04.04.2020
To Zoom or Not to Zoom
During these COVID-19 times, personal interaction with colleagues and customers is no longer straightforward. Lots of companies are therefore looking into video conferencing solutions. One of the most popular out there, Zoom, recently hit the news with multiple security and privacy issues. Although this definitely needed to be fixed by Zoom (a first update addressing some of these issues was released this week) a lot can be overcome by adhering to some main security principles. Nviso has listed the most important ones.
- Review default configuration and adjust where necessary: In Zoom, a lot of features can be configured. One of the recommended settings is to require a password for all meetings and to not use Personal Meeting ID’s, as these are easy to guess and could be brute forced. Disabling the use of PMI’s will prevent unknown / bad actors from entering your online meeting and you could even configure that all attendees need to wait in the waiting room and are only allowed in the meeting after approval of the host. Another feature that can be configured, is recording of a meeting (in cloud or local). In Zoom you can choose to automatically record meetings as they start, allowing hosts and participants to record meetings. Recordings can also be fully disabled.
- Apply basic hardening to your workstations
- Measurements that you can take as participant of a Zoom call