Microsoft Office Live Meeting Service Security Guidedownload.microsoft.com/.../Live_Meeting_2007_R2_Securi… · Web viewPrint to PDF. If you enable this option, use the Print to

Published: August 2008

Microsoft Office Live 2007 R2 Meeting Service Security Guide

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies,

organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real

company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable

copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced

into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the

express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as

expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks,

copyrights, or other intellectual property.

© 2007 Microsoft Corporation. All rights reserved.

Microsoft , MSN, Outlook, PowerPoint, Visio, and Windows are trademarks of the Microsoft group of companies. Microsoft, MSN, Outlook, PowerPoint, Visio,

and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

ContentsContents...........................................................................................3Introduction......................................................................................1

About This Guide..........................................................................1Part I: Office Live Meeting Security...................................................2

Access Security............................................................................3Meeting Ownership.................................................................3Access Control........................................................................3Participation Control...............................................................4Content Control.......................................................................4Schedule Privacy.....................................................................4Attendance Tracking...............................................................4

Content Storage Security.............................................................5Persistent Content..................................................................5High Performance...................................................................5Software Security....................................................................5

Hosting Infrastructure Security....................................................6Physical Security.....................................................................6Dedicated and Certified Security Personnel............................6Third Party Certifications.........................................................6

Data Transmission Security..........................................................6Encryption...............................................................................7Firewall Policy and Auto Sensing Technology..........................7

Part II: Security Features for Conference Center Administrators.....10Corporate Software Installation Policies.....................................10Web-Based Client.......................................................................10Managing Memberships.............................................................10

Creating a Membership.........................................................11Restricting Memberships.......................................................12Enforcing Password and Meeting Key Policies.......................13

Live Meeting Policies..................................................................13Conference Center Account Policies......................................13Conference Center Account Preferences...............................16User Role Policies..................................................................17Individual Member Privileges................................................19

Part III: Security Features for Meeting Organizers and Attendees. . .20Scheduling a Meeting.................................................................20

Access Control List (ACL)......................................................20Sending Invitations...............................................................22Meeting Lobby......................................................................23

Conducting a Meeting................................................................23

Verifying Meeting Attendance...............................................23Controlling Meeting Content.................................................24Managing Post-Meeting and Recording Content....................26

IntroductionThe Microsoft® Office Live Meeting service provides a central access point for all meeting participants. Regardless of whether they are at the office, on the road, or at home, participants can connect to a Live Meeting session hosted on the Internet. This flexibility, however, is accompanied by some unique security challenges. Some meetings contain confidential material and therefore require special attention with regard to who can access the meeting and how to safeguard the meeting content.

The Office Live Meeting service, from meeting access to data storage and transmission, was designed in an environment of security awareness, and built-in security features allow conference center administrators, meeting organizers, and meeting attendees to extend security. This document provides an overview of the security issues that you should consider when you use the Live Meeting service, the Live Meeting security measures available to you, and the procedures for scheduling and conducting secure meetings.

About This GuideThis guide discusses security for the Office Live Meeting service from different perspectives, from the security considerations that are built into the service to help secure critical data, to the features and best practices for managing attendance and conducting meetings. It is divided into three parts:

Part I is written for the technical decision maker who is responsible for ensuring that the product meets the organization’s security requirements. It discusses the security considerations that were designed into Office Live Meeting and the various controls that are available to the organization.

Part II is written for the administrator of the organization’s Office Live Meeting conference center. It helps administrators configure Office Live Meeting in a secure manner by providing information about restricting memberships, enforcing passwords and meeting keys, and setting policies.

Part III is written for meeting organizers and attendees. It provides tips and best practices for scheduling and conducting secure meetings.

2 Microsoft Office Live Meeting Service Security Guide

Part I: Office Live Meeting Security Microsoft’s commitment to providing more secure computing environments includes a comprehensive approach to building and delivering products with high security in mind, and helping customers configure and deploy them in a continued state of high reliability. The Trustworthy Computing initiative, described in detail on the Microsoft Trustworthy Computing Web site at http://www.microsoft.com/mscorp/twc, provides the policies and assurances that form the foundation for this security mindset. Trustworthy Computing is necessary to provide an environment that allows the user to feel confident that critical business needs are met without compromising information that must be protected.

The Trustworthy Computing initiative defines four goals that all Microsoft products must meet:

Security. Microsoft products are designed to withstand attack by malicious people or programs, while protecting the confidentiality and consistency of the data that the products originate or consume.

Privacy. Microsoft products enable customers to better maintain control over their personal information, while being able to ensure and verify that internal information auditing policies can be implemented with accuracy.

Reliability. Microsoft products are designed to offer robust, reliable, and trouble-free communications and computing services.

Business Integrity. Microsoft will provide responsible, conscientious support for its products, remaining aware of the customer relationship. Microsoft will behave in a responsive manner to the needs of its customers.

To ensure that the Trustworthy Computing initiative meets these goals, products are designed under four guiding principles, sometimes referred to as SD3+C:

Secure by design. Products are designed in an environment of security awareness, with a focus on security features built into the product, and undergo rigorous security testing during development.

Secure by default. Areas of product functionality will not be enabled by default unless an administrator chooses to implement them. Services that do not need to be running will not run unless required and administrative functions will require proper credentials.

Secure in deployment. Microsoft understands that products do not exist in a vacuum and must be deployed in diverse enterprises. Administrators need to be able to ensure that their installations will coexist with other systems, providing encryption for sensitive data, and preventing unauthorized entities from accessing important information.

Communications. Microsoft maintains a commitment to communicating with customers. These communications begin with providing ample product documentation, and continue through a product's lifecycle by communicating information about vulnerabilities, service packs, training opportunities, and upgrades.

As a hosted Web conferencing service, Live Meeting recognizes and respects the responsibility it assumes on behalf of its clients to emphasize security for all meetings and associated stored content. To provide its users with the confidence that their Web conferencing experience is protected, the Live Meeting service focuses significant effort toward addressing the three cornerstones of delivering a secure service:

Access controls

Content storage

Data transmission

http://www.microsoft.com/mscorp/twc

Microsoft Office Live Meeting Service Security Guide 3

This section discusses these three cornerstones in detail.

Access SecurityThe Live Meeting user interface provides a rich set of features to allow organizations to programmatically manage and control meeting ownership, access, participation, and content. By using these features, companies can establish and enforce their own security policies and procedures at a level appropriate to their needs.

Meeting OwnershipLive Meeting is designed for continuous collaboration and ongoing protection of sensitive data. In meetings where there is only one presenter, if the presenter exits the meeting for any reason, Live Meeting maintains the security policies of the meeting, and lets the original presenter assume control upon re-entering the meeting. In meetings with more than one presenter, Live Meeting grants additional privileges to only those people who have been designated as presenters by the meeting organizer. Under this strategy, organizers are assured that presenters maintain control of meeting data and other meeting capabilities, and that these capabilities do not fall into the hands of unauthorized meeting participants. In this way, Live Meeting maintains ownership security and continued access throughout the duration of the meeting.

Access ControlLive Meeting offers different levels of meeting access controls with varied degrees of security to address general public meetings, as well as highly confidential meetings. Live Meeting offers users of its Web conferencing services a choice of four increasingly stringent, authentication mechanisms to control access to their meetings, as listed below. Meeting organizers can select the access control mechanism that is best suited for their particular meeting event, ranging from public forums to private conferences, or can choose to combine controls so that attendees require different levels of authentication than presenters. The access control options are as follows:

Open Meeting (Public Sessions). At this minimum-security level, any user in possession of the meeting URL or meeting ID can attend with no additional authentication required. Therefore, because audience members do not require a meeting key or user account, anyone can attend an open meeting. This mechanism is ideal for public events where a broad range of attendance and participation is welcome.

Meeting Key (Optimum Security). When additional security is needed, presenters and audience members can be required to enter both a Meeting ID and a Meeting Key. The Meeting Key is a string composed of numbers, letters, and symbols of a length defined by the administrator, which is either randomly generated or defined by the meeting leader. Audience members and presenters use these keys to establish their level of permission for the meeting. For convenience, a Meeting Key can be replaced with a new key that the meeting leader chooses (up to 64 characters). Additional safeguards can be added to user password and meeting key complexity requirements, which give the administrator some flexibility to ensure that easily guessable passwords and keys are not used in their conference center.

Access Control Lists (Maximum Security). At the high-security level, meeting organizers can create an access control list (ACL) against which all meeting attendees (presenters and audience members) are cross-referenced before being permitted to attend. The cross-referencing is achieved through the use of unique user IDs, which all meeting attendees (both presenters and audience members) are required to provide, in addition to passwords. This is the most secure access level because participants do not have the opportunity to change their display names, which means that meeting organizers are able to explicitly specify who is permitted to attend. Varying levels of access control can be applied differently to attendees and presenters to help ensure meeting security.


Lightweight Directory Access Protocol (LDAP) and Central Directory Service Integration (Customized Security). By taking advantage of the powerful application programming interfaces (APIs) that Live Meeting provides, meeting organizers and participants can be authenticated through their own corporate directory services. After they are authenticated through their own intranet, users can access their Live Meeting accounts to schedule and conduct meetings.

Participation ControlLive Meeting provides a mechanism that allows organizers to monitor and control their meetings in real time. The meeting client gives presenters the ability to dismiss any user from the meeting at any time, without disrupting the course of the meeting. Meeting organizers can control access to meetings with an access control list (ACL), which ensures that only those who have a membership in your Live Meeting account and who have specifically been invited can enter the meeting. It also ensures that during the meeting, you can verify the identity of attendees in the attendee list. This feature enables meeting presenters to quickly dismiss attendees who should not be present at certain times during the meeting, such as when confidential information is about to be introduced. It also provides a means of ejecting attendees who are proving unruly or disruptive. As an additional security measure, by enabling the Meeting Lobby feature in Live Meeting, presenters can, during the course of the meeting, control who is allowed into the meeting, regardless of whether they were previously authorized.

Content ControlPresenters retain control over their content. Meeting content can be uploaded to servers where only the meeting presenters can make changes to it. Content and meeting records can be programmatically saved or deleted at the organizer’s discretion. For example, records of meetings and associated content can be automatically earmarked for deletion when certain conditions are met (for example, at the conclusion of each meeting, at the conclusion of meetings scheduled by particular users, and so on).

Schedule PrivacyLive Meeting is engineered so that meeting calendars and schedules can only be viewed by authorized and authenticated people. This helps ensure that meeting itineraries cannot be sought out or stumbled upon by unauthorized viewers.

Attendance TrackingLive Meeting provides a mechanism to view attendee status in real time, and to disconnect participants, if necessary. The Support Control Panel not only lists the names of the participants, but also the IP address from which they connected, as well as information about their browser and operating system. To eject a participant, the meeting organizer merely has to select the appropriate name from the list and click the Disconnect User button at the bottom of the page.

Live Meeting also provides an audit trail to capture details on every participant who attends a meeting. The Attendance Report lists the name, IP address, and role of each attendee (that is, presenter or audience member). The Attendance Report displays the exact time each participant arrived, as well as how long they remained connected. Optional fields that can be configured for each attendee to provide include e-mail address and company name. This information can also be listed in the Attendance Report.

NoteYou can verify the identity of a meeting attendee only if the meeting was set up to use an access control list. In meetings that do not use an access control list, attendees are allowed to enter any display name.


Content Storage SecurityPersistent Content

Persistent content provides you with the convenience to use and reuse the same presentations after they are uploaded to the service. This can result in significant time savings for the meeting leader. While stored on the service, meeting content remains encrypted for the duration of the persistent storage. By default, meeting content automatically expires 90 days after the meeting ends. Organizers have the option to selectively delete presentation content at any time or set up automatic deletion of presentations using the Content Expiration feature. This lets users ensure that all data has been removed from the Live Meeting servers, if it is not being stored for future use.

