Security Basics mailing list archives
Enterprise web conferencing
From: "Dan Lynch" <DLynch () placer ca gov>
Date: Thu, 18 Oct 2007 16:26:04 -0700
Greetings group, My organization will soon be implementing an appliance-based tele-conferencing/web-conferencing solution. The intent is to allow internal users to set up both phone and web conferences among themselves across operational divisions and across physical locations. These will include application and desktop sharing, as well as occasional remote control. There is also the desire to allow outside users (vendors, etc.) to join in these conferences. I'm looking for guidance regarding the security issues of these solutions. I plan on mentioning the accidental disclosure of private data while sharing screens. I wonder how the lack of adequate logging might dilute accountability. I'm concerned that inside users must authenticate through this device against our active directory, but the device must be internet-accessible on a DMZ to allow outside users access. What would you worry about? How would you mitigate your concerns? Thanks in advance, - Dan Dan Lynch, CISSP Information Technology Analyst County of Placer
Current thread:
- Enterprise web conferencing Dan Lynch (Oct 19)
- RE: Enterprise web conferencing Dan Lynch (Oct 25)