asked on

Zoom Security

The site is a daycare (little kids) provide remote face time. Given the news reports about Zoom, can it be made safe? Or, what are the alternatives?

ASKER CERTIFIED SOLUTION

ste5an

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

David Favor

There is no way to make China Zoom safe.

Currently all Zoom packets flow through China.

This makes Zoom suspect forever, because if they're providing all Zoom data to China now, then most likely they'll find some other way to provide China all their data in the future.

It's unlikely Zoom will recover from this boondoggle.

Once suspect, always suspect.

madunix

Nobody's perfect, based on a risk assessment (security, privacy, continuity, legal, etc.).

https://www.techradar.com/best/best-video-conferencing-software
https://www.ionos.co.uk/digitalguide/online-marketing/social-media/skype-alternatives/
https://noyb.eu/en/interrupted-transmission
https://noyb.eu/sites/default/files/2020-04/noyb_-_report_on_privacy_policies_of_video_conferencing_tools_2020-04-02_v2.pdf

David Favor

Searching for - secure alternatives skype OR zoom - provides 17M+ results, so there are many options to chose from.

Just write down your requirements, then start testing alternatives for best match to your requirements.

https://www.ubuntupit.com/top-20-best-linux-video-conferencing-software provides a good starting point for free + secure alternatives.

madunix

This is not the first time we came across to this topic.
https://blog.rapid7.com/2020/04/02/dispelling-zoom-bugbears-what-you-need-to-know-about-the-latest-zoom-vulnerabilities/

btan

The site is a daycare (little kids) provide remote face time. Given the news reports about Zoom, can it be made safe?

There is definitely doubt in most people with the spate of negativity running around. The experts have brought up good woes and concerns. The saving grace is Zoom is making rounds to improve and rectify them https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/ it is up to whether you can take on the risk and is it acceptable for use case. There is work for Zoom to do within its security design and is now on your risk appetite level.

in fact, going to still using Zoom is on hygiene factor which you can opt for disabling all in meeting file transfer and recording so those material doesn't get exposed much. That said said more important is maintain the meeting participant as the host.

"Hardening" - Lock your virtual classroom, Control screen sharing, Enable the Waiting Room, Lock down the chat, Remove a participant and more explicit security options such as

Require registration: This shows you every email address of everyone who signed up to join your meeting and can help you evaluate who’s attending.
Use a random meeting ID: It’s best practice to generate a random meeting ID for your meeting, so it can’t be shared multiple times. This is the better alternative to using your Personal Meeting ID, which is not advised because it’s basically an ongoing meeting that’s always running.
Password-protect the meeting : Create a password and share with your participants via specific email so only those intended to join can access the meeting .
Set up your own two-factor authentication: You don’t have to share the actual meeting link. Generate a random Meeting ID when scheduling your event and require a password to join.
Allow only authenticated users to join: Checking this box means only members of your company / team who are signed into their Zoom account can access this particular meeting.
Disable join before host: Participants cannot join class before the host (organiser) joins and will see a pop-up that says, “The meeting is waiting for the host to join.“
Lock the meeting: When you lock a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and password (if you have required one).
Disable video: Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video or etc.
Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from getting bombarded with unsolicited pics, and other content.

Or, what are the alternatives?

Definitely there is like Webex, Google Meet, Microsoft Teams but the whole gist is that risk appetite and hardening is still needed as a host vigilance and controlling the meeting to keep a high hygiene and order during the meeting participants. You can still check them out as there would be similar setting.

Key is also make sure your machine and these apps (or browser) are kept patched to latest working fixes, with a good anti-malware software minimally in the background to catch the malicious codes.

J M

ASKER

Thank you all for such quick and excellent comments and suggestions.

I am wading through the suggestions and links now and will report back shortly.

Thanks Again

J M

ASKER

Wow!!!
Many thanks to all of you.

This was much appreciated. Sorry for the delay in responding. It took a while to wade through the posts for them to decide. They are going to give Google Hangout a try.

Of equal use were:
the posts regarding suggested technologies
AND
the posts suggesting ways to protect these young users.

Thanks again - and - everyone please stay safe!!!!

btan

Here is another summary from Zoom reecnt post which can come in handy.

https://blog.zoom.us/wordpress/2020/05/05/use-zoom-to-securely-host-virtual-board-meeting/