• Advisory services
  • Consultations
  • Network and technology policies
  • Network and technology service docs
  • Using Jisc community
  • Network and technology service docs
  • Domain name registration
  • How to sign up
  • Janet Support Manual
  • Janet CSIRT
  • Back-up services
  • eduroam
  • Backup Web Hosting
  • Certificate Service
  • Connection timeline
  • Eligibility
  • Janet 3G Buyer's Guide
  • Janet 3G eduroam interoperablity authentication methods
  • Janet Mail Services
  • Janet Network Charges
  • Janet Reach
  • Janet Videoconferencing Feedback results
  • Primary connections
  • Supporting Business Continuity
  • Business and Community Engagement (BCE) using Janet
  • Cost
  • Interconnect connections
  • Connecting student accommodation
  • Customer-owned routing equipment
  • Obtaining a Janet IP Address Range
  • Terms for the Provision of the Janet Service
  • Upgrading your existing bandwidth and Janet router
  • Fault reporting
  • IP address assignment
  • Janet Aurora
  • Janet Netsight
  • Janet txt
  • Routers
  • Network set-up
  • Guest access
  • Network time service
  • Training
  • Contact
  • Primary Nameserver Service
  • Secondary Nameserver Service
  • Vscene
  • Vscene
  • Vscene updates and revisions
  • Login Options
  • Jisc and Ajenta partnership FAQ
  • Learn more about Vscene
  • Vscene Help and user guides
  • Videoconferencing service policies
  • ISDN
  • Content providers
  • Technical documentation
  • Technical details
  • Technical documentation
  • Archive
  • NAT, Firewalls and videoconferencing - H.323 Border Traversals
  • Security guide for H.323
  • Guide to reliable campus H.323 networks
  • Configuring a Gatekeeper to use with Janet VideoConferencing
  • Videoconferencing standards
  • Video Displays, Signals and Formats
  • Videoconferencing Quality
  • Janet Videoconferencing Service check
  • ISDN Dialup
  • IP Videoconferencing
  • Datasharing on Janet VideoConferencing Service
  • Global Dialing Scheme explained
  • Registering a Gatekeeper with the Global Dialing Service
  • Joining a Vscene session to a 3rd party MCU
  • Security guide for H.323
  • H.323 security in perspective
  • From ISDN to IP
  • Overview of H.323 security issues
  • H.323 site deployment
  • H.323 device security
  • Call snooping, recording and unwanted guests
  • Encryption, IP security (IPsec) and VPNs
  • Firewalls and proxies
  • Summary of site setup recommendations
  • Conclusion
  • References
  • Appendix A - Deployment Security Checklist

Conclusion

Download as PDFDownload as PDF

Contents

Network and technology service docs

This document has presented a discussion of the security issues involved with deploying a site H.323 videoconferencing service. While many sites may see their H.323 videoconferencing facilities function perfectly well without giving much, if any, consideration to security, security is invariably only as good as the weakest link. Thus it is important that any site involved in a videoconferencing session applies best security practice, as described by the JANET CERT team [JCERT], just as it would do for all other IP-connected devices.

However, while there are many security measures that could be taken to protect an H.323 service, the reader should bear in mind the measures taken in comparable applications such as e-mail and FTP. It is very rare for PGP encryption to be used for e-mail, and likewise most FTP users are not even aware that there is a secure counterpart (SFTP) which offers encryption (of the data, and perhaps more importantly the username and password in transit). Thus we should not expect H.323 encryption to be widely used, if at all, unless the conference subject matter is highly confidential or sensitive.

The VTAS service is available for further questions beyond this document, which itself will be revised with experience as the JVCS-IP service matures.

  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo