Transcription
Web Conferencing: Unleash the Power of Secure Real-Time CollaborationWhite PaperCisco PublicWeb Conferencing: Unleashthe Power of Secure Real-TimeCollaboration 2016 Cisco and/or its affiliates. All rights reserved.1
Web Conferencing: Unleash the Power of Secure Real-Time CollaborationWhite PaperCisco PublicIntroductionCisco WebEx online solutions help enable global employees and virtual teams tocollaborate in real time as though they were working in the same room. Businesses,institutions, and government agencies worldwide rely on Cisco WebEx solutions. Thesesolutions help simplify business processes and improve results for sales, marketing,training, project management, and support teams.For all of these companies and agencies, security is a fundamental concern. Onlinecollaboration must provide multiple levels of security for tasks that range fromscheduling meetings to authenticating participants to sharing documents.Cisco makes security the top priority in the design, development, deployment, andmaintenance of its networks, platforms, and applications. You can incorporate CiscoWebEx solutions into your business processes with confidence, even with the mostrigorous security requirements.This paper provides details about the security measures of Cisco WebEx and itsunderlying infrastructure to help you with an important part of your investment decision.Note: The terms “Cisco WebEx” and “Cisco WebEx meeting sessions” refer to theintegrated audio conferencing, Internet voice conferencing, and video conferencingused in all Cisco WebEx online products. Unless otherwise specified, the securityfeatures we describe pertain equally to all the Cisco WebEx applications discussed inthis paper.What You Will LearnThis paper describes the security features of Cisco WebEx centers and related services. It discusses thetools, processes, and engineering that help customers confidently collaborate on the Cisco WebEx platform.The paper covers: Cisco WebEx Meeting Center Cisco WebEx Event Center Cisco WebEx Training Center Cisco WebEx Support Center (including Cisco WebEx Remote Access) Cisco Collaboration Meeting Rooms Cloud Cisco WebEx Cloud Connected AudioCisco WebEx Security ModelCisco remains firmly committed to maintaining leadership in cloud security. Cisco’s Security and TrustOrganization works with teams throughout our company to build security, trust, and transparency into aframework that supports the design, development, and operation of core infrastructures to meet the highestlevels of security in everything we do. 2016 Cisco and/or its affiliates. All rights reserved.2
Web Conferencing: Unleash the Power of Secure Real-Time CollaborationWhite PaperCisco PublicThis organization is also dedicated to providing our customers with the information they need to mitigate andmanage cybersecurity risks.The Cisco WebEx security model (Figure 1) is built on the same security foundation deeply engraved inCisco’s DNA.The Cisco WebEx team consistently follows the foundational elements to securely develop, operate, andmonitor Cisco WebEx services. We will be discussing some of these elements in this document.Figure 1. Cisco Security ModelApplication SecurityCryptographyAdministartive ControlsEnd-User ControlsData Center SecurityPhysical SecurityInfrastructure and Platform SecurityCisco Security and TrustTools/Processes to securelydevelop, and operateOrganizational structure to instillsecurity in Cisco DNA16ISOCertifiedOperational Excellence and MonitoringMultilayer Security ModelSSAE“Security and trust will differentiate Cisco as the number one IT company”Cisco Security and TrustCisco Security Tools and ProcessesHaving dedicated teams to build and provide suchtools takes away uncertainty from the process ofproduct development.Cisco Secured Development LifecycleSome examples of such tools are:At Cisco, security is not an afterthought but adisciplined approach to building and deliveringworld-class products and services from the groundup. All Cisco product development teams arerequired to follow the Cisco Secure DevelopmentLifecycle. It is a repeatable and measurableprocess designed to increase the resiliency andtrustworthiness of Cisco products. The combinationof tools, processes, and awareness trainingintroduced in all phases of the developmentlifecycle helps ensure defense in depth. It alsoprovides a holistic approach to product resiliency.The Cisco WebEx Product Development teampassionately follows this lifecycle in every aspect ofproduct development.Please read more about the Secure DevelopmentLifecycle here.Cisco Foundational Security ToolsThe Cisco Security and Trust Organization providesnot only the process but also the necessary toolsthat give every single developer the ability to take aconsistent position when facing a security decision. 2016 Cisco and/or its affiliates. All rights reserved. Product security baseline (PSB) requirementsthat products must comply with Threat-builder tools used during threat modeling Coding guidelines Validated or certified libraries that developers canuse instead of writing their own security code Security vulnerability testing tools (for static anddynamic analysis) used after development to testagainst security defects Software tracking that monitors Cisco andthird-party libraries and notifies the productteams when a vulnerability is identifiedOrganizational Structure That Instills Securityin Cisco DNACisco has dedicated departments in place to instilland manage security DNA throughout the entirecompany. To constantly stay abreast of securitythreats and challenges, Cisco relies on: Cisco Information Security (InfoSec) Cloud team Cisco Product Security Incident ResponseTeam (PSIRT) Shared security responsibility3
Web Conferencing: Unleash the Power of Secure Real-Time CollaborationWhite PaperCisco PublicCisco InfoSec CloudSecurity ResponsibilityLed by the chief security officer for cloud, this teamis responsible for delivering a safe Cisco WebExenvironment to our customers. InfoSec achieves thisby defining and enforcing security processes andtools for all functions involved in the delivery of CiscoWebEx into our customers’ hands.Although every person in the Cisco WebEx team isresponsible for security, the following are the mainroles accountable for it:Additionally, Cisco InfoSec Cloud works with otherteams in Cisco to respond to any security threats toCisco WebEx.Cisco InfoSec is also responsible for continuousimprovement in Cisco WebEx’s security posture.Cisco Product Security Incident ResponseTeam (PSIRT)Cisco PSIRT is a dedicated global team thatmanages the inflow, investigation, and reportingof security issues related to Cisco products andservices. PSIRT uses different mediums to publishinformation depending on the severity of the securityissue. The type of reporting varies according to thefollowing conditions: Software patches or workarounds exist toaddress the vulnerability, or a subsequentpublic disclosure of code fixes is plannedto address high-severity vulnerabilities. PSIRT has observed active exploitation of avulnerability that could lead to a greater riskfor Cisco customers. PSIRT may acceleratethe publication of a security announcementdescribing the vulnerability in this casewithout full availability of patches. Public awareness of a vulnerability affecting Ciscoproducts may lead to a greater risk for Ciscocustomers. Again, PSIRT may alert customerseven without full availability of patches.In all cases, PSIRT discloses the minimum amountof information that end users will need to assessthe impact of a vulnerability and to take stepsneeded to protect their environment. PSIRT uses theCommon Vulnerability Scoring System (CVSS) scaleto rank the severity of disclosed issue. PSIRT doesnot provide vulnerability details that could enablesomeone to craft an exploit.To learn more about PSIRT, please visit cisco.com/go/psirt. 2016 Cisco and/or its affiliates. All rights reserved. Chief security officer, Cloud Vice president and general manager, Cisco CloudCollaboration Applications Vice president, Engineering, Cisco CloudCollaboration Applications Vice president, Product Management, Cisco CloudCollaboration ApplicationsInternal and External Penetration TestsThe Cisco WebEx team conducts rigorouspenetration testing regularly, using internalassessors. Beyond its own stringent internalprocedures, Cisco InfoSec also engages multipleindependent third parties to conduct rigorous auditsagainst Cisco internal policies, procedures, andapplications. These audits are designed to validatemission-critical security requirements for bothcommercial and government applications. Cisco alsouses third-party vendors to perform ongoing, indepth, code-assisted penetration tests and serviceassessments. As part of the engagement, a thirdparty performs the following security evaluations: Identifying critical application and servicevulnerabilities and proposing solutions Recommending general areas forarchitectural improvement Identifying coding errors and providingguidance on coding practice improvementsThird-party assessors work directly with the CiscoWebEx engineering staff to explain findings andvalidate the remediation. As needed, CiscoInfoSec can provide a letter of attestation fromthese vendors.Cisco WebEx Data CenterSecurityCisco WebEx is a software-as-a-service (SaaS)solution delivered through the Cisco WebEx Cloud,a highly secure service-delivery platform withindustry-leading performance, integration, flexibility,scalability, and availability. The Cisco WebEx Cloudis a communications infrastructure purpose built forreal-time web communications.4
