CCN-CERT document on WebexMaria Cruz Alcocer
CCN-CERT document on Webex
The CCN-CERT is the Information Security Incident Response Capacity of the National Cryptological Center, CCN, attached to the National Intelligence Center, CNI.
Its mission is to contribute to the improvement of Spanish cybersecurity.
CCN publishes on webex: Use of Cisco Webex, its implications for security and privacy. Recommendations and good practices.
In point 2 of the following document, the CCN-CERT highlights the security commitment of CISCO WEBEX:
National Cryptology Center: Use of Cisco Webex, its implications for security and privacy. Recommendations and good practices.
CISCO WEBEX SECURITY COMMITMENT
Cisco designs products in accordance with the Cisco Secure Development Lifecycle (SDL) that includes periodic privacy impact assessments, proactive penetration testing, and threat modeling.
The Cisco Security and Trust organization monitors Webex security and privacy and publicly discloses security vulnerabilities.
There are three (3) Cisco Webex security principles:
- Webex is committed to respecting the privacy of your data.
- CISCO Webex is secure by default.
- Webex has cyber security governance and is transparent when there are security issues
In the context of the state of alarm decreed by the government of the nation due to the Covid-19 pandemic, it has caused a series of changes in work routines. This situation has generated an explosion in the widespread use of video conferencing systems and chat applications such as Zoom, Cisco Webex, Google Meet, Microsoft Teams and consumer applications such as Houseparty, Jitsi, etc.
Cyber attackers are seizing the opportunities associated with pandemic fear, widespread telecommuting, difficulties in patching remotely connected endpoints, and increased exposure from allowing smoother operations.
In this context, poorly protected video conferencing sessions and applications are a magnificent attack vector.
Conclusions of the document:
Cisco offers an ecosystem of secure end-to-end solutions, where Cisco Webex is the part of the collaboration platform that allows meetings, events, training courses, remote support, group messaging, with audio, video and sharing services. , interoperable with all H323 and SIP standards-based room video platforms.