Cisco Cisco WebEx Meeting Center WBS31 White Paper
Web Conferencing: Unleash the Power of Secure Real-Time Collaboration
White Paper
Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved.
5
Cisco WebEx meeting sessions use switching
equipment located in multiple data centers around
the world. These data centers are strategically
placed near major Internet access points and use
dedicated high-bandwidth fiber to route traffic
around the globe. Cisco operates the entire
infrastructure within the Cisco WebEx Cloud with
industry-standard enterprise security.
Additionally, Cisco operates network point-of-
presence (PoP) locations that facilitate backbone
connections, Internet peering, global site backup,
and caching technologies to enhance performance
and availability for end users.
Physical Security
Physical security at the data center includes video
surveillance for facilities and buildings and enforced
two-factor identification for entry. Within Cisco data
centers, access is controlled through a combination
of badge readers and biometric controls. In addition,
environmental controls (for example, temperature
sensors and fire-suppression systems) and service
continuity infrastructure (for example, power backup)
help ensure that systems run without interruption.
Within the data centers are also “trust zones,”
or segmented access to equipment based on
infrastructure sensitivity. For example, databases are
“caged”: the network infrastructure has dedicated
rooms and racks are locked. Only Cisco security
personnel and authorized visitors accompanied by
Cisco personnel can enter the data centers.
Cisco’s production network is a highly trusted
network: only very few people with high trust levels
have access to the network.
Infrastructure and Platform Security
Platform security encompasses the security of the
network, systems, and the overall data center within
the Cisco Collaboration Cloud. All systems undergo
a thorough security review and acceptance validation
prior to production deployment, as well as regular
ongoing hardening, security patching, and vulnerability
scanning and assessment.
All systems undergo a thorough security review and
acceptance validation prior to production deployment.
Servers are hardened using the Security Technical
Implementation Guidelines (STIGs) published by
the National Institute of Standards and Technology
(NIST). Firewalls protect the network perimeter and
firewalls. Access control lists (ACLs) segregate
the different security zones. There are intrusion
detection systems (IDSs) in place, and activities
are logged and monitored on continuous basis.
There are daily internal and external security scans
of Cisco WebEx Cloud. All systems are hardened
and patched as part of the regular maintenance.
Additionally, vulnerability scanning and assessments
are performed continuously.
Service continuity and disaster recovery are critical
components of security planning. Cisco data
center’s global site backups and high-availability
design help enables the geographic failover of Cisco
WebEx services. There is no single point of failure.
Cisco WebEx Application
Security
Security
Cryptography
Encryption at Run Time
All communications between Cisco WebEx
applications and Cisco WebEx Cloud occur over
encrypted channels. Cisco WebEx supports the TLS
1.0, TLS 1.1, and TLS 1.2 protocols and uses high-
strength ciphers (for example, AES 256).
1
After a session is established over TLS, all media
streams (audio VOIP, video, screen share, and
document share) are encrypted.
2
User Datagram Protocol (UDP) is the preferred
protocol for transmitting media. In UDP, media
packets are encrypted using AES 128. The
initial key exchange happens on a TLS-secured
channel. Additionally, each datagram uses hashed-
based message authentication code (HMAC) for
authentication and integrity.
1
Actual encryption protocol and strength depend on the OS and browser settings, based on which a host negotiates connections with
Cisco WebEx.
2
Users connecting to a CMR Cloud meeting using a third-party video endpoint may be sending and receiving unencrypted media
streams. Configuring your firewall to prevent unencrypted traffic to and from Cisco WebEx helps keep your meetings safe. However,
allowing attendees outside your firewall to join your meeting using third-party devices can still send your meeting data unencrypted on
the Internet.