High PerformanceUploading your presentation within the Live Meeting service provides higher performance. Because the Live Meeting hosting facilities have very high bandwidth connections to the Internet, your content is presented to all meeting participants as rapidly as possible. This architecture also minimizes any potential bottlenecks caused by slow connection rates from individual presenters.

Software SecurityIn the world of online security, threats can range from random attempts at penetration, such as those posed by automated vulnerability scanners, to targeted efforts to view and possibly usurp proprietary and confidential information. Such threats are real and growing. To combat these risks, eight separate layers of software security collectively enhance protection of the Live Meeting infrastructure, serving as a fortification around all customer data.

Filtering Routers. Filtering routers reject attempts to communicate to non-routable IP addresses in our hosted environment. This helps to prevent common attacks that use automated vulnerability scanners searching for vulnerable servers. Although relatively easy to block, these types of attacks remain a favorite method of attackers in search of weaker defenses.

Firewalls. Firewalls restrict data communication to known and authorized ports, protocols, and destination IP addresses. External access to the Live Meeting infrastructure is restricted to the ports and protocols that are required for the communications between the Live Meeting servers and the meeting participants. The Live Meeting firewall also performs packet inspection, which helps to ensure that the actual contents of the packets contain data in the expected format and conform to the expected client and server communication scheme.

Intrusion Detection Systems. The Live Meeting service uses network-based intrusion detection systems (IDS) to perform real-time monitoring of incoming and outgoing traffic, looking for anomalies in the usual patterns for delivering Web conferencing services. The Live Meeting hosted environment is monitored 24 hours a day, 7 days a week and generates immediate notification of detected inappropriate activity, which is then analyzed. Corrective action is taken, if necessary. IDS performs protocol analysis (and can be used to detect a variety of attacks and probes, such as port scans) and attempts to communicate using inappropriate IP address ranges.

Systems Level Security. The Live Meeting service is designed to help prevent other common types of malicious activity by disabling nonessential services, which have historically been known points of attack. Examples of some of these types of services include Telnet connectivity, sysadmin daemons, and printer services.


Application Authentication. The Live Meeting service enables meeting organizers to enforce the level of participant authentication they feel is needed to protect their meetings. Meetings can be scheduled with a range of access controls, including strict use of Meeting Keys and access control lists, which require individuals to log on using unique user IDs and passwords. All passwords are stored using a one-way hash algorithm (SHA-256), providing an extra level of protection.

Application Level Countermeasures. The Live Meeting service implements countermeasures to help prevent common traps, such as buffer overflows, which have been successfully used by attackers for years to gain access to vulnerable software. Application input is bounds checked and security measures are constantly being hardened against the latest attacks and threats.

Separate Data Network. The Live Meeting service isolates the actual servers that house data onto a network separate from the rest of the Live Meeting facility. This restricts access to the uploaded data to only a specified set of servers that reside behind the firewall inside the Live Meeting hosting facilities.

Hosting Infrastructure SecurityThe Live Meeting Web conferencing service is designed to be a secure and reliable Web conferencing solution. To insure the highest level of security, Live Meeting requires the stringent implementation of security policies within both the physical security measures of the hosting facility and the certification programs built into the hosting infrastructure.

Physical SecurityPhysical security starts with the design of the secure data centers located at Live Meeting co-location hosting facilities in the United States and the United Kingdom. State-of-the-art safeguards protect the Live Meeting Data Centers, including 24 hours a day, 7 days a week secured access, motion sensors, video surveillance cameras, biometric controlled access, and security breach alarms. These safeguards are designed to ensure that only authorized Live Meeting operations personnel gain access to these areas.

Dedicated and Certified Security PersonnelThe contents of any Web presentation, live or recorded, visual or audio, and any presentation materials uploaded to the Live Meeting servers are treated as the intellectual property of the customer. Live Meeting employees and agents do not view these materials except as required to diagnose and support the service, and then only at the specific request of the customer (or as per legal process). In keeping with the Microsoft commitment to Trustworthy Computing, the Data Centers enforce clear policies to help ensure that any necessary viewing of such content is restricted to the authorized operations and technical staff that support the service. There are a strictly limited number of authorized Live Meeting personnel who have the ability to access customer Web conference sessions, and these personnel are closely supervised.

Third Party CertificationsThe Live Meeting Web conferencing service is a Cybertrust certified service provider. The Cybertrust Security Management Program is a thorough security risk reduction and certification program that addresses all aspects of proactive information security, from network and system analysis to physical and policy inspection. Here is a brief excerpt that describes the value of this accreditation:

The Cybertrust Security Management Program integrates multiple security practices and procedures to help organizations identify and mitigate risk to critical IT assets. The program also assists the organization with maintaining optimal security. More information is available at http://www.cybertrust.com.

http://www.cybertrust.com/


Data Transmission SecurityThere are two key aspects to data transmission: the encryption used to send data over the Internet, and the manner in which data travels through the firewalls of each meeting participant. All encryption used by LiveMeeting is based on Industry/Government approved algorithms and standards.

EncryptionDuring a Live Meeting session, content is distributed over the public Internet to the participants of the meeting. All data that is transmitted between the Live Meeting client and the Live Meeting service is transmitted using advanced Transport Layer Security (TLS) encryption to help prevent unauthorized interception; this is the same technology that major financial institutions use to safeguard their online transactions.

When uploaded presentation slides reach the Live Meeting Data Center, they are encrypted with 128-bit Advanced Encryption Standard (AES) encryption. During conferences, these slides are sent over the Internet in their encrypted format and are only decrypted after they are successfully received by each participant, when the presenter shows the slide to participants using the Live Meeting client.

