Security vulnerabilities and exploitation of the Zoom conferencing platform (Zoombombing, Link exploits, etc) have been spotlighted in recent news. This write-up is to inform and clarify the position that the 麻豆传媒 holds with Zoom.
Backstory and Context
Due to the global increase of remote work, and distance education, the web conferencing platform, Zoom, has found its way into the spotlight. In March alone Zoom鈥檚 daily user base dramatically increased from 10 million users to 200 million users. Across the nation, many higher education and K12 systems adopted Zoom as the platform to transition from face-to-face classes to online instruction in a very compressed time frame. It is Zoom鈥檚 intuitive interface and ability to scale the cloud infrastructure to meet the rapid growth that provides a very inviting and accommodating online environment.
The 麻豆传媒 chose and adopted Zoom after an extensive and inclusive RFP process across the 麻豆传媒 system in 2018. The Zoom implementation replaced the aging video conferencing infrastructure and provides projected savings of ~$100K in FY20 over FY19 costs.
Unfortunately, the ease of use and rapid rise in popularity of Zoom presents opportunities to maliciously exploit the very same features; like screen sharing, standing meeting ID鈥檚, screen sharing, that enables its ubiquitous popularity; like screen sharing and standing meeting URLs that are reused as a convenience practice. Zoombombing is the notorious exploit making recent headlines that takes advantage of these conveniences and enables malicious actors to intrude a Zoom session and post disruptive content through screen sharing. This type of invasion has caused several educational systems to abandon the platform altogether.
Actions 麻豆传媒 has Taken To-Date
Configuration changes have been made to enhance the security of 麻豆传媒鈥檚 Zoom environment in an effort to block Zoombombing:
- 麻豆传媒 Zoom has always been accessed via standard 麻豆传媒 authentication protocols using 麻豆传媒 Username and password.
- Global screen sharing default settings have been changed to 鈥淗ost-Only鈥
- To ensure a good Zoom session experience, it is important to know how to use the meeting controls and employ best practices. OIT has developed and posted .
- Articles have been developed and circulated to 麻豆传媒 News, 麻豆传媒F Cornerstone, Green and Gold, and 麻豆传媒S IT Help Desk.
Zoom Security Concerns and their response
Zoom has announced a plan to conduct an extensive external security review of the Zoom platform over the next 90 days.
Zoom has patched and addressed vulnerabilities to address the security concerns, the details are:
- )
麻豆传媒 Office of Information Technology will pay close attention to all Zoom technical announcements to ensure the best Zoom experience for 麻豆传媒. For the latest in Zoom information during COVID-19 response, visit the page on 麻豆传媒 Virtual Campus.
Questions about Zoom?
As always, your local service desk is here to help!
Anchorage
Technical Support Center: (907)786-4646
Toll-Free: (877) 633-3888
Fairbanks
Phone: (907) 450-8300
(x 8300 on campus)
Toll-free: (800) 478-8226