GITEX Global 2024 on October 14 — 18 in Dubai
Go back

How TrueConf Server protects user data?

March 27, 2024
Dimitrii Zuikov

Dimitrii Zuikov

When holding corporate video conferencing, privacy is an essential factor. Intruders should be prevented from accessing data even in case they manage to invade a company’s internal network.

We take the privacy of our customers’ conferences seriously. TrueConf Server provides multiple security levels: from basic to cryptographically impregnable.

Level 1. Authorization settings and rights restrictions

Unregistered users cannot connect to the TrueConf Server video conferencing system without your consent. User authorization data is either specified by the server administrator individually for each user or imported from the directory service via LDAP (Active Directory, OpenLDAP, FreeIPA and so forth).

TrueConf does not store users’ passwords in an unencrypted form in any of its solutions. Cryptographic hash functions are used for authorization.

The administrator can configure additional settings to increase access security:

To hold public conferences (e.g., webinars), you can provide unauthorized users with guest access (participation parameters can be finetuned). You will be able to:

Level 2. Proprietary Video Codec

To encode video streams, we use our own implementation of VP8 video codec with advanced SVC support. Eventually, even if a video stream is seized (which is also almost impossible – see the following sections), intruders cannot decode video by standard means.

Level 3. Single port operation

Only 4307 TCP port is used for transmitting media streams and signal data between TrueConf applications and TrueConf Server over trueconf protocol. Traffic is encrypted using TLS and AES-256.

If you are not planning to use third-party protocols (WebRTC, SIP, H.323, RTSP or RTMP), you can close all ports except for 4307 and 443 (used for secure HTTPS connection) on your networking equipment. This will guarantee total safety of your video conferencing system on a hardware level.

Level 4. Administration access control in the video conferencing server

You can allow access to the TrueConf Server control panel at different levels:

These safeguards will ensure that outsiders cannot access the control panel.

Level 5. Control data encryption

Our protocol for transmitting signals regulating data exchange is encapsulated within a well-established transport layer security protocol (TLS), a more modern version of SSL protocol. This protocol is also used for connection security via SIP and WebRTC third-party protocols. They are used for connection with browsers and video conferencing endpoints via TrueConf Server multiprotocol gateway.

When setting up integration with directory services, one can use the secure LDAPS protocol with a TLS certificate.

Level 6. Media data encryption

Audio and video streams are additionally protected with AES-256 symmetric encryption standard. This method works with 265-bit keys, which provides a higher level of security. The AES (Advanced Encryption Standard) itself is a conventional standard. Even if an intruder has successfully intercepted traffic, the user won’t be able to reconstruct the data stream as it requires a secret single-use key which is used for encryption of the session between a server and a client.

Media data (video, audio, content) transmitted via TrueConf Server gateway are also encrypted, depending on the technology used:

  • WebRTC – with DTLS and SRTP protocols and algorithms.
  • SIP – with SRTP protocol.
  • H.323 – with H.235 protocol.

Level 7. End-to-end encryption using VPN gateways

To make sure that the privacy of communications in your enterprise network segments is protected, you can install software or hardware VPN gateways that provide end-to-end encryption of all corporate traffic over the ports used by TrueConf services. As we’ve mentioned earlier in this post, only two ports are required.

Our support team will be happy to help you configure TrueConf to integrate with a VPN system of your choice.

Level 8. Offline operation in your corporate network

Most importantly, when using TrueConf Server, you can fully eliminate the risks related to cloud providers:

  • Only your employees have physical access to servers that provide the functionality of video conferencing system services.
  • TrueConf Server itself is stand-alone and doesn’t require an internet connection so it can be isolated in the local network. Hence, users can access the server’s services over LAN.
  • You take full control over the allocation of hardware resources for the components of TrueConf Server. One can rest assured that these resources are not taken by third-party software solutions.

When using cloud-based and hybrid video conferencing systems, you cannot ensure that:

  • The developers of cloud-based services do not have remote access to their servers, reports, parameters of conference participants’ devices, and other sensitive information.
  • System administrators who operate data centers of such video conferencing services do not have access to the runtime environment and its file system.
  • The employees of these services do not compromise information about your negotiations in order to comply with foreign legislation on the disclosure of user data or to obtain certain certifications.
  • Recordings of your negotiations cannot be accessed by any hacker in the Internet who intercepted the login and password to your account.

Level 9. Flexible settings of file storage period

To improve data security, a TrueConf Server administrator can configure separate storage period settings for:

In addition, it is possible to limit the amount of disk space available for storing chat files.

Level 10. Access to TrueConf Server API via protected OAuth 2.0 protocol

TrueConf Server provides a rich set of API tools for a complete integration of your video conferencing system and third-party software.  OAuth 2.0 mechanism that is used for this purpose provides a number of advantages:

  • Working over the secure HTTPS Protocol.
  • Delimiting application access to the API according to the role and configured permissions.
  • Application authorization process using a complex short-lived access token without the need to visibly enter a username and password.

For more information about working with the TrueConf Server API, read the corresponding article in our knowledge base.

Level 11. Regular security updates

We adopt the following practices to make sure that TrueConf Server is fully safeguarded against possible attacks:

  • In addition to internal audit, our software is regularly tested for potential vulnerabilities by domestic and foreign customers.
  • All detected vulnerabilities are listed in the database of the National Institute of Standards and Technology (NIST).
  • As a vendor, we promptly release security updates for all detected vulnerabilities.

Level 12. Encryption support for all stored data

Feel free to use third-party encryption methods because they will not affect the performance of TrueConf Server:

  • Hardware encryption of the entire disk
  • Software encryption at the level of logical disk partition (e.g., eCryptis for Linux or BitLocker for Windows).

Still have questions? Please contact our support team directly via online chat.

Sign up for newsletter