The attendees initiate TLS connections to a Live Meeting Data Center using the HTTPS (HTTP Secure) protocol, which encrypts data sent over that connection. Each participant uses a unique session key to initiate the encrypted client and server connection. After attendees establish an encrypted connection, they receive a private key for the AES-encrypted meeting slides over that safer connection. This approach lets Live Meeting take advantage of participants’ proxy servers while limiting the potential for exposing meeting content.

Firewall Policy and Auto Sensing TechnologyIn order to accommodate the widest range of users, a Web conferencing service must be able to allow participants to connect from corporate environments that are often protected by firewalls. The nature of business communication today requires information workers to interact with people both inside and outside of their organization.

Live Meeting Web conferencing employs unique technology to determine the most efficient communications transport allowed by a participant’s firewall for use during the meeting. This approach reaches the widest number of users possible and involves choosing a communications transport independently for each user so that no one is forced to endure a slower connection because of the configurations of other users’ firewalls.

What is Firewall Policy?Firewall policies define which packets are allowed into or out of the intranet. Packets coming into the intranet may be blocked because they have potential to expose computers located behind the firewall to attacks from people outside the firewall. Packets inside the firewall may be prohibited from passing outside of it to minimize the risk of sensitive information passing out of an owner’s control.

The most restrictive policy is to deny all transmissions across a firewall; you can accomplish this easily by disconnecting the two networks. Under these conditions, no Internet communications can pass to the intranet, and no intranet communications can pass to the Internet. This is sometimes the policy in extreme high-security networks. However, this means that users inside the intranet cannot access information on the Internet. For example, they are not able to use a browser to access the Web.

NoteThe audio and video portions of a meeting cannot be transmitted through an authenticating proxy server. Although you could disable authentication to allow transmission of audio and video, this may not be an acceptable option for your organization.


Since such limitations are too extreme for most users, Information Technology (IT) departments that typically manage communication networks usually set more permissive policies. But the permissiveness of these policies varies considerably from organization to organization. Rules typically depend on specific protocols or ports as described in the following sections.

Firewall Policy: ProtocolsProtocols are the language of data communications. Different protocols can be used to transmit data from one computer to another. Certain protocols are more efficient or perform better for certain kinds of communication. Firewalls can also be configured to allow only certain protocols for data transmission. Web conferencing applications commonly use Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) as transport layer protocols, and HTTP as an application layer protocol.

TCP. Technologies such as streaming audio and video, file transfers, and terminal emulators often use protocols such as TCP. A firewall administrator might want to prevent file transfers and would therefore establish a policy that allows only the HTTP or HTTPS protocol.

UDP. Voice and video over the Internet sometimes use UDP. UDP is sometimes referred to as a “best effort” protocol, which means that the data packets are sent once and not re-transmitted, even if they were not successfully received and acknowledged.

HTTP/HTTPS. IT departments often configure their firewalls to allow only packets that are using approved protocols to pass through. For example, most firewalls allow users to browse the Web, which uses protocols called Hypertext Transmission Protocol (HTTP) and Secure Hypertext Transmission Protocol (HTTPS).

Firewall Policy: PortsCommunications, which are written in certain languages or protocols, are targeted for approved locations, known in this context as ports. Ports describe the location to which the data packet will be transmitted at the destination address. Firewalls can limit the port ranges that data is permitted to travel. Firewalls can also have rules applied to restrict the direction (inbound, outbound) that data may travel and which communication channels can be initiated.

By restricting the port, you can limit where communications are able to go. For instance, the standard port for the Web is port 80, and some firewall administrators configure their firewalls to allow HTTP traffic to go only to port 80.

TCP. Some real-time collaboration tools are designed to require specific TCP ports, such as Session Initiation Protocol (SIP) over port 5060. Although SIP is approved by various international standards organizations, it is not universally enabled by firewall administrators. For this reason, it will not work across restricted firewalls.

Users who want such products supported can ask their firewall administrators to "punch a hole" in the firewall to allow specific protocols and ports. But most firewall administrators are reluctant to do this without studying the protocols and products in depth to ensure that they will not make their intranets vulnerable to attack. Certifying protocols is often time consuming, even if configuring the firewall is straightforward.

As a result, this approach is usually impractical for events that are not planned well in advance. Because of the performance advantages of direct TCP connections, Live Meeting automatically senses whether certain protocols are allowed through the firewall and uses them if allowed.

HTTPS (Port 443). The Live Meeting service uses HTTPS and port 443 tunneling to ensure that communications are allowed through any firewall that supports Web browsing. Tunneling streaming data, such as that used in Live Meeting over a protocol like HTTPS, is less efficient, and thus adds some performance penalty. Live Meeting supports an HTTPS pass-through mode, but will only use this mode if a direct TCP connection cannot be established.


Table 1 below outlines the protocols and ports that the Live Meeting client uses to connect to the Live Meeting Service. Note that not all the ports listed in the table below are required for Live Meeting Service functionality. The ports used for connectivity to the service are dependent on the outbound ports allowed through customer firewall configuration. Live Meeting automatically senses whether certain ports are allowed through the firewall and uses them if allowed.

Table 1. Protocols and ports used by Live Meeting

FunctionSource Destination Network/

Application

ProtocolInitiator Port(s) Receiver Port(

s)

Media session control 1

Live Meeting client

1024 – 65535

Live Meeting Service (Access Proxy)

5061 1

TCP / SIP / TLS

Live Meeting client

1024 – 65535

Live Meeting Service (Access Proxy)

443 1 TCP / SIP / TLS

Media data transport to the Media Relay 3

Live Meeting client

1024 – 65535 2

Live Meeting Service (Media Relay)

3478 3

UDP / STUN / TURN

Live Meeting client

1024 – 65535 2

Live Meeting Service (Media Relay)

443 3 TCP / STUN / TURN

Live Meeting client

1024 – 65535 2

Live Meeting Service (Forwarder)

443 TCP / SRTP

Media data transport to the Forwarder via TLS

Live Meeting client

1024 – 65535


4434 TCP / TLS

Live Meeting client

1024 – 65535


80574

TCP / TLS

Web Access Live Meeting client

1024 – 65535

Live Meeting Service (Web Server)

80 TCP / HTTP

Live Meeting Web Access browser

1024 - 65535

Live Meeting Service (Web Server)

443 TCP / HTTPS

1 The Live Meeting client connects to the Live Meeting Service Access Proxy on either port 5061/TCP or port 443/TCP, depending on the port that is allowed through the firewall.2 To simplify local firewall policies, you can restrict the source port range by using the following Live Meeting client registry keys. However, a minimum of 20 ports (for example 50,000 – 50,019) are required to allow all Live Meeting audio and video scenarios to succeed.