Web Conferencing: Unleash the Power of Secure Real-Time CollaborationWhite PaperCisco PublicCisco WebEx meeting sessions use switchingequipment located in multiple data centers aroundthe world. These data centers are strategicallyplaced near major Internet access points and usededicated high-bandwidth fiber to route trafficaround the globe. Cisco operates the entireinfrastructure within the Cisco WebEx Cloud withindustry-standard enterprise security.Additionally, Cisco operates network point-ofpresence (PoP) locations that facilitate backboneconnections, Internet peering, global site backup,and caching technologies to enhance performanceand availability for end users.Physical SecurityAll systems undergo a thorough security review andacceptance validation prior to production deployment.Servers are hardened using the Security TechnicalImplementation Guidelines (STIGs) published bythe National Institute of Standards and Technology(NIST). Firewalls protect the network perimeter andfirewalls. Access control lists (ACLs) segregatethe different security zones. There are intrusiondetection systems (IDSs) in place, and activitiesare logged and monitored on continuous basis.There are daily internal and external security scansof Cisco WebEx Cloud. All systems are hardenedand patched as part of the regular maintenance.Additionally, vulnerability scanning and assessmentsare performed continuously.Physical security at the data center includes videosurveillance for facilities and buildings and enforcedtwo-factor identification for entry. Within Cisco datacenters, access is controlled through a combinationof badge readers and biometric controls. In addition,environmental controls (for example, temperaturesensors and fire-suppression systems) and servicecontinuity infrastructure (for example, power backup)help ensure that systems run without interruption.Service continuity and disaster recovery are criticalcomponents of security planning. Cisco datacenter’s global site backups and high-availabilitydesign help enables the geographic failover of CiscoWebEx services. There is no single point of failure.Within the data centers are also “trust zones,”or segmented access to equipment based oninfrastructure sensitivity. For example, databases are“caged”: the network infrastructure has dedicatedrooms and racks are locked. Only Cisco securitypersonnel and authorized visitors accompanied byCisco personnel can enter the data centers.CryptographyCisco’s production network is a highly trustednetwork: only very few people with high trust levelshave access to the network.Infrastructure and Platform SecurityPlatform security encompasses the security of thenetwork, systems, and the overall data center withinthe Cisco Collaboration Cloud. All systems undergoa thorough security review and acceptance validationprior to production deployment, as well as regularongoing hardening, security patching, and vulnerabilityscanning and assessment.Cisco WebEx ApplicationSecurityEncryption at Run TimeAll communications between Cisco WebExapplications and Cisco WebEx Cloud occur overencrypted channels. Cisco WebEx supports the TLS1.0, TLS 1.1, and TLS 1.2 protocols and uses highstrength ciphers (for example, AES 256).1After a session is established over TLS, all mediastreams (audio VOIP, video, screen share, anddocument share) are encrypted.2User Datagram Protocol (UDP) is the preferredprotocol for transmitting media. In UDP, mediapackets are encrypted using AES 128. Theinitial key exchange happens on a TLS-securedchannel. Additionally, each datagram uses hashedbased message authentication code (HMAC) forauthentication and integrity.Actual encryption protocol and strength depend on the OS and browser settings, based on which a host negotiates connections withCisco WebEx.1Users connecting to a CMR Cloud meeting using a third-party video endpoint may be sending and receiving unencrypted mediastreams. Configuring your firewall to prevent unencrypted traffic to and from Cisco WebEx helps keep your meetings safe. However,allowing attendees outside your firewall to join your meeting using third-party devices can still send your meeting data unencrypted onthe Internet.2 2016 Cisco and/or its affiliates. All rights reserved.5
Web Conferencing: Unleash the Power of Secure Real-Time CollaborationWhite PaperCisco PublicEnd-to-End Encryption (E2E)Media streams flowing from a client to Cisco WebExservers are decrypted after they cross the CiscoWebEx firewalls. Cisco can then provide networkbased recordings, and all media streams can berecorded for future reference. Cisco WebEx thenre-encrypts the media stream before sending it toother clients. However, for businesses requiring ahigher level of security, Cisco WebEx also providesend-to-end encryption. With this option, CiscoWebEx Cloud does not decrypt the media streams.As it does for normal communications, it establishesa TLS channel for client-server communication.Additionally, all Cisco WebEx clients generate keypairs and send the public key to the host’s client.The host generates a random symmetric key usinga cryptographically strong secure pseudo-randomnumber generator (CSPRNG), encrypts it usingthe public key that the client sends, and sends theencrypted symmetric key back to the client.The traffic generated by clients is encrypted usingthe symmetric session key. In this model trafficcannot be deciphered by the Cisco WebEx server.This end-to-end encryption option is available forCisco WebEx