Advisory-Zoom use for meetings, trainings etc.

Use of online meeting platforms like Zoom and Cisco Webex etc have seen a tremendous jump in conducting conferences, remote meetings and imparting education in the wake of COVID-19 lockdown across the world. Most of the users of these platforms are not aware of the correct way to configure these platforms to ensure security.

2.   Recently various vulnerabilities and weaknesses have been reported in one of the most popular platform zoom. In present scenario, it may not be possible for all the sectors to stop using Zoom. Therefore, a comprehensive, graphical configuration setting has been prepared by CyCord Center for secure use of the platform.

3.  Broad objective of enabling/disabling these settings is to

·       prevent unauthorised entry in the conference room

·       prevent an authorised participant to carry out malicious activities on the terminals of others in the conference.

·       Avoid DOS attack by restricting users through passwords and access grant.

4.   Most of the settings can be done by logging into users zoom account at website, or installed application at PC/Laptop/Phone and also during conduct of conference. However certain settings are possible through certain mode/channel only. For example lock meeting can be enabled by administrator only when the meeting has started. This documents explains in details all the security configuration through website, App and through console during the conference.

Objective of security configurations:

1.    Setting new user ID and password for each meeting

2.    Enabling waiting Room, so that every user can enter only when host conducting meeting admits him

3.    Disabling join before host

4.    Allowing Screen Sharing by host Only

5.    Disabling “Allow removed participants to re-join”

6.    Restricting/disabling file transfer option (if not required)

7.    Locking meeting, once all attendees have joined

8.    Restricting the recording feature

9.    To end meeting (and not just leave, if you are administrator)

Section 1: Security Configuration Through website

1.  Logging into zoom Website: https://zoom.us/ by entering your account credentials

2.  After login, page looks like this. Three important and useful links are shown in red boxes, profile, setting and personal meeting ID

4.  Click the setting on home page and keep on scrolling down the window and make necessary configuration as shown in figures below. Only important ones are marked in red boxes and others could be anything

Section 2: Security Configuration Through App

1.  Zoom meeting App when launched look like this:

2.  Update your App: First and fore most important thing is to update your Zoom App:

·       click menu -> navigate to check for update -> click

3.  Set a password for personal meeting ID and enable waiting

·       click edit in meeting as shown below

·       Check password box, enter a strong password, check enable waiting window etc. desirable settings are shown in red boxes and click save

4.  Avoid conducting meeting by using Personal Meeting ID (PMI).

Clicking on start as shown below will start a meeting with personal meeting ID and password set by user as shown above. In this case PMI: 3452161630 and password: Sc@3Q*

Problem in suing personal meeting ID is that with PMI and password is fixed. It does not automatically change with every new meeting.

5.   Conduct a new meeting with randomly generated ID and password instead of fixed one as shown above

·        Click on home

·        Click New Meeting drop down as shown below

·        Un-check use My Personal Meeting ID (PMI), if not already done

·       Click new meeting icon to start a new meeting

·       Once Meeting has started, you will see your meeting ID and password by clicking left top icon below. it will be random and change with every new meeting.

6.  Scheduling     a   meeting  with  randomly  generated  ID   and password

·       Click schedule as shown below

·       The window as shown below will open up

·       After clicking advanced Options shown in above window following expansion will open and do setting as shown below.

6.     Lock the meeting session, once all attendees have joined

·       Once meeting is in progress, control bar looks like this

·       Click Security and click on Lock Meeting, if all your participants have joined. you can enable waiting room from here also. you can also disable share screen by users from here