferencing security requirements under a state’s law (Beck, 2013).
Despite all good features of Go To Meeting video conferencing like providing flexibility into our workforce with the capability of virtual place for a remote employee to connect and share documents and ideas. There are serious vendor risks like not knowing if someone in a meeting or webinars is recording the proceedings of meeting where sensitive information is been discussed. This may lead to leakage of intellectual property and top secret of an organization. GoToMeeting has 24 hours of customer service technical assistance.
Also, if there occurs a technical glitch during the usage of GoToMeeting systems, there is a possibility that information recorded could be inaccessible or lost if there is no external drive to protect outage and uploading errors. Finally, there should be a guideline for security consciousness to prevent unauthorized listener to your conversation (Todd Bowerman, 2019).
Cisco Inc, which is a global technology company that vendor switching, and networking equipment have warned about the risk of a security vulnerability in Cisco WebEx players used by an organization for meeting and webinars recordings. They warned about five different buffer overflow security flaws in their Cisco WebEx Recording Format (WRF), and Advanced Recording Format (ARF) players. The company informed the public that if a hacker successfully exploited these vulnerabilities a harmful direct code can be lunched directly to a target user of WebEx video conferencing players. This harmful code will make the players crash and Cisco equally warned in an advisory that carries a CVSS base score of 7.8. Cisco WebEx has 24 hours customer service technical assistance.
The company has since shipped patches for WebEx video conferencing systems users of the Cisco WebEx Business Suite meeting Sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meeting Server, and to both Cisco WebEx WRF and ARF’s players to mitigate these identified vulnerabilities. As at date, according to information from Cisco updates are available for the following Cisco Videoconferencing players-
- Cisco WebEx Business Suite (WBS29) client builds T29.2 or later
- Cisco WebEx Business Suite (WBS28) client builds T28.12 or later
- Cisco WebEx Business Suite (WBS27) client builds T27TLSP32EP16 (27.32.16) or later
- Cisco WebEx 11 versions prior to 1.2.10 with client builds T28.12 or later
- Cisco WebEx Meetings Server client builds 188.8.131.527 or later
- Cisco WebEx Meetings Server client builds Orion 2.0 or later (Ryan Naraine, 2014).
Cost -Benefit Analysis of the three Video Conferencing systems above;
25 users with all options $3,582/Year
International calls, works well with Microsoft products.
Go to meeting
$49/ month plus plan
100 users, web audio, screen sharing, one clicks meetings, HD video conferencing, Mobile app, Active directory integration.
$39/Month Premium 200
Up to 200 users, HD video conferencing, File sharing, screen sharing, Software-as-a-Service (SaaS)
Best Practices for Secure Video-Conferencing
- Having a successful video conferencing entails securing the systems by adopting an international standard best practice. This is because technology has become so open but in video conferencing remote counterpart only see what camera shows them and hear what comes out from the systems microphone /speakers. This is because the initiator of video conference has the freedom to adjust according to their need, but remote participants would not have that opportunity (Exhibit One, 2017)
- Security Consciences – An organization needs a secure environment to engage in video conferencing and there should be a document policy and procedures to abide by any participant in a video conference in term of BYOD to the conference room. BYOD allows an employee to use their own mobile devices at the workplace /conference room.
- Video Security Training Awareness– All staffs should be given adequate skill set training in video conferencing collaboration because little or no knowledge of the workability of the systems can result in security risk.
- Adequate Patches and Fixes– All video conference systems scheduled patches should be implemented by the vendor as at when due and there should be upgrades of the systems software to support core security services like encryption to avoid information breaches.
- Conference Room Security– The dedicated room for video conferencing network systems should be well configured and network security policy should be established to identify all incoming packets and outgoing packet within the network.
- Authentication and Identification Systems– Video collaborator should be securely authenticated and identify to be an intended user of the systems and all user’s password must be multifactor authenticated.
- Conference Room Setting– Sound absorbing material such as carpets, curtains/drapes should be installed in the room to reduce outside noises from getting to the conference room. Also, all camera and sound should be focused on a background where there is a door, and the sitting arrangement should be oriented to the camera (Exhibit One, 2017)
Videoconferencing System Integrated Checks.
