Connectivity to Polycom RealPresence Platform Source Data



Similar documents
Software 1.1 May B SERVICE PORTAL OVERVIEW. RealAccess. Polycom, Inc. 1

RealPresence Platform Director

Polycom RSS 4000 / RealPresence Capture Server 1.6 and RealPresence Media Manager 6.6

GETTING STARTED GUIDE. 1.3 September D. Polycom RealAccess

WHITEPAPER. February A. RealPresence One. Product Definition and Licensing. Polycom, Inc. 0

Polycom RealPresence DMA 7000 System, Virtual Edition

Polycom RealPresence DMA 7000 System, Virtual Edition

Broadcasting Audio Messages with Group Paging and Push-to-Talk

RealPresence Resource Manager System

PortSIP Encryption Relay Server Deployment Guide

Syslog on Polycom Phones

RealPresence Media Manager Blackboard Learn 9.1 Learning Management System Integration Guide

Device Certificates on Polycom Phones

Using Multiple Appearance Directory Number - Single Call Appearance with Polycom Phones

Information on Syslog For more information on syslog, see RFC Released: December 2006 Interoperability issues: None. Table 1: Syslog at a Glance

Using Premium Automatic Call Distribution for Call Centers

Polycom RealPresence Access Director System

Polycom RealPresence DMA 7000 System

Using Feature Synchronized Automatic Call Distribution with Polycom Phones

Getting Started Guide Polycom RealPresence Resource Manager System, Appliance Edition

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Customizing the Display Background on Polycom VVX Business Media Phones

Deploying Polycom SoundStation IP Conference Phones with Cisco Unified Communications Manager (CUCM)

Security Slots on Polycom SoundPoint IP, SoundStation IP, SoundStation Duo and VVX Series Phones

Deploying and Configuring Polycom Phones in 802.1X Environments

Supporting the Calendar, Instant Messaging, and Presence Features on Polycom Phones

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Using the Unified Call Appearance List

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Using Feature Synchronized Automatic Call Distribution with Polycom Phones

Engineering Advisory Power Consumption and Management on Polycom Phones

Security Advisory Relating to OpenSSL Vulnerability Heartbleed on Various Polycom Products

Dell One Identity Cloud Access Manager Installation Guide

Using Enhanced Feature Keys and Configurable Soft Keys on Polycom Phones

Copyright

Dell One Identity Cloud Access Manager How to Configure for High Availability

Using custom certificates with Spectralink 8400 Series Handsets

Polycom Unified Communications in RealPresence Access Director System Environments

Security Advisory Relating to Multiple OpenSSL Vulnerabilities on Various Polycom Products.

How To Secure An Rsa Authentication Agent

Polycom Unified Communications in RealPresence Access Director System Environments

Polycom RealPresence Resource Manager System

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Polycom CMA System Upgrade Guide

Polycom VVX 300, 310, 400 and 410 Business Media Phone

FileCloud Security FAQ

How to Provision a Polycom Phone

Broadcasting Audio Messages with Group Paging and Push-to-Talk

Installing Software and Options for Polycom HDX Systems and Accessories. Overview. Polycom HDX System and Options. Polycom Touch Control

Polycom RealPresence Access Director System

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

Software Development Kit (SDK)

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Polycom RealPresence Resource Manager System Getting Started Guide

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Secure Installation and Operation of Your Xerox Multi-Function Device. Version 1.0 August 6, 2012

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

Xerox Mobile Print Cloud

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Strong Authentication for Juniper Networks

SERENA SOFTWARE Serena Service Manager Security

Using Polycom VVX Business Media Phones with Microsoft Lync Server 2013

Security Advisory Relating to OpenSSL Vulnerability Heartbleed on Various Polycom Products

CA Performance Center

IBM Connections Cloud Security

Cisco UCS Director Payment Gateway Integration Guide, Release 4.1

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

How To Use A Presence Desktop On A Pc Or Mac Or Ipad (For A Non-Profit) For Free

White Paper. BD Assurity Linc Software Security. Overview

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

OVERVIEW. DIGIPASS Authentication for Office 365

Mitigating Risks and Monitoring Activity for Database Security

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Xerox Mobile Print Cloud

Case Study. Microsoft Azure Cloud Migration For Idea Management Tool. Microsoft Azure.

