UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1



Similar documents
Autodesk PLM 360 Security Whitepaper

Security Policy JUNE 1, SalesNOW. Security Policy v v

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

ProjectManager.com Security White Paper

SITECATALYST SECURITY

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Brochure Achieving security with cloud data protection. Autonomy LiveVault

IBX Business Network Platform Information Security Controls Document Classification [Public]

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

Enterprise level security, the Huddle way.

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Security & Infrastructure White Paper

FormFire Application and IT Security. White Paper

BKDconnect Security Overview

Security Whitepaper: ivvy Products

Small Business IT Risk Assessment

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Retention & Destruction

SNAP WEBHOST SECURITY POLICY

MEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview

Security & Infra-Structure Overview

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

SaaS Security for the Confirmit CustomerSat Software

Understanding Sage CRM Cloud

State of Texas. TEX-AN Next Generation. NNI Plan

SECURITY DOCUMENT. BetterTranslationTechnology

Cloud Management. Overview. Cloud Managed Networks

Security Overview Introduction Application Firewall Compatibility

GTS Software Remote Desktop Services

redcoal SMS for MS Outlook and Lotus Notes

LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely

WebEx Security Overview Security Documentation

GiftWrap 4.0 Security FAQ

GlobalMeet Secure Meetings December, 2010

Security Whitepaper. NetTec NSI Philosophy. Best Practices

Hosted Testing and Grading

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

Avaya TM G700 Media Gateway Security. White Paper

Avaya G700 Media Gateway Security - Issue 1.0

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

SAS 70 Type II Audits

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Famly ApS: Overview of Security Processes

Security Information & Policies

Injazat s Managed Services Portfolio

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Security Controls for the Autodesk 360 Managed Services

Supplier Security Assessment Questionnaire

Birst Security and Reliability

BeamYourScreen Security

Web Conferencing: Unleash the Power of Secure, Real-Time Collaboration

Storage Guardian Remote Backup Restore and Archive Services

Perceptive Software Platform Services

MIKOGO SECURITY DOCUMENT

custom hosting for how you do business

MIGRATIONWIZ SECURITY OVERVIEW

NetSuite Data Center Fact Sheet

join.me architecture whitepaper

Supplier Information Security Addendum for GE Restricted Data

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

How To Secure An Rsa Authentication Agent

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Interwise Connect. Working with Reverse Proxy Version 7.x

KeyLock Solutions Security and Privacy Protection Practices

SaaS Security for Confirmit Horizons

Projectplace: A Secure Project Collaboration Solution

WebEx Remote Access White Paper. The CBORD Group, Inc.

Information Technology Security Procedures

Tk20 Network Infrastructure

White Paper. BD Assurity Linc Software Security. Overview

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect

Securing the Service Desk in the Cloud

Unleashing the power of real-time collaboration:

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Cloud Management. Overview. Cloud Managed Networks

An Overview of the SaskTel Hosted Contact Centre Solution Design and Delivery Principles, and Core Architecture

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

HIPAA Privacy & Security White Paper

GTS Software Pty Ltd. Remote Desktop Services

Online backup subscription service and security overview

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Transcription:

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1

As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel, they do so in the face of great political and economic change. All organizations using web and audio conferencing need to be confident that their presentations and meetings are protected. Whether meeting internally or with trusted external parties, it is important for meeting participants to be able to collaborate and share sensitive corporate information freely yet securely, within the confines of strict firewall protection. With these goals in mind, Unified Meeting 5 was developed to be secure by design, providing users with high-level security throughout all phases of conferencing, presentation storage, delivery and collaboration. Security applies to Unified Meeting 5 in four ways, through: Access Security Session Management Content Security Secure Application Design This paper describes how security controls are effectively used to protect organizations using Unified Meeting 5. It includes discussions of how Unified Meeting 5 provides standard security protocols at the account and presentation levels, additional security options such as Secure Sockets Layer (SSL) 128-bit encryption and firewall transparency. Main Benefits Moderators and presenters install the Unified Meeting 5 application that can be deployed organization-wide via MSI. The MSI file can be evaluated by an organization s system administrators and used with any configuration management system. Using the MSI, Unified Meeting 5 can be remotely installed on users desktops within the controlled environment of the organization. Participants have the option of installing the application or using a secure client that is 100% browser based. All Unified Meeting 5 features are firewall transparent, meaning that the system adapts to the security policies of firewalls for which regular web browsing is enabled. Unified Meeting 5 does not try to circumvent firewall security policies. Unified Meeting 5 uses HTTPS on port 443. INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 2

Access Security Unified Meeting 5 uses industry-standard security protocols at the account and presentation levels. Access Security Features Audio Leader PIN Every account holder is assigned a strong web password and a Personal Identification Number (PIN). The web password allows you to install the client portion of Unified Meeting 5 on your computer. The installation will also automatically attach to Outlook installed on the computer to add a button that allows you to schedule web an audio meetings. The audio leader PIN provides security that will allow you to authenticate yourself to the audio system to ensure you are the moderator. Both the web password and audio leader PIN should be kept confidential. Consecutive attempts to enter an invalid password or PIN while trying to access either web or voice portions of a meeting will result in a lock on the account. Participant Identification Moderators may require their attendees to identify themselves upon entering a meeting. When attendees enter the participant ID, they announce their web presence to the moderator. Moderator Dial-Out The moderator can dial out to participants instead of having them dial into the meeting. This allows moderators to validate the participant and control the dissemination of meeting numbers. Locking the Door Moderators may lock the door to a meeting. Participants trying to enter the audio and/or web portion of a meeting go into a virtual waiting room where they wait to be greeted and admitted by the moderator. The moderator can admit participants in the waiting room via the telephone keypad (DTMF command) or the web interface. Dismissing Participants A moderator can quickly dismiss an individual or all participants from a Unified Meeting 5 session. When a participant is dismissed, that person is dismissed from both the audio and web portions of the meeting. Session Management Session Management Features Session Timeout Unified Meeting 5 sessions will time-out after 30 minutes of inactivity. After 30 minutes, the account is logged out, but this action does not affect meetings in progress. End of Meeting When a moderator ends a meeting, participants are automatically dismissed from the web portion of the meeting and the moderator can optionally choose to dismiss audio participants from the voice portion of the conference. INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 3

Randomly Generated Session Management Values Unified Meeting 5 uses a randomly generated token, chosen from 42 billion possible combinations and stored as a session (non-persistent) cookie, to identify a logged-in account holder. It is needed to authenticate your credentials with the backend servers. When the Unified Meeting 5 session is terminated, both the cookie and the token disappear. Participants require the same token on a session cookie to access a meeting. Content Security Unified Meeting 5 allows organizations to go beyond access security and offers multiple levels of content security that are designed to suit the needs of the organization. Content Security Features SSL Encryption Unified Meeting 5 offers 128-bit Secure Sockets Layer (SSL) encryption for all login and password information, and application sharing. This option provides the same level of security used by online financial institutions. You need the same session management token for reaching a meeting as you would to access any content from Unified Meeting 5 servers. Database Unified Meeting 5 databases are not publicly addressable. Only machines within its data center with IP addresses that are on an access list can reach them. Authentication for this data is enabled on the table level. That means someone without the proper credentials cannot query against the database, even if they have gained access to the machine. Secure Application Design Secure Application Design Features Operating Systems Unified Meeting 5 is based on standard web server technology (Linux servers) and proprietary servers developed from the ground up. They are built specifically to meet the demands of online conferencing. All servers are locked down using best practices, as well as proprietary security measures. Testing Fields and Processes All user input fields are checked for validation and length restrictions. All processes are extensively tested before being put into production. Security Event Logging and Archiving Security logs are recorded and archived for all components. System Development Life Cycle (SDLC) Security is designed and applied from the ground up and throughout the development and product life cycle. INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 4

Change Management Implementation and rollback plans are mapped out in detail before any changes are made. Releases follow a formalized product release cycle and are thoroughly tested on pre-production servers to ensure that upgrades do not affect functionality or meeting data. Web Specific Application Standards Encryption By design, no confidential information is available in either URL or HTTP headers. Using SSL, all confidential customer information is sent fully encrypted. World-Class Infrastructure Unified Meeting 5 offers a distributed architecture where several geographically dispersed and load balanced servers allow for managing content, sharing applications, and controlling codes. This enables Unified Meeting 5 to scale beyond single server systems. Unified Meeting 5 s reliability and security are further enhanced by the use first-tiered Internet Data Center (IDC) service providers with co-location agreements throughout the world. Most IDC partners supporting Unified Meeting 5 are ISO 17799 certified or SAS 70 Type II audited and operate state-of-the-art facilities offering these features. 24/7 security-controlled access (i.e., guards, cameras, motion sensors, etc.) 100% guarantee of uninterrupted power supply via the N + 1 standard Raised floors Line sensor water detection system HVAC temperature-control systems with separate cooling zones Seismically braced racks (where applicable) Redundant subsystems (i.e., fiber cables, power supply) Smoke detection and fire suppression systems Third-Party Operational Control Security Standards Administrative Procedures Various first-tiered IDC service providers host Unified Meeting 5 Internet data centers. Companies such as COLT Telecommunications, Savvis Communications, and PacNet provide the physical environment necessary to keep Unified Meeting 5 servers up and running at all times Within these facilities, Unified Meeting 5 can deliver the highest levels of reliability through a number of redundant systems, such as multiple fiber trunks coming into each IDC from multiple sources, fully redundant power on the premises, and multiple backup generators. There is also around-the-clock systems management with onsite personnel trained in the areas of networking, Internet, and systems management. The result is a physical and technical environment affording customers the reliability and security that they need. INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 5

Data Backup Nightly backups are performed on all database information. This data is encrypted and stored offsite for long-term storage purposes. No customer uploaded content is backed up or stored outside our infrastructure. No back-up tapes are used to store data. Disaster Contingency and Business Resumption Plans Unified Meeting 5 promotes a culture of security and reliability that manifests itself in resilience procedures that account for even the most exceptional disruptions. Disaster Contingency Plans MONITORING AND MAINTENANCE Unified Meeting 5 provides constant system monitoring, with random testing of pagers and alert procedures for response times. There are also regular capacity reporting and planning plus preventative maintenance programs Every quarter, system failures are simulated to test recovery processes. OFFSITE BACKUP STORAGE All database and customer content is replicated within and between our IDC s for disaster recovery purposes. If a customer deletes their content, it will also be deleted in the replicated repository. Warm/Hot Sites Unified Meeting 5 employs a multi-redundant site architecture that enables the capability of switching from a failed data center to another in case of disaster. If a Unified Meeting 5 conference server experiences failure, the meeting can be restarted and the system will automatically relocate to a different server and/or data center. Business Continuity Planning All critical customer transactions benefit from existing backup, redundancy, and recovery programs. On request and on a limited basis, some components of the infrastructure can be dedicated to specific customer needs. Redundancy and Fail-Over Procedures All Unified Meeting 5 servers and communications lines are redundant and located throughout its multi-site international infrastructure. In case of localized failure, Unified Meeting 5 will re-route new meetings to another data center. Internet Infrastructure Security Standards Firewall Compatibility Unified Meeting 5 is a firewall-friendly program but will not function correctly if a client-side firewall blocks access to Unified Meeting 5 IP addresses or filters JavaScript. Unified Meeting 5 is designed to be compatible with any firewall/proxy configurations that allow users to browse the web using HTTPS over port 443. Note: Unified Meeting 5 only requires outbound connections on port 443. Inbound connections are not required and never attempted. Please see the Error! Reference source not found. section for more information on the usage of ports in the Unified Meeting 5. INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 6

Host/Network Intrusion Detection Systems Compatibility Unified Meeting 5 uses industry standard tools for host/network monitoring, as well as proprietary controls for improved intrusion detection. At the meeting level, all connections to Unified Meeting 5 are identified and listed in the moderator interface, and the moderator always has power to disconnect any unauthorized connection, as well as the ability to lock the conference to limit further access. Standards for Third-Party Hosted Internet Infrastructure Applications or Services FIREWALLS All Unified Meeting 5 servers are protected by firewalls and carefully monitored for intrusion. REAL-TIME ALARMS All Unified Meeting 5 servers and devices are capable of raising real-time alarms in the case of failure or intrusion detection. Network operations centers are staffed at all hours to respond to alarms. METHODS FOR SECURITY EVENT LOGGING AND ARCHIVING BY COMPONENT Unified Meeting 5 monitoring tools produce continuous logs of transactions/events. ONGOING THIRD-PARTY CERTIFICATION PROGRAMS Annual security assessments, Network Vulnerability and Web Application Penetration Tests, of the production network and infrastructure of Unified Meeting 5 facilities are conducted by qualified third parties and certifications have been received to confirm that the production network supporting the Unified Meeting 5 platform is free of all known material security vulnerabilities. INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information