Encrypted Video Conferences

When holding corporate video conferencing, privacy is an essential factor. Intruders should be prevented from accessing data even in case they manage to invade a company’s internal network.

We take the privacy of our customers’ conferences seriously. TrueConf Server provides multiple security levels: from basic to cryptographically impregnable.

Level 1. Mandatory Authorization

Unauthorized users cannot access TrueConf Server (except for guests in public conferences) without authorization that always requires users to enter their logins and passwords. Administrators create each user account manually in the TrueConf Server control panel, or upload accounts automatically thanks to synchronization with Active Directory.

When you are planning to hold a public conference (i.e. webinar), you can provide unauthorized users with limited guest access.

Level 2. Proprietary Video Codec

To encode video streams, we use our own implementation of VP8 video codec with advanced SVC support. Eventually, even if a video stream is seized (which is also almost impossible – see the following sections), intruders cannot decode video by standard means.

Level 3. Single port operation

Only 4307 TCP port is used for transmitting media streams and signal data between TrueConf applications and TrueConf Server over trueconf protocol. Traffic is encrypted using TLS and AES-256.

If you are not planning to use third-party protocols (WebRTC, SIP, H.323, RTSP or RTMP), you can close all ports except for 4307 and 443 (used for secure HTTPS connection) on your networking equipment. This will guarantee total safety of your video conferencing system on a hardware level.

Level 4. Access permissions

You can limit access to your TrueConf Server instance with IP address range or with separate admin accounts. Alternatively, you can provide access to the TrueConf Server control panel only to the computers within your corporate LAN.

Level 5. Control data encryption

Our protocol for transmitting signals regulating data exchange is encapsulated within a well-established transport layer security protocol (TLS), a more modern version of SSL protocol. This protocol is also used for connection security via SIP and WebRTC third-party protocols. They are used for connection with browsers and video conferencing endpoints via TrueConf Server multiprotocol gateway.

Level 6. Media data encryption

Audio and video streams are additionally protected with AES-256 symmetric encryption standard. This method works with 265-bit keys, which provides a higher level of security. The AES (Advanced Encryption Standard) itself is a conventional standard. Even if an intruder has successfully intercepted traffic, the user won’t be able to reconstruct the data stream as it requires a secret single-use key which is used for encryption of the session between a server and a client.

Media data (video, audio, content) transmitted via TrueConf Server gateway are also encrypted, depending on the technology used:

• WebRTC – with DTLS and SRTP protocols and algorithms.
• SIP – with SRTP protocol.
• H.323 – with H.235 protocol.

Level 7. End-to-end encryption using VPN gateways

To make sure that the privacy of communications in your enterprise network segments is protected, you can install software or hardware VPN gateways that provide end-to-end encryption of all corporate traffic over the ports used by TrueConf services. As we’ve mentioned earlier in this post, only two ports are required.

Our support team will be happy to help you configure TrueConf to integrate with a VPN system of your choice.

Level 8. Offline operation in your corporate network

The last but not the least, if you are using cloud-based and hybrid video conferencing systems, you may face the following issues:

• Cloud-based services store information on their own servers, which may put at risk your corporate sensitive information, such as user accounts, reports, device configuration, etc.
• System administrators who operate data centers of such video conferencing services may have access to the runtime environment and its file system.
• Cloud-based services employees may create risks of compromising information about your negotiations as part of the implementation of foreign legislation on the disclosure of user data or for various certifications.
• Recordings of your conversations can be available to any hacker in the Internet who has intercepted username and password from your account.

Using TrueConf Server prevents these risks. Only your employees have physical access to servers that provide the functionality of video conferencing system services. TrueConf Server itself is stand-alone and doesn’t require an internet connection so it can be isolated in the local network. Hence, users can access the server’s services over LAN.

Level 9. Access to TrueConf Server API via protected OAuth 2.0 protocol

TrueConf Server provides a rich set of API tools for a complete integration of your video conferencing system and third-party software. OAuth 2.0 mechanism that is used for this purpose provides a number of advantages:

• Working over the secure HTTPS Protocol.
• Delimiting application access to the API according to the role and configured permissions.
• Application authorization process using a complex short-lived access token without the need to visibly enter a username and password.

For more information about working with the TrueConf Server API, read the corresponding article in our knowledge base.