Having implemented a successful video conferencing system in an organization for some time, there is a need for systems integrity check. Systems Integrity checks are crucial to every organization that implements video conferencing because it helps maintain and achieve top-level security triangle of Confidentiality, Integrity, and Availability. (Polycom,2010)
Systems integrity checks determine the integrity of the systems and help to know if data within the systems have been compromised or not, and if file protection is been performed to prevent writing to media containing these files. File protection can be a physical file protection – where protection on storage media on the systems is implemented. Also, file protection can be operating systems protection- where the file can be designated as read-only/write-only and file can be protected by computer commands and privileges; where file owner can set the file permission levels to some people as read-only and to some as write-only.
Systems Integrity checks can be software or hardware and can be achieved by scanning the file of the operating systems to discover and identify changes that have been made. All video conferencing systems threats can be mitigated if there are systems integrity checks in place. For video conferencing systems to meet the systems integrity requirements, there is a need to adopt a process of establishing requirements, performing systems testing, and certifying systems approved product list.
Finally, I will recommend Cisco WebEx Video conferencing system for Ezek Systems Inc because Cisco web Ex offers its systems as Software -as -a -Service (SaaS) advantage over others vendor’s systems as Cisco hosts, maintains, upgrade and support the applications on its own infrastructure. Also, Cisco Incorporation has great customer services compare to the other two video conferencing system providers (Polycom, 2010).
- Margret Rouse, 2017- Video Conferencing – A Publication of Tech Target – Retrieved from https://searchunifiedcommunications.techtarget.com/definition/video-conference
- Eztalks, 2018- An article on Hardware and Software for Video Conferencing- Retrieved from https://www.eztalks.com/video-conference/hardware-and-software-requirements-for-video-cobferencing.html
- Gabriela Warren, 2019- Life Wire Publication- What Are Browser-Based Tools and Applications Retrieved from https://www.lifewire.com/what-are-browser-based-tools-2377407
- Janice, 2017- An Article Titled- A brief History of Video Conferencing From 1964-2017- Retrieved from https://www.eztalks.com/video-conference/history-of-video-conferencing.html
- Becky, 2013- 4 Reasons to Think Twice About Using Skype for Telehealth- Retrieved from https://vsee.com/blog/skype-security-risk-for-telehealth/
- Todd Bowerman, 2019- An article On -GoToMeeting Risks- Retrieved from https://smallbusiness.chron.com/gotomeeting-risks-75363.html
- Ryan Naraine, 2014- Cisco Warns of WebEx Player Security Vulnerabilities- Retrieved from https://www.securityweek.com/cisco-warns-webex-player-security-vulnerabilities
- Matthew Guay, 2017- The 12 Best Video Conferencing Apps for Teams- Retrieved from https://zapier.com/blog/best-video-conferencing-apps/
- Wiki How to do Things-2019- A Tutorial on How to Do Skype Video Conferencing- Retrieved from https://www.wikihow.com/Do-a-Video-Conference-in-Skype
- Exhibit One- 2017- Video-Conference-Setup-Best-Practices- Retrieved from https://www.exhibitone.com/2017/10/16/video-conference-setup-best-practices/
- Polycom m,2010- The CIO’s Guide To Videoconferencing Security – Keeping Pace with The DOD- Retrieved from- https://www.ivci.com/wp-content/uploads/2016/07/whitepaper-cio-guide-to-videoconferencing-security-wainhouse-1.pdf
- Science Direct, 2019: Diagram of Data Exfiltration: Retrieved from https://www.google.com/search?q=Data+Exfiltration+diagram&tbm=isch&source=iu&ictx=1&fir=dmsJPtOUl8A6AM%253A%252CwDR5_M4oQnw0nM%252C_&vet=1&usg=AI4_-kQ35dBCEVLECxGVHMnwmAzEMYzMFw&sa=X&ved=2ahUKEwizyfvvuv3hAhXrUt8KHVXjArMQ9QEwBHoECAkQDA#imgrc=U1B84H1GuwLo9M:&vet=1
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: