The previous month has been a rollercoaster ride for Zoom. As companies rushed to send employees out the door to work from home and reduce their exposure to the global pandemic, companies turned to collaboration applications such as Zooms to conduct meetings as usual. Unfortunately, the spotlight on Zoom also attracted some nefarious players who focused their attention on possible vulnerabilities. Like all software, some known exploits were discovered.
The most serious threat is credential compromise. Hackers have figured out a way to obtain passwords while attending a Zoom Session. The problem occurs within the chat feature. Currently, the Zoom client converts any Windows networking UNC path into a clickable link within the chat messages. When a user clicks a link to lets say a shared JPG file, Windows naturally attempts to connect to the remote site using the SMB file-sharing protocol. In doing this, Windows sends the user’s login name and NTLM password hash by default. The involved has can then be cracked using free cracking tools that are easily obtainable today. If the user is using a simple password, it can easily be cracked within seconds.
Even if Zoom comes out with a fix, there’s something you can do proactively.
Use a Group Policy Administrative Template setting which simply restricts outgoing NTLM traffic. Create a GPO and go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options and configure “Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers” to Deny All.
The problem is what about computers that are not domain-joined? Furthermore, what about users that are now working remotely from home and must connect to the corporate network through VPN to get the GP update? They don’t need to use VPN to run a remote Zoom session.
That’s where PolicyPak comes in. With PolicyPak Security Settings Manager you can configure Windows Security Settings using Real Group Policy and then export them into an XML file suing the PolicyPak Security Settings Manager export wizard.
PolicyPak Security Settings Manager simply analyzes your existing Windows Security settings. You can then decide which settings you want to export.
This probably isn’t a setting you want to deploy enterprise wide. Just to your laptop users or even selected ones. PolicyPak allows you to granularly target most any setting using Item-level Targeting. In this case, I am going to target portable computers you can also target a specific version of the Windows OS or a particular user group.
Finally, we will simply save file. You can then use PolicyPak Cloud Edition to deploy the new setting in rapid fashion to your remote machines whether they are domain joined or not. For MDM enrolled computers, you can use the PolicyPak Exporter Utility to convert the XML into a MSI file that you can then simply deploy through your preferred MDM using PolicyPak MDM Edition in the same way you deploy any MSI file.
Once the Zoom update is deployed throughout your enterprise, you can go back and disable this setting.
You can watch a video demonstration showing how you can deliver Group Policy Security settings over the internet.
Although not as serious, Zoom-bombing is a more prevalent threat. Just like photo bombing, it entails bombing someone’s Zoom meeting with unwanted images or videos. The FBI has even issued a warning about using Zoom as it has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language. This warning is especially pertinent to schools.
Fortunately, there are some things you can to lessen your exposure to Zoom Bombing. The first is to refrain from publicizing your zoom meetings on the web or the company website. One can simply do a Google search for URLs that include “zoom.us”.
Some other tips you can take include:
To get started with some of these recommendations, you can and should download the Zoom ADMX settings. Then, put them in your Central Store (here’s a video if you don’t know how to do that.)
One of the recommendations from Zoom is to refrain from using your Personal Meeting ID and use a per-meeting ID that is exclusive to a single meeting. Do this by disabling the “AlwaysUsePersonalMeetingID” setting. The best way to deliver this setting would be via PolicyPak Admin Templates Manager.
PolicyPak Admin Templates Manager lets you configure any GP ADMX setting and deploy it both domain and non domain-joined computers (just as in our earlier example.)
Here is how the desired setting should look.
BONUS TIP: Zoom provides a video that walks you through the process of generating a random meeting ID.
If your company uses Zoom for intracompany meetings only, you can restrict access to your company’s email domain only.
You can watch a video demonstration showing how you can use PolicyPak to Group Policy Admin template settings over the internet via PolicyPak Cloud.
PolicyPak is a modern desktop management solution that empowers you to easily configure, deploy, and manage policies for on-premises and remote work Windows environments. Our suite of solutions allows you to completely manage and secure user desktops regardless of join status or location. Out solutions are ideally suited today for remote workspaces. PolicyPak also allows you to swiftly respond to discovered security vulnerabilities to shore up recently discovered vulnerabilities. Find out how PolicyPak is perfectly positioned for the challenges of today.
The post Secure Your Zoom Sessions (and prevent Zoom-bombing) with Group Policy and PolicyPak appeared first on PolicyPak.
*** This is a Security Bloggers Network syndicated blog from Blog Posts – PolicyPak authored by Ali Hassan. Read the original post at: https://www.policypak.com/pp-blog/secure-your-zoom-sessions-and-prevent-zoom-bombing-with-group-policy-and-policypak
Authors/Presenters: *Shradha Neupane, Grant Holmes, Elizabeth Wyss, Drew Davidson, Lorenzo De Carli Many thanks to USENIX for publishing their outstanding…
What really is cyber security and why doesn't the traditional CIA triad of confidentiality, integrity, and availability work? And what's…
The widespread adoption of cloud services has introduced cybersecurity challenges and compliance complexities due to various privacy regulations in different…
The RSA Conference 2024 is set to kick off on May 6. Known as the “Oscars of Cybersecurity”, RSAC Innovation…
Last week, we hosted Michael Tapia, Chief Technology Director at Clint ISD in Texas, and Kobe Brummet, Cybersecurity…
Authors/Presenters: Binbin Zhao, Shouling Ji, Xuhong Zhang, Yuan Tian, Qinying Wang, Yuwen Pu, Chenyang Lyu, Raheem Beyah Many thanks to…
