Unified Communications Nation

Aug 30 2010   12:08PM GMT

Technical tips on video conferencing security from Alcatel-Lucent

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

Image courtesy of Cisco
(Image courtesy of Cisco Systems)

There are a lot of things people won’t write in an email because they know that someone — corporate IT, regulators, the boss — may be watching. But people are often more candid and less cautious behind the closed doors of a meeting room, which may be exactly what hackers are hoping to exploit as high-definition video conferencing and telepresence gains traction.

Our recent story on video conferencing security threats offers a broad overview about what vulnerabilities enterprises have to watch out for, which led Jean-Pierre Kellermann, a product line manager at Alcatel-Lucent, to chime in with some technical tips for video conferencing and telepresence pros.

Check out some of his video conferencing security suggestions (reproduced with permission and edited for clarity) after the jump…

As we use IP to transport any application, we automatically inherit all the threats from the IP world, such as denial of service attacks, man-in-the-middle (MITM) attacks or viruses.

To avoid all these attacks, customers can use antivirus software to protect their video end-points, and encryption (based on SIP/TLS and SRTP) for the control channel and the media flows. The session border controller has an advantage in comparison of the traditional firewall because it’s adapted to these media flows; it can be used as a proxy between the external world and the enterprise LAN.

In general my recommendations to my customers are the following:

1) Against insecure endpoints and servers: Certificates with a public key infrastructure (PKI) should be mandatory and deployed for all the endpoints used (smartphones, IP-DECT, IP or SIP hardphones and servers).

2) Against attacks on the control channel: The encryption of the signaling should be mandatory by default with SIP/TLS.

3 ) Against eavesdropping/modification: The encryption of the media (voice and video) should be enabled by default with SRTP.

4) Against attacks on SIP trunking: The mutual authentication should be used between the devices used to establish this trunk. The encryption (signaling/media) can be used against the MITM attacks. I suggest also to finish all the SIP trunks on a SIP proxy, such as the SBC and not directly on an internal SIP server. The SBC can be a filter for all the SIP sessions established between an external cloud and an enterprise.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kashifnazeer1
    I go through the risks and threats related to [A href="http://vqlive.com"]video conferencing[/A]. these common risks are now covering up by the introduction of telephrencing. this new concept makes the conferencing more secure and faster
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: