Summary of site setup recommendations

Download as PDFDownload as PDF

Contents

Network and technology service docs

In this section we list security-related issues to consider when deploying an H.323 service, in particular when joining the JANET H.323 service, using a studio system on the local campus.

Using Janet Videoconferencing

In the context of Janet Videoconferencing, that service will be responsible for:

  • MCU set-up at the JANET C-PoPs;
  • gatekeeper set-up at the JANET C-PoPs;
  • monitoring and security checks of the publicly accessible C-PoP H.323 devices;
  • informing users of the booking system of the importance of the privacy of any booking information the users see (having logged into the booking system);
  • resilience to DoS attacks on the C-PoP-hosted H.323 components.

Responsibilities for sites connecting to the service include:

  • set-up, configuration and security checks of any site gatekeeper used;
  • set-up, configuration and security checks of any site proxy and/or firewall;
  • security of the site H.323 videoconferencing studio;
  • deployment of switched Ethernet paths to the studio and for network management;
  • physical security of the H.323 terminal;
  • lockdown of configuration options for the H.323 terminal;
  • ensuring any site gatekeeper is manually configured, not using multicast discovery;
  • liaising with the Regional Networks for QoS provision where required.

Further site-specific issues are described in Appendix A.

The JANET Videoconferencing Management Centre is responsible for performing site (studio) tests for quality assurance.

Risk assessment

The following table shows some recommendations and suggested risk assessment considerations. This is not an exhaustive list; sites should perform their own assessment exercises.

Threat

Likelihood

Impact

Countermeasures

Theft of system

Low

High

Physical security, alarms, CCTV.

Unauthorised use of system.

Low

Low

Security controls on dedicated device or passwords on PC system.

Unauthorised monitoring of an H.323 session.

Low

Variable, depending on nature of conference.

Use of encryption methods: e.g. H.235, VPNs, IPSec.

Use of switched Ethernet.

Do not publish future sessions.

Unauthorised joining of an H.323 session.

Low

Variable, depending on nature of conference.

Controls at the gatekeeper/MCU.

Do not publish future sessions.

Network adapter/cable problems causing poor performance.

High

High

Test physical cabling.

Check duplex/speed settings.

Gatekeeper ceases to function through hardware or failure.

Low

High

Offer redundant gatekeeper devices to avoid single point of failure problem.

User at client terminal is an impostor.

Very Low

Variable.

Unlikely to be required as the person should be recognisable visually, so the threat is very low.

Figure 7: H.323 risk assessment threats

Videoconferencing
H323
security
summary
site setup
recommendations
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo