WebConferencing and Related Security Issues
WebConferencing and Related Security Issues
Thediscovery of the internet affected nearly all aspects of human life,including the ways in which business is conducted. Web conferencingis one of the relatively new phenomena in the business world, whichhave reduced the need for business and organizational leaders to meetphysically. According to Web Conferencing, (2014) web conferencinginvolves the use of computer systems to share video, audio, or othercontents in real time. This allows participants to hold meetings inreal time without the need to meet physically. Web conferencing isone of the most convenient for people who are located in differentgeographical areas because it allows them to make presentations,chat, share applications, and exchange instant messages without theneed to move to a physical venue of meeting. Other benefits of webconferencing include savings in terms of travel costs and time.Although web conferencing is increasingly gaining popularity, it isnot as secure as face-to-face meeting and organizations need to becautious when sharing information during web conferences.
Inmost cases, organizations hold meetings to share and exchangesensitive information that needs to be protected from being accessedby non-participants. Any meeting held by the organization, whether inface-to-face or in the internet, should meet four basic criteria.First, the confidentiality of the conference should be maintained toensure that the sensitive information is only held by authorizedpersons (Golkarnarenji & Ali, 2012). Secondly, the integrity ofany piece of information should be maintained as intended by thecreator of that information or data. Third, the information shouldonly be made available to people who can be held accountable. Lastly,the meeting should only be attended by authorized participants.Interference with these basic requirements amounts to security risk,which is higher in web-based conferences than in physical meetings.
Theinternet-based conferencing is subject to a wide range of securitythreats that makes it less secure compared to face-to-face meeting.First, technological advancement has allowed hackers to develophacker tools (such as video jack and VOMIT), which allows them tolisten to video conference conversations without being noticed(Golkarnarenji & Ali, 2012). This interferes with theconfidentiality of the conference. However, this is mainly achallenge to participants who are not aware of the available securityoptions, such as the application of encryption to different types ofmedia (such as AES) used in video conferencing (Baez, 2014).
Secondly,authentication and identity theft are common occurrences in theinternet-based conferencing and they are facilitated by theman-in-the-middle phenomenon (Golkarnarenji & Ali, 2012). In thiscase, the attacker can perform the theft of service or toll fraud.This means that the attacker can easily steal the service by spoofingthe endpoint. Preventing this type of attack high level encryptionand signaling packets, which may not be available to all holders ofinternet-based conferencing.
Third,the attack of the network infrastructure is a major problem in theinternet-based conferencing. Attackers can use different ways toattack the network infrastructure. Attackers who have access tointernal attack can easily attack layers 2 (Golkarnarenji & Ali,2012). In the case of CAM flood, an attacker needs to make the switchreact like a hub that is sending all packets to different ports,which allows the attacker to sniff the network traffic. In addition,experienced attackers are able to perform reconnaissance attack,which involves the collection of information about the network beingused to conduct the web conference. All these types of threats arenot available in the case of face-to-face meeting.
Fourth,firmware attack interferes with the confidentiality of theinternet-based conferences. This type of attack is performed whenparticipants are using firmware that can be updated by the user(Golkarnarenji & Ali, 2012). Attackers take advantage of this anddownload the older firmware that lacks sufficient security. Inaddition, some endpoints can download configurations that are easy tocompromise. In essence, attackers have several alternatives they canuse to access the web-based conference via the network endpoints.
Fifth,the denial-of-service is a common type of attack in web-basedconferencing. DoS involve the interference with the availability ofnetwork services to the trusted network user (Golkarnarenji &Ali, 2012). This results in the disruption of important services suchas service resource, bandwidth, malware, replay attack, and RTPhijacking. In the replay type of attack, the attacker sniffs,records, and replays the packet. In the case of connection hijacking,the attacker issues a signaling command that has the capacity tocontrol communications taking place during the internet-basedconference. RTP hijacking involves the injection of RTP packets intothe conversation. In addition, the types of operating systems used tofacilitate internet-based conferences (including SIP proxies andH.323 gatekeeper) are highly vulnerable to the DoS attack, whichincreases the level of security risk when conducting web-basedconferences compared to face-to-face meetings.
Inconclusion, web-based conferencing is one of the most importanttechnological applications that have managed to bridge geographicalgaps. Although this technology has several benefits (such as reducedcost and time of holding physical meetings), it is highly susceptibleto security threats compared to face-to-face meetings. This impliesthat conferences held in the internet are subject to theconfidentiality, integrity, availability, and authenticationcompromises. Although some of these security risks may also beavailable in physical meetings, web-based conferences have a higherrisk. Therefore, internet-based conferencing is not as safe asface-to-face conferencing.
Baez,D. (2014). How web conferencing security works. HowStuff Works.Retrieved September 22, 2014, fromhttp://money.howstuffworks.com/business-communications/how-web-conferencing-security-works.htm
Golkarnarenji,G. & Ali, U. (2012). Unifiedcommunications security: A study of IT personnel awareness on videoconferencing security recommendations.Lulea: Lulea University of Technology.
WebConferencing (2014). Welcome to web conferencing. WebConferencing.Retrieved September 22, 2014, fromhttp://www.netschmoozer.net/permalink.php