When holding corporate video conferencing, privacy is an essential factor. Intruders should be prevented from accessing data even in case they manage to invade a company’s internal network.
We take the privacy of our customers’ conferences seriously. TrueConf Server provides multiple security levels: from basic to cryptographically impregnable.
Table of Contents
Level 1. Authorization settings and rights restrictions
Unregistered users cannot connect to the TrueConf Server video conferencing system without your consent. User authorization data is either specified by the server administrator individually for each user or imported from the directory service via LDAP (Active Directory, OpenLDAP, FreeIPA and so forth).
The administrator can configure additional settings to increase access security:
- Activate two-factor authorization (2FA)
- Use single sign-on (SSO) technology when integrating with directory services via LDAP
- At any moment, the admin can either disconnect (log out) a TrueConf user from the video conferencing server or even fully deactivate the account
- Restrict the lifetime of authorization session keys to make sure that users have to sign in with their password if they want to continue working with the system (this precaution may be helpful in some cases when users forget to lock their PCs)
- Set password strength requirements (when creating user accounts manually in Registry mode)
- Configure account lockout policy if a user enters an incorrect password multiple times (also available when running the server in integration with an LDAP directory)
- Specify permissions for each user group.
To hold public conferences (e.g., webinars), you can provide unauthorized users with guest access (participation parameters can be finetuned). You will be able to:
- Restrict guest permissions at the conference level
- Activate mandatory registration for the webinar
- Restrict the features available to guest users (restrictions will apply to all conferences).
Level 2. Proprietary Video Codec
To encode video streams, we use our own implementation of VP8 video codec with advanced SVC support. Eventually, even if a video stream is seized (which is also almost impossible – see the following sections), intruders cannot decode video by standard means.
Level 3. Single port operation
Only 4307 TCP port is used for transmitting media streams and signal data between TrueConf applications and TrueConf Server over trueconf protocol. Traffic is encrypted using TLS and AES-256.
If you are not planning to use third-party protocols (WebRTC, SIP, H.323, RTSP or RTMP), you can close all ports except for 4307 and 443 (used for secure HTTPS connection) on your networking equipment. This will guarantee total safety of your video conferencing system on a hardware level.
Level 4. Administration access control in the video conferencing server
You can allow access to the TrueConf Server control panel at different levels:
- Only from the computers in the local network
- Specify the range of IP addresses from which one can access the control panel
- Select user accounts in the OS where TrueConf Server is installed
- Specify access level for each TrueConf Server administrator: full access or only the right to view reports and video recordings of conferences.
These safeguards will ensure that outsiders cannot access the control panel.
Level 5. Control data encryption
Our protocol for transmitting signals regulating data exchange is encapsulated within a well-established transport layer security protocol (TLS), a more modern version of SSL protocol. This protocol is also used for connection security via SIP and WebRTC third-party protocols. They are used for connection with browsers and video conferencing endpoints via TrueConf Server multiprotocol gateway.
When setting up integration with directory services, one can use the secure LDAPS protocol with a TLS certificate.
Level 6. Media data encryption
Audio and video streams are additionally protected with AES-256 symmetric encryption standard. This method works with 265-bit keys, which provides a higher level of security. The AES (Advanced Encryption Standard) itself is a conventional standard. Even if an intruder has successfully intercepted traffic, the user won’t be able to reconstruct the data stream as it requires a secret single-use key which is used for encryption of the session between a server and a client.
Media data (video, audio, content) transmitted via TrueConf Server gateway are also encrypted, depending on the technology used:
- WebRTC – with DTLS and SRTP protocols and algorithms.
- SIP – with SRTP protocol.
- H.323 – with H.235 protocol.
Level 7. End-to-end encryption using VPN gateways
To make sure that the privacy of communications in your enterprise network segments is protected, you can install software or hardware VPN gateways that provide end-to-end encryption of all corporate traffic over the ports used by TrueConf services. As we’ve mentioned earlier in this post, only two ports are required.
Our support team will be happy to help you configure TrueConf to integrate with a VPN system of your choice.
Level 8. Offline operation in your corporate network
Most importantly, when using TrueConf Server, you can fully eliminate the risks related to cloud providers:
- Only your employees have physical access to servers that provide the functionality of video conferencing system services.
- TrueConf Server itself is stand-alone and doesn’t require an internet connection so it can be isolated in the local network. Hence, users can access the server’s services over LAN.
- You take full control over the allocation of hardware resources for the components of TrueConf Server. One can rest assured that these resources are not taken by third-party software solutions.
When using cloud-based and hybrid video conferencing systems, you cannot ensure that:
- The developers of cloud-based services do not have remote access to their servers, reports, parameters of conference participants’ devices, and other sensitive information.
- System administrators who operate data centers of such video conferencing services do not have access to the runtime environment and its file system.
- The employees of these services do not compromise information about your negotiations in order to comply with foreign legislation on the disclosure of user data or to obtain certain certifications.
- Recordings of your negotiations cannot be accessed by any hacker in the Internet who intercepted the login and password to your account.
Level 9. Flexible settings of file storage period
To improve data security, a TrueConf Server administrator can configure separate storage period settings for:
- Video recordings of conferences and one-on-one calls
- Files sent by users in private and group chats.
In addition, it is possible to limit the amount of disk space available for storing chat files.
Level 10. Access to TrueConf Server API via protected OAuth 2.0 protocol
TrueConf Server provides a rich set of API tools for a complete integration of your video conferencing system and third-party software. OAuth 2.0 mechanism that is used for this purpose provides a number of advantages:
- Working over the secure HTTPS Protocol.
- Delimiting application access to the API according to the role and configured permissions.
- Application authorization process using a complex short-lived access token without the need to visibly enter a username and password.
For more information about working with the TrueConf Server API, read the corresponding article in our knowledge base.
Level 11. Regular security updates
We adopt the following practices to make sure that TrueConf Server is fully safeguarded against possible attacks:
- In addition to internal audit, our software is regularly tested for potential vulnerabilities by domestic and foreign customers.
- All detected vulnerabilities are listed in the database of the National Institute of Standards and Technology (NIST).
- As a vendor, we promptly release security updates for all detected vulnerabilities.
Level 12. Encryption support for all stored data
Feel free to use third-party encryption methods because they will not affect the performance of TrueConf Server:
- Hardware encryption of the entire disk
- Software encryption at the level of logical disk partition (e.g., eCryptis for Linux or BitLocker for Windows).