Understanding Video Conferencing Security

For an ISDN video-conferencing system to be secure, it must have security protocols in place for:

• Data storage
• Data transmission

[source: InterCall]

Video conferences are often archived for later use. Since the information discussed in these video conferences could be sensitive, data storage needs to be secure and separate from all other networks. It's not advisable to use standard computers and hard drives to store video-conference data, since these machines are the most susceptible to intrusion, either from internal or external sources [source: Security for Videoconferencing].

Photo courtesy iStockPhoto Videoconferences can be stored for later viewing.

Many companies use subscription video-conferencing services that store all video-conferencing data in special locked-down, off-site facilities. Access to the data is protected by 24-hour surveillance, key cards and biometric scanners [source: InterCall].

Data transmission is the most vulnerable area of video-conferencing security since the data must travel over so many public and private networks to reach its destination. Encryption and network security are the keys to protecting data transmission during a video conference.

The level of encryption depends on the sensitivity of the data. For most non-military organizations, the built-in encryption that comes with the video-conferencing product or service is sufficient. The two most common encryption protocols are 56-bit DES and 128-bit AES encryption [source: Military Information Technology]. The numbers refer to the length of the encryption key, 56 bits or 128 bits. A 128-bit key is nearly impossible to crack because it contains 3.4 X 10³⁸ possible variations.

For government and military data transmission, NSA regulations require that organizations install special encryption boxes to protect classified data. In military security terms, a "secure" network device transmitting classified data is labeled "red" while an unclassified, "unsecure" network component is "black." To secure a military network, there must be an NSA-approved encryption box between each red and black device.

Another video conferencing security concern is something called data radiation. All electronic devices give off a certain amount of radiation that can be intercepted by hackers. Copper phone line cable, for example, can act as an antenna, broadcasting data to those who know how to decipher it [source: Military Information Technology]. And the data radiation from a video screen can be read up to a kilometer away [source: Security for Videoconferencing].

To prevent data radiation during military video conferences, all network devices and materials need to comply with TEMPEST emissions guidelines set forth by the Joint Interoperability Test Command (JITC) [source: Security for Videoconferencing]. TEMPEST-approved devices are tested in a special anechoic chamber that can detect the slightest electronic leaks [source: Military Information Technology].

Now we'll go over how to detect and repair a partially secure ISDN video conferencing setup.