How to secure your zoom meetings
- The smoldering COVID-19 pandemic is causing more and more meetings, training and lectures to take place online
- Among other things, the Zoom solution is extremely popular
- Attackers are increasingly targeting them
- Various measures can be taken to prevent zoom meetings from being compromised or adopted
The corona virus is changing our society. A very concrete change affects our working life, which in many cases has now been forced to move to virtual space. As video conferencing increases, attacks on them become more and more interesting. This article continues with securing the product zoom apart. This is to prevent third parties from compromising and taking over corresponding meetings.
Zoom is a system for video conferencing, web conferencing and webinars. The simple use and the multitude of possible uses make it particularly attractive. Schools in particular rely on this solution. Many teachers and lecturers are very challenged with the rapid changeover to virtual lessons, which can understandably lead to the fact that a technically safe setup is neglected. If these are not specifically optimized, third parties can interfere with the meetings. This interference, known as #Zoombombing, requires more attention.
The following advice applies to the desktop version of Zoom. The settings on mobile devices, e.g. on Android, deviate from this description and are sometimes difficult to find. Hosts of a meeting are discouraged from using mobile devices.
After the Zoom Client has been started, meetings can be joined (Participate) and scheduled (Meeting Planning). By choosing New meeting a new meeting can be started. However, this is not recommended for safety reasons.
Instead, click on the little arrow New meeting clicked to open the context menu (desktop version). This will be the first Use My Personal Meeting ID activated in order to then configure this personal space further down.
First, the option should be Require meeting password to be activated. If you want to enter the room, you have to enter the now defined password. As usual, it is worth using a password that is as long and complex as possible to prevent guessing it.
Unfortunately, Zoom limits the possibilities. A password can have a maximum of 10 digits and cannot contain any special characters – for example exclamation marks or commas. However, allows star, at sign, hyphen and underscore.
In addition, the waiting room should be activated by the option Waiting room release is selected. The waiting room is more or less like a lobby, in which everyone who wants to join the meeting can be found first.
The host can then bring the participants from this waiting room into the meeting. To do this, he must have the function Attendees call. If unwanted participants appear in the lobby, they do not have to be admitted. If a participant has nevertheless been admitted and proves to be disturbing, they can be muted or sent back to the lobby.
In principle, everyone can now join the meeting if they have their ID or URL as well as the secret password. It is not necessary to create a zoom account.
To prevent attackers from acting with little effort and with a certain degree of anonymity, see below Expanded options be opened. The entry can be found there Only authorized users can participate: Sign in to Zoom. As soon as this is activated, a regular zoom account is required to participate in the meeting. The user must therefore register with a valid email address and log in with it before access.
Once the meeting has been created, these options cannot be changed. This is only possible before a meeting has been created. However, the settings can be changed as desired. The choice of password in particular should be adjusted regularly.
Once a meeting has been successfully established with all participants, it can be locked. At the same place where the participants (manage participants) can be managed, click below More be clicked to open another context menu. The entry can be found there Block meeting, with which the current constellation is permanently established. No other participants can now join the meeting. If this should still be possible temporarily, this setting must be deactivated.
When the meeting starts, the other participants can join. By default, everyone is able to share their screen. This can of course be misused, which is why it is advisable to switch off this release.
At the bottom, click on the arrow next to the icon for Share screento add the entry in the context menu Advanced sharing options to select. This opens a new window in which the sharing settings can be made. At Who can share? should be on Host only change.
When screen sharing takes place, so-called Annotations Be made. All participants can mark any places with a pen and make comments. To limit the abuse here, the mouse can be moved to the top of the split screen to display the menu. You choose on the far right Moreto display the context menu.
In a first step you can Show names of commentators to be activated. As a result, all doodles are given the name of the corresponding author. Anonymous smears are no longer possible.
However, it is advisable to turn off annotation for everyone. The entry can be found in the same place Deactivate annotation of participants. If this setting is activated, only the host can add appropriate notes.
Securing newly available products is not always easy when there is no experience. The new situation that video conferencing is used in many places is overwhelming. Zoom actually offers a number of setting options to make life difficult for attackers. It is a pity that these are not established as standard, but that you have to use them manually. Once you understand this and do it correctly, you no longer have to be afraid of compromising or taking over meetings.
About the authors