Security vulnerabilities and exploitation of the Zoom conferencing platform (Zoombombing, Link exploits, etc) have been spotlighted in recent news. This write-up is to inform and clarify the position that the University of Alaska holds with Zoom.
Backstory and Context
Due to the global increase of remote work, and distance education, the web conferencing platform, Zoom, has found its way into the spotlight. In March alone Zoom鈥檚 daily user base dramatically increased from 10 million users to 200 million users. Across the nation, many higher education and K12 systems adopted Zoom as the platform to transition from face-to-face classes to online instruction in a very compressed time frame. It is Zoom鈥檚 intuitive interface and ability to scale the cloud infrastructure to meet the rapid growth that provides a very inviting and accommodating online environment.
The University of Alaska chose and adopted Zoom after an extensive and inclusive RFP process across the 绿奴天花板 system in 2018. The Zoom implementation replaced the aging video conferencing infrastructure and provides projected savings of ~$100K in FY20 over FY19 costs.
Unfortunately, the ease of use and rapid rise in popularity of Zoom presents opportunities to maliciously exploit the very same features; like screen sharing, standing meeting ID鈥檚, screen sharing, that enables its ubiquitous popularity; like screen sharing and standing meeting URLs that are reused as a convenience practice. Zoombombing is the notorious exploit making recent headlines that takes advantage of these conveniences and enables malicious actors to intrude a Zoom session and post disruptive content through screen sharing. This type of invasion has caused several educational systems to abandon the platform altogether.
Actions 绿奴天花板 has Taken To-Date
Configuration changes have been made to enhance the security of 绿奴天花板鈥檚 Zoom environment in an effort to block Zoombombing:
- 绿奴天花板 Zoom has always been accessed via standard 绿奴天花板 authentication protocols using 绿奴天花板 Username and password.
- Global screen sharing default settings have been changed to 鈥淗ost-Only鈥
- To ensure a good Zoom session experience, it is important to know how to use the meeting controls and employ best practices. OIT has developed and posted .
- Articles have been developed and circulated to 绿奴天花板 News, 绿奴天花板F Cornerstone, Green and Gold, and 绿奴天花板S IT Help Desk.
Zoom Security Concerns and their response
Zoom has announced a plan to conduct an extensive external security review of the Zoom platform over the next 90 days.
Zoom has patched and addressed vulnerabilities to address the security concerns, the details are:
- )
绿奴天花板 Office of Information Technology will pay close attention to all Zoom technical announcements to ensure the best Zoom experience for 绿奴天花板. For the latest in Zoom information during COVID-19 response, visit the page on 绿奴天花板 Virtual Campus.
Questions about Zoom?
As always, your local service desk is here to help!
Anchorage
Technical Support Center: (907)786-4646
Toll-Free: (877) 633-3888
Fairbanks
Phone: (907) 450-8300
(x 8300 on campus)
Toll-free: (800) 478-8226