While some organizations are halting their use of Zoom due to security concerns and alerts that come on a seemingly daily basis; in some cases it might be the only option for some people and is still an immensely popular solution for remote meetings. Given the latest trend of “Zoombombing” and given how many users may reuse meeting IDs, it is important to understand how to setup sensible meeting defaults, and how to manage attendees and interactive features, in order to minimize disruptions. While these recommendations can improve the overall security of your zoom sessions, they should not be taken as total protection from all attacks and future vulnerabilities that may be discovered.
Global Zoom Hardening Settings
Prerequisite: – Log as “owner” or as “admin” into the Zoom portal at https://zoom.us – In the navigation panel on the left, under ADMIN, click Account Management then Account Settings Note that when using personal meeting rooms, the settings will be under PERSONAL, Meetings, Personal Meeting Room instead. It is also worth noting that Zoom also has settings that are group-specific. Locking settings If you want to make a setting mandatory for all users in your account (so that the setting could not be reverted) click the lock icon, and then click Lock to confirm the setting. Enable waiting rooms – Within the In Meeting (Advanced) section look for the Waiting room option and set it as follows, then click Save:
Optional: disable “Join before host”
Within the Schedule Meeting section, locate the Join before host option and turn it off
Enable meeting password
- Within the Schedule Meeting section look for “Require a password”, then turn on the following options:
Note that the option “Embed password in meeting link for one-click join” could render setting a password moot if the link is accidentally leaked to third parties.
Meetings Features Settings
Disable private chat
- Within the In Meeting (Basic) section look for the Private chat option and turn it off
Disable file transfer
- Within the In Meeting (Basic) section look for the File transfer option and turn it off
Restrict screen sharing to hosts only
- Within the In Meeting (Basic) section look for the Screen sharing option and set it up as follows, then click Save:
Disable annotations
- Within the In Meeting (Basic) section look for the Annotation option and set it up as turn it off:
Prevent removed participants from rejoining
- Within the In Meeting (Basic) section look for the Allow removed participants to rejoin option and set it up as turn it off:
Misc Settings
Enable Co-hosts
- Within the In Meeting (Basic) section look for the Co-host option and turn it on
Hide meeting topic
- Within the Schedule Meeting section look for the Always display “Zoom Meeting” as the meeting topic option and turn it on
Enable encryption for H323/SIP endpoints
- Within the In Meeting (Basic) section look for the Require Encryption for 3rd Party Endpoints (H323/SIP) option and turn it on
Prevent audio feedback issues (aka the Larsen effect)
- Within the Schedule Meeting section look for the Mute participants upon entry option and turn it on
Managing Participants
These actions can be performed from the Zoom client by a Host or a Co-Host.
Admitting participants to a meeting
- Join the meeting as a Host
- Click the Manage participants icon
- Admit waiting participants one by one, clicking on the Admit button beside each participant name, or admit them in bulk by clicking on Admit all
Promote a participant to Host or Co-Host status
- Click the Manage participants icon
- Hover on a participant’s name
- Click the More button, then either select Make Host or Make Co-Host from the pop-out menu (remember to make someone a (Co-)Host before leaving the meeting)
Send participants back to the waiting room
- Click the Manage participants icon
- Hover on a participant’s name
- Click the More button, then select Put in Waiting Room from the pop-out menu
Kick participants out of a meeting
- Click the Manage participants icon
- Hover on a participant’s name
- Click the More button, then select Remove from the pop-out menu
Managing Meeting Resources
(Co-)Hosts can manage at any time meeting resources. Here we will focus on locking a meeting, deciding who chats with whom, and who is allowed to initiate screen sharing.
Note that if a specific resource has been locked out globally it will not be possible to change its options and some of the options could not be displayed within the Zoom client.
Lock the meeting
Note that locking a meeting could prevent dropped participants from rejoining.
- Once all the participants have joined, click the Manage participants icon
- Click the More button at the bottom of the panel, then select Lock Meeting from the pop-out menu
- Click OK to confirm
Manage who chats with whom
- Click the Chat icon
- Click More at the bottom of the Chat panel (or on the “…” icon, depending on the client)
- Select the option that best suit your scenario (options should be self-explanatory)
Manage screen sharing
- Click the Share Screen icon
- Click on Advanced Sharing Options
- Set the options as per the following:
Two-Factor Authentication
Two-factor authentication can be implemented by Administrators to provide an additional layer of security. Details on this can be found at: https://support.zoom.us/hc/en-us/articles/360038247071-Setting-up-and-using-two-factor-authentication
References
Secure Your Meetings with Zoom Waiting Rooms
https://blog.zoom.us/wordpress/2020/02/14/secure-your-meetings-zoom-waiting-rooms/?zcid=1231
Enabling and adding a Co-Host
https://support.zoom.us/hc/en-us/articles/206330935
Host and Co-Host Controls in a Meeting
https://support.zoom.us/hc/en-us/articles/201362603-Host-and-Co-Host-Controls-in-a-Meeting?zcid=1231
Managing participants in a meeting
https://support.zoom.us/hc/en-us/articles/115005759423-Managing-participants-in-a-meeting
In-Meeting File Transfer
https://support.zoom.us/hc/en-us/articles/209605493-In-Meeting-File-Transfer