Here's a grabber of an opening sentence from a new SecureTest report: "SecureTest reported yesterday that web conferencing sidesteps every security barrier an organisation may have in place..."
The article points out that if you use desktop sharing and remote control through a web conferencing provider, an inside accomplice can give a confederate access to the corporate LAN or WAN, bypassing all firewalls and external security checks.
The interesting part is that desktop sharing software that uses HTTPS encryption defeats the organization's own security sniffing programs. A data stream in a web conferencing session obfuscates the data being transmitted and doesn't generate a log of access actions, so the company would have no way to see or log thefts that occurred.
Once this gets publicized, I think you are going to see a call for greater control and visibility from corporate IT security departments on the outbound data streams in an external remote access session. It could throw a monkey wrench in the use of such systems to let help desks and support departments access their clients' desktops to diagnose trouble.
Technorati Tags: firewall, security, web conferencing