HKEY_CURRENT_USER\Software\Microsoft\Live Meeting\Console\Version 8.0\Attendee\MediaPortRangeMinHKEY_CURRENT_USER\Software\Microsoft\Live Meeting\Console\Version 8.0\Attendee\MediaPortRangeMaxHKEY_CURRENT_USER\Software\Microsoft\Live Meeting\Console\Version 8.0\Presenter\MediaPortRangeMin


HKEY_CURRENT_USER\Software\Microsoft\Live Meeting\Console\Version 8.0\Presenter\MediaPortRangeMax

3 The Live Meeting client connects to the Live Meeting Service Media Relay using 3478/UDP or 443/TCP, depending on the protocol and ports that are allowed through the firewall.4 The Live Meeting client connects to the Live Meeting Service Forwarder on either port 8057/TCP or port 443/TCP, depending on the port that is allowed through the firewall.

Auto Sensing TechnologyAs this section has discussed, it is possible to choose different protocols to ensure the largest possible reach. However, most users are not aware of their firewall policy settings. Therefore, they are unable to manually select the optimal solution for their unique situations.

Live Meeting provides unique auto sensing technology that automatically respects firewall policies and optimizes client and server communication policies strategically to offer each client a secure connection with the best performance possible. Each participant connecting to the Live Meeting service will use the most efficient method of the previous two options, based on what is permitted by their firewall policy.


Part II: Security Features for Conference Center Administrators

Office Live Meeting includes several features to extend security, which help administrators configure Office Live Meeting in a secure manner by restricting memberships, enforcing passwords and meeting keys, and setting policies.

Corporate Software Installation PoliciesTo help safeguard desktops and computer networks, some corporations enforce policies that restrict installation of the software to administrators. In previous versions of the Windows-based Live Meeting client, a user was required to be a member of the local Administrators group to install the client. In this version, a user-mode Windows-based client can be installed without requiring Administrator credentials; however, the user will not be able to import documents, such as Microsoft® Office Word or Microsoft® Office Excel® spreadsheet software documents, which use the MODI print driver.

Web-Based Client

To best meet both the needs of system administrators and the needs of Live Meeting users, Live Meeting offers two different meeting client options. If an end user is running an operating system other than Windows or otherwise cannot install the software that is required to run the Windows-based Live Meeting client, the user can still use the Web-based meeting client. Both the web client and the client side application enforce the various security measures in place to protect the confidentiality and integrity of the meeting content. For more information about the Windows-based meeting client and the Web-based client, please refer to the Microsoft Office Live Meeting Administrator’s Guide.

Managing MembershipsThere are three different types of Live Meeting user roles—Administrator, Organizer, and Member—each with a specific set of user rights. This section is addressed to members in the Administrator role, who can create and manage memberships.

When you create a new membership, you assign it a user role. Live Meeting grants access to conference center features by user role. It is therefore important to assign an appropriate user role to each new membership in the Live Meeting account.

Table 2 below describes all the privileges that can be assigned to a user role. An X denotes a privilege that is enabled for a user role by default. An administrator can modify the privileges associated with a

NoteUser mode installation is not supported on Windows Server 2003.

NoteOrganizers with Administrator privileges in previous versions of Live Meeting inherit the role of Administrator in this version of Live Meeting.

http://www.microsoft.com/downloads/details.aspx?familyid=B46977D2-1D2C-40EA-8C83-793B85413859&displaylang=en


user role at any time. An administrator can also grant or deny to individual users the right to access specific features.

Table 2. Default user role privilegesPrivilege Administrato

r Organizer Member

Account Administrator Rights XAddress Book X XMeetings - Schedule Meeting and Meet Now X X

Meetings - Meet Now Only

Print to PDF – Presenters Only

Print to PDF – All Participants X XApp Sharing – Single Application Only X XApp Sharing – Desktop and Single ApplicationCustom Frame X XRecordings – Create and Manage recordings X X

Recordings – Manage Existing Recordings Only

Creating a MembershipYou create a membership to provide an individual in your organization with access to Live Meeting. The type of membership that you create for an individual will determine the level of access that the user has to Live Meeting features. For example, if you want to allow a user to schedule meetings, you would create a membership in the Organizer role. If you plan to control access to meetings with an access control list (ACL), you will also want to create memberships in the Member role for those who will only attend meetings.

To create a new membership1. Log on to the Live Meeting conference center with an account that is in the Administrator

role.

2. On the My Home page, in the Administer section, click Account.

3. On the Account Administration Home page, click Memberships.

4. On the Administer Memberships page, click Create New Member.

5. In the Member Details section of the Create New Member page, in the appropriate boxes, type the user ID (user name), full e-mail address (such as [email protected]), and first and last name of the member you want to create.

6. In the Password box, type the password for the membership. In the Confirm Password box, retype the password.

mailto:[email protected]


7. Optionally, in the Bill To text box, type the administrative code that your organization will use to bill the member’s use of the Live Meeting service.

8. To send a system-generated welcome e-mail message to the member, select the Send Welcome E-mail check box. The message will contain the member’s user login and password.

9. In the Time Zone list, click the time zone where the member is located.

10. Under Member Privileges, in the Role list, click the Live Meeting role that you want to assign to the new member.

11. If you selected the Administrator role, to allow the member to make administrative changes to his or her own account, select the Account Administrator Privileges check box.

