����첥

Security vulnerabilities and exploitation of the Zoom conferencing platform (Zoombombing, Link exploits, etc) have been spotlighted in recent news. This write-up is to inform and clarify the position that the University of Alaska holds with Zoom. 

Backstory and Context

Due to the global increase of remote work, and distance education, the web conferencing platform, Zoom, has found its way into the spotlight. In March alone Zoom’s daily user base dramatically increased from 10 million users to 200 million users. Across the nation, many higher education and K12 systems adopted Zoom as the platform to transition from face-to-face classes to online instruction in a very compressed time frame. It is Zoom’s intuitive interface and ability to scale the cloud infrastructure to meet the rapid growth that provides a very inviting and accommodating online environment. 

The University of Alaska chose and adopted Zoom after an extensive and inclusive RFP process across the ����첥 system in 2018. The Zoom implementation replaced the aging video conferencing infrastructure and provides projected savings of ~$100K in FY20 over FY19 costs.

Unfortunately, the ease of use and rapid rise in popularity of Zoom presents opportunities to maliciously exploit the very same features; like screen sharing, standing meeting ID’s, screen sharing,  that enables its ubiquitous popularity; like screen sharing and standing meeting URLs that are reused as a convenience practice. Zoombombing is the notorious exploit making recent headlines that takes advantage of these conveniences and enables malicious actors to intrude a Zoom session and post disruptive content through screen sharing. This type of invasion has caused several educational systems to abandon the platform altogether.

---

Actions ����첥 has Taken To-Date

Configuration changes have been made to enhance the security of ����첥’s Zoom environment in an effort to block Zoombombing:

• ����첥 Zoom has always been accessed via standard ����첥 authentication protocols using ����첥 Username and password.
• Global screen sharing default settings have been changed to “Host-Only” 
• To ensure a good Zoom session experience, it is important to know how to use the meeting controls and employ best practices. OIT has developed and posted  .
• Articles have been developed and circulated to ����첥 News, ����첥F Cornerstone, Green and Gold, and ����첥S IT Help Desk.
• ����첥 News - How to avoid Zoombombing
• ����첥 News - Optimize your remote experience

---

Zoom Security Concerns and their response

Zoom has announced a plan to conduct an extensive external security review of the Zoom platform over the next 90 days. 

Zoom has patched and addressed vulnerabilities to address the security concerns, the details are:

• )

����첥 Office of Information Technology will pay close attention to all Zoom technical announcements to ensure the best Zoom experience for ����첥.  For the latest in Zoom information during COVID-19 response, visit the page on ����첥 Virtual Campus.

---

Questions about Zoom?

As always, your local service desk is here to help!