Given the widespread use of conference call solutions, attackers’ efforts to exploit weaknesses in these applications are identified.
It is vitally important to implement a number of precautionary measures outlined in the following specific ZOOM application link – https://www.bleepingcomputer.com/news/software/how-to-secure-your-zoom-meetings-from-zoom-bombing-attacks/
The explanations are accompanied by screenshots for easy application of the precautionary rules
The following is a list of rules described in this article:
1. Protect your session password.
2. Using WAITING ROOM for meetings of a confidential / sensitive nature and locking the meeting after everyone has joined. This section is not applicable for lectures with large number of participants
3. Use the latest version (keep up to date) of the ZOOM application and only from the official website of the manufacturer. Technion.zoom.us
4. Be very careful sharing your personal meeting room – see below
5. Allow screen sharing of the host only, unless the nature of the meeting requires otherwise.
6. Do not publicly share meeting screen shots or confidential / sensitive meeting invitations.
Additional security measures
1. Ensuring that you do not post a link to a meeting: A link that is publicly posted exposes the meeting to people who were not invited to it. We have witnessed cases where uninvited guests “invaded” the meeting and interrupted its course.
2. Restrict screen sharing to HOST only: If the meeting host does not restrict screen sharing, anyone may take advantage of it and interfere with the proper course of the meeting.
3. In meetings where it is possible or necessary do restrict participation to Technion accounts only: this restriction will only allow Technion account holders to join the meeting.
4. Restrict entry from certain regions or countries: in today’s global world this is not always possible but can certainly prevent “invasion” from unwanted regions.
5. Restricting the CHAT with HOST only: This can help prevent nasty notes, etc., but of course hurts the experience of the participants in the meeting.
6. MUTE everyone and prevent participants from UNMUTING themselves: This can help prevent interruptions during the session by “intruders”.
During the meeting, click on “Participants” in the Zoom meeting control bar. At the bottom of the participants panel click “Mute All.” Then, uncheck the “Allow participants to unmute themselves” to prevent participants from talking in the meeting.
Personal meeting room
Your Personal Meeting Room is a virtual meeting room permanently reserved for you that you can access with your Personal Meeting ID (PMI) or personal link, if applicable. You can start instant meetings with your PMI, or you can schedule a meeting that uses your PMI.
Your Personal Meeting Room is ideal for use with people you meet with regularly. However, because it is always accessible with the same Meeting ID and personal link, it should not be used for back-to-back meetings or people you do not meet with regularly. Once a participant has the link to your PMI, they can join it at any time the meeting is in use, unless you lock the meeting or use the Waiting Room feature to admit participants individually.
Consider Use a random meeting ID: It’s best practice to generate a random meeting ID for your meeting, so it can’t be shared multiple times. This is more secure alternative to using your Personal Meeting ID, which is not advised because it’s basically an ongoing meeting that’s always running.
Join before host allows attendees to join the meeting before the host joins or when the host cannot attend the meeting.
If you select join before host, then the participants can join the meeting before the host joins or without the host. If you do not select join before host, the participants will see a pop up dialog that says “The meeting is waiting for the host to join.” If you are the host, there is a login button to login and start the meeting as the host.
Registration Required – Scheduling a meeting that requires registration will allow you to have your participants register with their e-mail, name, other questions, and custom questions. You can also generate meeting registration reports if you want to download a list of people that registered
Zoom invite directly from OUTLOOK
Please be aware of 2 buttons for ZOOM meetings in OUTLOOK
If you want to define settings for the meeting, you should use the Settings button
Among other settings you could set up a passcode for the meeting