Polycom RealPresence Cloud

QLIKVIEW MOBILE SECURITY

PRIVACY, SECURITY AND THE VOLLY SERVICE

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

Contents Notice to Users

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Technical Bulletin 5844

The Evolving Threat Landscape and New Best Practices for SSL

Intunex Oy Skillhive Service Description 1 / 6

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 Part Number: E April 2016

Organized, Hybridized Network Monitoring

Xerox FreeFlow Digital Publisher Information Assurance Disclosure. Onsite, Cloud and epublishing Configurations

Dell Statistica. Statistica Document Management System (SDMS) Requirements

New Security Features

Quest Collaboration Services How it Works Guide

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Release Notes for Version

Strong Authentication for Juniper Networks SSL VPN

Transcription:

Polycom RealAccess Security White Paper The Polycom RealAccess service is delivered using the Software as a Service (SaaS) model. This white paper outlines how the service protects sensitive customer data from unauthorized access. RealAccess provides a subscribing customer access to a dedicated web portal, which includes a broad range of on-demand monitoring and managing of videoconferencing services along with in-depth reporting capabilities. Reports are based on data collected from a customer s Polycom RealPresence Platform and automatically uploaded to the cloud-based RealAccess portal using a data extraction agent installed on the customer s premises. Potential Points of Vulnerability The following potential points of vulnerability with the RealAccess portal are outlined in this white paper: Connectivity to Polycom RealPresence Platform source data Transfer of customer data over the Internet to the RealAccess data store Storage of information on the RealAccess cloud-based database server Display and delivery of information between the RealAccess portal and end users via web browsers User authentication to access information Connectivity to Polycom RealPresence Platform Source Data The RealAccess agent gathers data from various RealPresence Platform sources and transports it to the RealAccess data store. The following diagram is an overview of the security provided by RealAccess. August 2015 3725-71965-001A 1

RealAccess software agent The agent is an instance operating as a virtual machine. The agent s OS has been hardened with the latest security patches, best practices for software configurations, and the removal of unnecessary services. Additionally, the OS security has been verified using security scan tools, including Nessus, Nexpose, and Nmap, as well as manual testing. The agent resides in the customer s DMZ, with access to the cloud and the RealPresence Platform component(s) on the customer s RealPresence video network. The agent has only one login for administrative access by the Polycom administrator. There is a service on the agent that uses device-specific credentials to make API calls on specific ports to access data from sources such as call servers (Polycom RealPresence Distributed Media Application (DMA )), scheduling and provisioning servers (Polycom RealPresence Resource Manager), and media controllers (MCU). While accessing these devices, all credentials are encrypted via https tunnel using TLS with 256-bit encryption. The agent does not store data collected from the RealPresence Platform in any shape or form (cache or storage) in its archives. If you would like to perform penetration testing of the agent prior to deployment, contact your Polycom Representative for more information. Transfer of Customer Data Over the Internet to the RealAccess Data Store The next step in the data delivery process is to transport and deposit customer data to the RealAccess data store, located in an SSAE 16 Type II certified data center. All communication with the RealAccess Polycom, Inc. 2