12. If you selected the Organizer or Administrator role, to allow the new member to view the Live Meeting address book, select the Address Book check box.

13. If you selected the Organizer or Administrator role, to allow the member to schedule meetings, in the Meeting Types list, click Schedule Meeting and Meet Now. To prevent the member from scheduling meetings, click Meet Now Only.

14. If you allow the member to schedule meetings, select or clear the appropriate check boxes to allow or deny the member the ability to use the following Live Meeting features in meetings the member schedules:

Application Sharing. If you enable this option, use the Application Sharing list to specify whether the member can share only a single application or share the desktop and a single application.

Print to PDF. If you enable this option, use the Print to PDF list to specify whether all participants or only presenters can print slides and other documents associated with the meeting as Adobe Acrobat files (.pdf).

Custom Frame. This feature allows the member to include a custom streaming media frame in the meetings that this member organizes.

Recording to server. If you enable this option, use the Recording to server list to specify whether the member can only manage existing recordings or create new recordings and manage existing recordings.

Recording to participant’s computer. If you enable this option, use the Recordings list to specify whether to only allow presenters to record or to allow presenters to record and permit attendees to record.

15. To add the member to a group, under Member Groups, in the Available Groups list, click the group to which you want to add the member, and then click Add.

16. Click Submit.

Restricting MembershipsAll users whose membership is in the Administrator role can access settings that affect your organization’s Live Meeting account. Administrators can create new memberships and modify privileges on user roles or on existing memberships. It is important to manually monitor the Administrator memberships that are created on the account in order to prevent abuse of the privileges entrusted to the Administrator role. Consider limiting the number of memberships in the Administrator role.

You can restrict or deny a user’s access to the Live Meeting conference center by changing the user role associated with the membership. For example, a user in the Member role cannot create new meetings but can access any existing meetings or recordings associated with the user login.


If an individual leaves your organization, you must delete not only the individual’s network account but also his or her Live Meeting membership. However, when you delete a membership, the meetings and slide sets associated with the membership are also deleted. For this reason, you might prefer instead to restrict a user’s access to the conference center by changing the user login and password of the membership. If you change only the password, the user can still use the automated password reset tool to reset the password and regain access to the account.

Enforcing Password and Meeting Key PoliciesAdministrators can control the level of complexity required for users’ passwords. For new conference centers, the default requirement is that passwords contain at least one capital letter. Administrators can implement additional requirements, as discussed below in the section, “Conference Center Account Policies.” The more complexity rules that are required by the administrator (configurable by using a set of check boxes in Live Meeting Manager), the stronger the passwords and the greater likelihood that your Live Meeting account security will not be breached because a hostile user determined a member’s password.

We recommend that you enforce complex passwords and require users to change their passwords periodically. Administrators can reset passwords for individual member accounts.

Password and meeting key policies are described in detail in the following section.

Live Meeting PoliciesLive Meeting policies impose specific security measures with no further action on your part. Conference center account policies affect all users who log in to your conference center account. User role policies affect all users whose memberships are in a specific role.

You can also specify exceptions to policies for individual Live Meeting members.

Conference Center Account PoliciesCertain features must be enabled as part of the conference center account policies before they are available as options to meeting organizers. The policies affect all users of the conference center. Live Meeting conference center account policies fall into the following categories:

Meeting policies

Password and meeting key policies

Audio policies

Meeting PoliciesFeatures that can be enabled or disabled at the conference center account level are: enforced content expiration, meeting lobby, and recording. Figure 1 below shows the Edit Meeting Policies page.


Figure 1 The Edit Meeting Policies page

The Edit Meeting Policies page contains the following features:

Content Expiration. Enforce content expiration in order to automatically delete meeting resources from the server at a set time after meetings have ended. If you do not enforce content expiration and an organizer does not enable content expiration for a meeting, the meeting resources will remain on the server until the organizer manually deletes them.

Meeting Lobby. The Meeting Lobby is a space where people can request to join a meeting when either they do not have an invitation or they have been invited, but the meeting is locked. The Meeting Lobby is similar to a no reservation audio conference, in which attendees can attempt to join a meeting at any time, regardless of their invitation status.


The security risk inherent to the Meeting Lobby is that anyone can enter the Meeting Lobby without providing a meeting key. Because Live Meeting does not authenticate users who appear in the Meeting Lobby, you have to rely on other means, such as the telephone, e-mail, or instant messaging, to verify the identity of the person requesting access to the meeting from the Meeting Lobby.

You can instruct organizers on the risks and appropriate use of the Meeting Lobby, or you can disable the Meeting Lobby feature. If you disable the Meeting Lobby at the conference center account level, it is not available as an option for organizers to choose when they schedule meetings.

Recordings. Recordings are not encrypted while stored on the service, nor are they encrypted in transit. Disable recordings if you are concerned about storing potentially confidential or sensitive information in any form on the Live Meeting service.

Enable recordings in order to allow presenters to record their meetings. If you enable recordings as part of the conference center account policies, organizers can enable recording when they configure meeting options. Even when recording has been enabled for a meeting, the meeting is not recorded until a presenter manually starts recording.

Organizers can permit meeting participants to only view recordings on the server unless you explicitly allow organizers to permit meeting participants to also download recordings.

Handouts. A feature of this release is the ability for organizers or presenters to upload handouts to a meeting, which can be downloaded by attendees to their own computers. Administrators can choose whether to allow this feature for their conference center, and then specify the file types that are allowed. While stored on the service, handouts are protected via encryption.

Password, Meeting Key, and Recording Key PoliciesPassword, meeting key, and recording key policies determine whether or not users can change their own passwords, whether passwords are required to be complex, and whether only server-generated meeting keys and recording keys are valid. Password, meeting key, and recording key policies also dictate the minimum length and complexity requirements for passwords and keys.