Meeting Center and Cisco WebExSupport Center. Note that when end-to-endencryption is enabled, the following features arenot supported: Network-based recordings Join Before Host Collaboration Meeting Rooms (CMR) CloudDifferent CiphersCisco WebEx supports following cipher suites forsecured communications. Cisco WebEx will allowthe strongest possible cipher for the customer’senvironment.Cipher SuitesBit LengthTLS RSA WITH AES 256 CBC SHA (0x35)256TLS RSA WITH AES 128 CBC SHA (0x2f)128TLS ECDHE RSA WITH RC4 128 SHA (0xc011) ECDHsecp256r1 (eq. 3072 bits RSA) FS128TLS ECDHE RSA WITH 3DES EDE CBC SHA (0xc012) ECDHsecp256r1 (eq. 3072 bits RSA) FS112TLS ECDHE RSA WITH AES 128 CBC SHA (0xc013) ECDHsecp256r1 (eq. 3072 bits RSA) FS128TLS ECDHE RSA WITH AES 256 CBC SHA (0xc014) ECDHsecp256r1 (eq. 3072 bits RSA) FS256TLS RSA WITH AES 128 GCM SHA256 (0x9c)128TLS RSA WITH AES 256 GCM SHA384 (0x9d)256TLS ECDHE RSA WITH AES 128 GCM SHA256 (0xc02f) ECDHsecp256r1 (eq. 3072 bits RSA) FS128TLS ECDHE RSA WITH AES 256 GCM SHA384 (0xc030) ECDHsecp256r1 (eq. 3072 bits RSA) FS256TLS ECDHE RSA WITH AES 128 CBC SHA256 (0xc027) ECDHsecp256r1 (eq. 3072 bits RSA) FS128 2016 Cisco and/or its affiliates. All rights reserved.6
Web Conferencing: Unleash the Power of Secure Real-Time CollaborationWhite PaperCisco PublicCipher SuitesBit LengthTLS ECDHE RSA WITH AES 256 CBC SHA384 (0xc028) ECDHsecp256r1 (eq. 3072 bits RSA) FS256TLS RSA WITH AES 256 CBC SHA256 (0x3d)256TLS RSA WITH AES 128 CBC SHA256 (0x3c)128TLS RSA WITH RC4 128 MD5 (0x4)128TLS RSA WITH RC4 128 SHA (0x5)128TLS RSA WITH 3DES EDE CBC SHA (0xa)112Protecting Data at RestWhen configured by the customer to do so, CiscoWebEx stores meeting and user data that may becritical to your business. Cisco WebEx uses followingsafeguards to protect data at rest: Splits the recording and stores the audio,video, and data share streams separately3 Stores all user passwords using SHA-2(one-way hashing algorithm) and salts Encrypts passwordsCisco WebEx Role-Based AccessCisco WebEx application behavior is built from theground up around five roles, each of which is granteddifferent privileges. They are described below.HostThe host schedules and starts a Cisco WebExmeeting. The host controls the meeting experiencefor everyone and makes relevant decisions whilescheduling the meeting and during it.The site administrator (a role described later) canmandate many of these controls. If they are notmandated, then the host can make choices on howto secure meetings.Alternate HostWhile scheduling, the host can assign alternatehosts, who can start the meeting in lieu of the hostand essentially have the same set of privileges asthe host.A host can also pass on his or her privileges toanother user during the meeting. With respect tosecurity, there is no difference between the hostand alternate host.PresenterA presenter can share presentations, specificapplications, or an entire desktop. The presentercontrols the annotation tools. From a securitystandpoint, the presenter can grant and revokeremote control over the shared applications anddesktop to individual attendees.Panelist (in Training and Event Centers Only)A panelist is primarily responsible for helping thehost and presenter keep the event running smoothly.Any number of attendees can be panelists. Thehost may ask panelists to serve as subject matterexperts, viewing and answering attendee questionsin a Q&A session; respond to public and private chatmessages; annotate shared content; or managepolls as the polling coordinator.AttendeeAttendees have no security responsibilities orprivileges unless they are assigned the presenter orhost role. Ultimately, the site administrator and thehost can allow an attendee to grab the Cisco WebExball (presenter role) anytime in the course of themeeting. This setting is off by default.Split storage of recording is applicable only to native recording formats. If your site is configured to use CMR Cloud, then meetingswhose attendees join using video endpoints are recorded as MP4. All MP4 recordings are stored as a single stream.3 2016 Cisco and/or its affiliates. All rights reserved.7
Web Conferencing: Unleash the Power of Secure Real-Time CollaborationWhite PaperCisco PublicSite AdministratorThis role is authorized for managing accounts aswell as for managing and enforcing policies ona site basis or per-user basis. The administratorcan choose the Cisco WebEx capabilities that areavailable to all other roles and users.Administrative CapabilitiesCisco WebEx has granular site administrationcapabilities to effectively align your Cisco WebEx sitewith your business needs. This section describesthe main security-related features. For furtherinformation on all security features, please refer tothe Cisco WebEx site administration guide here.Account Management
Cisco Secured Development Lifecycle At Cisco, security is not an afterthought but a disciplined approach to building and delivering world-class products and services from the ground up. All Cisco product development teams are