agent and data store is via an OpenVPN tunnel. Any attempt to monitor the link between the agent and data center servers will only show encrypted data packets instead of cleartext information. All maintenance activities, OS patching, code updates, and NTP time synchronization for the agent are handled via this OpenVPN tunnel from the data center. Storage of Information on the RealAccess Cloud-Based Database Server The RealAccess database server is located in an SSAE 16 Type II certified data center that runs dedicated databases and application servers. When the RealAccess database server receives data from the customer, it is verified for integrity, processed, and saved onto the database. The RealAccess database and application servers reside in the data center behind a fully patched Check Point firewall. Access for any services not required by RealAccess is blocked. Each customer s data resides in the multitenant system and is compartmentalized using access controls to provide data isolation between RealAccess customers. Servers are located in a secure data center, with only authorized data center staff members having access. The servers are not directly accessible from outside the data center, and all customer data is backed up on a daily basis. Customer data is encrypted at rest and will be anonymized upon customer request at the end of a subscription. The anonymization process includes and is not limited to searching and sanitizing all customer-specific data (such as name, site information, and IP address) with randomly generated alphanumeric characters. Display and Delivery of Information Between the RealAccess Portal and End Users via Web Browsers All communication with the RealAccess portal web servers and client browsers is over a standard secure SSL connection that encrypts all requests and responses. This is achieved with an https connection that uses TLS1.2 with a 256-bit encryption layer of SSL using certificates. This connection is encrypted and authenticated using AES_128GCM with DHE_RSA as the key exchange mechanism. Anyone snooping packets traveling between the web server and the user s browser will only see strongly encrypted data packets. Additionally, thorough penetration tests were conducted using automated and manual methods to ensure that the portal is free of cross-site scripting (XSS), cross-site request forgery (XSRF), and cookie-sniffing vulnerabilities, as well as other security bugs. User Authentication to Access Information User authentication for RealAccess is done two ways. The simplest is to use the authorized customer domain. Users who are part of this domain can use their email address to register at the self sign-in portal. They then authenticate themselves with the emailed activation link and choose a password. The other way is to use the RealAccess portal authentication service, which supports Active Directory Federation Services (AD FS).With this method, the portal already is set up for single sign-on (SSO) and Polycom, Inc. 3

integrated with the customer s active directory via SAML. The user can then use their network credentials to log into the portal. With this method, the user first logs into the portal with their enterprise network credentials. The request is forwarded on a secure https connection that uses TLS1.2 with 256-bit encryption to the customer federation services, which look up the user. The response is then passed to the portal with an allow/deny message. Both authentication methods were tested manually and automatically for security weaknesses using tools such as Burp Suite and AppScan. The following diagram is an overview of the SSO message flow in RealAccess. RealAccess SSO message flow Contact Information For more information, contact your Polycom Representative. Polycom, Inc. 4

Copyright 2015, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Polycom, Inc. 6001 America Center Drive San Jose, CA 95002 USA Polycom, the Polycom logo and the names and marks associated with Polycom products are trademarks and/or service marks of Polycom, Inc. and are registered and/or common law marks in the United States and various other countries. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Polycom. End User License Agreement By installing, copying, or otherwise using this product, you acknowledge that you have read, understand and agree to be bound by the terms and conditions of the End User License Agreement for this product. Patent Information The accompanying product may be protected by one or more U.S. and foreign patents and/or pending patent applications held by Polycom, Inc. Open Source Software Used in this Product This product may contain open source software. You may receive the open source software from Polycom up to three (3) years after the distribution date of the applicable product or software at a charge not greater than the cost to Polycom of shipping or distributing the software to you. To receive software information, as well as the open source software code used in this product, contact Polycom by email at OpenSourceVideo@polycom.com. Disclaimer While Polycom uses reasonable efforts to include accurate and up-to-date information in this document, Polycom makes no warranties or representations as to its accuracy. Polycom assumes no liability or responsibility for any typographical or other errors or omissions in the content of this document. Limitation of Liability Polycom and/or its respective suppliers make no representations about the suitability of the information contained in this document for any purpose. Information is provided as is without warranty of any kind and is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall Polycom and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive or other damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Polycom has been advised of the possibility of such damages. Customer Feedback We are striving to improve our documentation quality and we appreciate your feedback. Email your opinions and comments to DocumentationFeedback@polycom.com. Visit the Polycom Support Center for End User License Agreements, software downloads, product documents, product licenses, troubleshooting tips, service requests, and more. Polycom, Inc. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information