RE: Enterprise web conferencing

["Dan Lynch" <DLynch () placer ca gov>]

I'd sure appreciate any thoughts on this subject. Has anyone considered
using Sonexis, RHUB, ConnectConferencing, AlphaLogix, Juniper NetScreen
Secure Meeting appliance or similar? What concerns did you address, or
did you discover after implementation?

Thanks,

- Dan

Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA

> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of Dan Lynch
> Sent: Thursday, October 18, 2007 4:26 PM
> To: security-basics () securityfocus com
> Subject: Enterprise web conferencing
>
> Greetings group,
>
> My organization will soon be implementing an appliance-based 
> tele-conferencing/web-conferencing solution. The intent is to 
> allow internal users to set up both phone and web conferences 
> among themselves across operational divisions and across 
> physical locations. These will include application and 
> desktop sharing, as well as occasional remote control. There 
> is also the desire to allow outside users (vendors, etc.) to 
> join in these conferences.
>
> I'm looking for guidance regarding the security issues of 
> these solutions. I plan on mentioning the accidental 
> disclosure of private data while sharing screens. I wonder 
> how the lack of adequate logging might dilute accountability. 
> I'm concerned that inside users must authenticate through 
> this device against our active directory, but the device must 
> be internet-accessible on a DMZ to allow outside users access.
>
> What would you worry about? How would you mitigate your concerns? 
>
> Thanks in advance,
>
> - Dan
>
> Dan Lynch, CISSP
> Information Technology Analyst
> County of Placer