Complexity requirements apply to both passwords and keys. If the password and key policies for the conference center do not have sufficient complexity requirements, meeting organizers can potentially schedule meetings with meeting and recording keys that are easy to guess. Complex keys help make it more difficult for unauthorized and uninvited persons to join a meeting.

To edit password, meeting key, and recording key policies1. Log in to the Live Meeting conference center with a membership that is in the

Administrator role.

2. On the My Home page, in the Administer section, click Account.

3. On the Account Administration Home page, click Roles and Policies.

4. Next to Password and Meeting Key Entry Code/Recording Key Policies, click Edit.

5. Select the following check boxes for each policy that you want to enable:

Allow users to change their passwords

User passwords must meet additional complexity requirements

Meeting Entry code and Recording Key must meet additional complexity requirements

Only the Meeting Entry Codes and Recording Keys generated by the server are valid


6. Under Additional Complexity Requirements, in the Minimum Length box, type the minimum number of characters required for passwords and meeting keys.

7. Select the following check boxes for each complexity requirement that you want to enable:

Meeting Entry Code, Recording Key and Password must contain at least one number

Meeting Entry Code, Recording Key and Password must contain at least one uppercase letter

Meeting Entry Code, Recording Key and Password must contain at least one lowercase letter

Meeting Entry Code and Recording Key cannot contain the meeting ID; passwords cannot contain the user ID

Meeting Entry Code, Recording Key and Password must begin and end with a number or letter

Meeting Entry Code, Recording Key and Password must contain at least one character from the set `~!@#$%^&*()_+-={}|[]\:";'<>?,./

8. Click Submit.

Audio and Video PoliciesUse audio and video policies to enable the following audio and video features for participants:

Enable Join Conference - Participants can have their conference provider call their phone. If your audio conferencing producer supports the Join Conference feature, you can use audio policies so that meeting participants can have the Live Meeting service call them. E-mail invitations for meetings where the audio is supplied by the Join Conference feature or traditional phone conferencing include the phone number and participant code. If the e-mail invitation is accidentally forwarded by a meeting participant, the result could be unwanted participants on the conference call.

Enable computer audio conferencing from this Conference Center. This option makes the Computer Audio Conferencing feature available to members of the account for use in their meetings.

Enable one way Internet Broadcast Audio from this Conference Center. This option makes the Internet Audio Broadcast feature available to members of the account for use in their meetings. If a meeting is configured to use Internet audio broadcasting, no meeting phone numbers or participant codes are included in the e-mail invitation. If Internet audio broadcasting is used, the only way to receive audio from the meeting is to join the Live Meeting. This option is available only if your account has licensed the Internet Audio Broadcast (IAB) feature.

Enable Active Presenter Video for this Conference Center. This option allows members of the account to allow the active meeting presenter to show their video in the meeting.

Enable Publishing of Leader Code to presenters in meeting invites and console. This option allows members of the account to publish the leader audio code in the e-mail invitations and meeting client.

Conference Center Account PreferencesAccount preferences specify for all members in your organization’s Live Meeting account the default meeting size, streaming media custom pane URLs, audio preferences, invitation preferences, and recording preferences. For example, invitation preferences and recording preferences affect Live Meeting security.


When you configure invitation preferences as part of the account default preferences, you can enable integration with Outlook so that meeting organizers can send invitations from their own e-mail program. By using an e-mail program to send the invitation, the organizer can encrypt the invitation using whatever encryption methods the e-mail program supports.

The recording preferences that are configured as part of the account default preferences specify whether all meeting participants or only the meeting organizer and Live Meeting administrators can use meeting entry information to view recordings of a meeting. Organizers and Administrators can always grant access to recordings to individual users.

User Role PoliciesYou can set policies for a specific user role to enable or disable the following functions and features:

Address book

Scheduled and Meet Now meetings

Printing to PDF

Application sharing (giving control to another attendee)

Custom frame

Recording to Live Meeting servers

Recording to participants’ computers

If you disable a function or feature with a role-level policy, none of the members in that role will see the feature on the Meeting Options page unless you override the policy on a per-user basis. Functions and features for specific roles are selected on the Edit Role page, as shown below in Figure 2.


Figure 2 The Edit Role page

The Edit Role page contains the following features:

Account Administration. In Live Meeting, user role policies are used to define the default settings for a particular user role. When you enable Account Administration privileges, you effectively give either the Organizer or Member role the same access to Live Meeting as the Administrator role. If it is necessary to grant administrator privileges, we recommend that you assign an individual member to the Administrator role, instead of applying the Account Administration setting to all members with the same user role.

Address Book. When you enable the address book, members can view the account address book and select names from the address book to create meeting invitations. They can also create a personal address book, to which they can add names of people who are not members of the account.


Meeting Types. You can configure a user role to have access only to the Meet Now meeting room, or you can allow all users with a certain user role to also schedule meetings. By default, only members in the Organizer or Administrator role can schedule meetings.

Application Sharing (give control). If you are concerned about users inadvertently sharing control of their computers, you can disable application sharing control altogether. If you enable application sharing control, you need to specify what kind of application sharing control that members in a user role can perform. You can limit members in a role to sharing control of only one application at a time, or you can allow them to share control of either the desktop or a single application.

Print to PDF. If printing is enabled, meeting participants can save a copy of meeting slides to their local computer. Print to PDF filenames are randomly generated and are securely removed after 12 hours. If you enable Print to PDF as a meeting option, the organizer of a meeting can still disable it for individual meetings. If you do not want to disable printing account-wide, you should educate meeting organizers about when and how to disable printing for individual meetings.

If you enable printing, you have to specify who can print meeting content. You can allow all participants of meetings that are organized by members with a particular user role to print the content of those meetings, or you can allow only presenters in the meetings that are organized by members with this user role to print meeting content.

