Security Concerns with Video Conferencing

By Sheila Shanker
Updated: April 08, 2011

Many firms have been taking advantage of technology to conduct videoconferencing using Internet protocols (IP) these days. They can communicate in real-time with offices and clients in remote locations, saving a lot in travel expenses. However, there are certain security risks associated with videoconferencing that must be addressed.

In order to work properly, a video conferencing program must interact with other systems within your network, which can introduce security risks. Using encryption between the video setup and the rest of your network helps in minimizing any possible problem. Any browser interfaces should use SSL security.

Password-protect your meetings and give access to only those with appropriate login information. You could set up a list of participants to the meeting, and only those individuals have access to join in. The same level of care should be taken as to who can record meetings.

Using a hosted video conferencing, which uses a third party for communications, is riskier than on-premise system. Why? Because it exposes the firm to individuals who are not part of the business. This means that you must inquire about security with your hosting firm to assure that your privacy is protected.

Security threats involve the possibility of someone hacking the video conference with “denial of service” attacks, viruses, and other issues involving buffer overflow and other matters. You could consider a “session border controller” instead of your regular firewall because the controller is designed for media flows and can be used as a filter and manager between the enterprise network and the outside world.

Below is a summary of threat types and ways to control them:

  • Threats against the end-points and serves can be controlled with a public key infrastructure, also known as a PKI.
  • Threats against the control channel can be managed with the SIP/TLS encryption of signaling.
  • Threats regarding spying or modification are handled by SRTP media encryption.
  • Threats involving the SIP trunking, which is used to connect the Internet to the internal PBX, can be handled by requiring mutual authentication of all the devices in the trunk. It’s suggested to end the SIP trunks on a SIP proxy, such as a Sub-band coding (SBC).

Video conferencing is a great tool to conduct meetings, while saving a ton in travel costs. However, concerns about security with video conferences are legitimate and should be taken seriously. As technology progresses, so do security risks. Encryption and password-protection should be your first line of defense to be employed whenever possible. Be careful, but don't let your security concerns prevent you from taking part of this exciting Internet functionality.