Custom Frame. You can allow members in a user role to include a custom streaming media frame in the meetings that they organize. The custom frame can be used to display any content to meeting participants that can be passed through an HTTP or secure HTTP (HTTPS) Web page, including interactive surveys and streaming video and audio. Users can opt to use the custom frame to display different streaming media to Attendees and Presenters. We recommend that you display only secure HTTP (HTTPS) Web pages in the custom frame.

Recording to server and Recording to participant’s computer. Recordings capture the meeting content so that it can be viewed later. Recordings are not encrypted. If you are concerned about storing unencrypted content on the server or if you are concerned about people accessing meeting content after a meeting ends, consider using account or user role policies to disable recording.

If you want to allow recording for some meetings, you should educate organizers and presenters about recordings. For example, you can use client-side recording so that participants can download recordings locally so that they can be hosted inside your corporation’s firewall.

NoteAdding a name to a personal address book is a convenience for the user, but it does not give nonmembers of the Live Meeting account any privileges on the Live Meeting conference center that you, the administrator, do not give them.


You can grant rights to record meeting content according to user role. You can either grant members in a particular user role the right to only manage existing recordings or the right to create and manage recordings.

Individual Member PrivilegesThe features that you have enabled or disabled by using user role policies can also be enabled or disabled for individual members. When you edit an individual membership, you can also reset the user’s password. The privileges that you grant to an individual membership take precedence over the privileges that are assigned by user role or for the entire conference center account, unless you edit the user role later and use the option that overwrites settings for all existing users assigned to that user role.


Part III: Security Features for Meeting Organizers and Attendees

Office Live Meeting offers a number of features that help you conduct secure meetings. This section provides tips and best practices for scheduling and conducting secure meetings.

Scheduling a MeetingIf your membership is in the Administrator or Organizer role, when you schedule a Live Meeting, you can invite anyone with an e-mail address and, potentially, anyone with access to the Internet. However, you can enhance the security of your meeting by following these best practices when you schedule your meetings:

Use an access control list (ACL) to control who can attend a meeting.

Limit the information that you provide in the meeting invitation.

Make prudent use of the Meeting Lobby.

Access Control List (ACL)Scheduling a meeting by using an ACL comprising only members of your conference center account ensures that only those who have a membership in your Live Meeting account and who have specifically been invited can enter the meeting. You specify whether to use an ACL on the Meeting Options page, in the Entry Control sections, as shown below in Figure 3.


Figure 3 Meeting Entry Control

Using an ACL helps ensure that only those people with a membership on your account can get into the meeting. An ACL works well for any meeting where the attendees are all employees of your organization. If you want to invite people outside the organization, such as business partners, to an ACL-controlled meeting, you can create memberships in the Member role for them. Those users will only be able to attend meetings to which organizers have invited them.

To invite people to your meeting, type the full e-mail addresses or group names of the invitees, or click the Attendees or Presenters link in the meeting invitation to select the names from the account address book as shown below in Figure 4. After you list all people who you want to invite to the meeting and click Submit, you can then send invitations to these people as the next step.


Figure 4 The Address Book page

Sending InvitationsWhen you send meeting invitations, you should think about the security of audio conference information, meeting ID or meeting key information, and the privacy of meeting invitees.

Consider not including the phone number for the audio conference in the meeting invitation. Instead, you can share the audio conference information by displaying it on a text slide within the secure context of the meeting. Anyone who sees the slide has presumably joined the meeting after receiving an invitation and therefore can be considered pre-authorized to join the audio conference.

You can remove the phone information from the Meeting Options before you send the e-mail invitation. Omitting the audio conference information helps ensure that if the e-mail invitation is accidentally forwarded by a meeting participant, the audio portion of the meeting is not compromised.

If you include the phone information in the e-mail invitation, the leader code is not included. The audio conference leader code should be used only by the meeting organizer and any presenters who need to control the meeting.

If you do not use an ACL to limit attendees, the Live Meeting service sends a plain-text e-mail message that contains the meeting ID and meeting key. This message also lists all invitees on the To line. If you are concerned about the security of this meeting information, you can take advantage of the encryption capabilities built into your own e-mail program. By using Live Meeting Service Release 1 (SR1) or later, you can send e-mail invitations from your own e-mail program. Live Meeting Manager creates a template from which you can copy the meeting information and then paste it into a message in your own e-mail program, which you can encrypt by using Pretty Good Privacy (PGP), Secure Multipurpose Internet Mail Extensions (SMIME), or whatever encryption your e-mail program supports. By using your own e-mail program, you can also move invitees to the Bcc line so their names are not visible.


Meeting LobbyPeople without an invitation, as well as invitees who are locked out of the meeting, can use the Meeting Lobby to try to join your meeting. The Meeting Lobby, however, does not authenticate the individuals who enter it, so you need to use some other means, such as a phone call or an e-mail or instant message, to verify the identity of the person who is trying to join the meeting.

Conducting a MeetingAfter your meeting is in session, you can help secure it by following these best practices:

Verify meeting attendance.

Disable or do not use features that you do not need.

Verifying Meeting AttendanceIf the meeting organizer has set up the meeting to use an access control list (ACL), only those who have a membership in your Live Meeting account and who have specifically been invited can enter the meeting. You can see who has actually joined the meeting by viewing the participant roster in the meeting console, as well as by using the Support Control Panel in Live Meeting Manager. The participant roster lists the names of participants. For meetings that do not use an ACL, the participant roster and the Support Control Panel display participants’ names exactly as the participants provided them upon entry into the meeting. The Support Control Panel is accessible from the Meeting Details page of scheduled or Meet Now meetings.

In addition to listing the user name of each participant, the Support Control Panel in Live Meeting Manager provides you with the following information about each computer that is connected to the meeting:

User status

Browser version

Operating system and version

Java software version (if using the Web-based meeting console)

Transport type

IP address

You can use the Support Control Panel to disconnect an individual user from the meeting.

You can grant access to individuals to join a locked meeting by using the Meeting Lobby. You can either configure the Meeting Lobby to notify you with a visual alert when new participants enter the Meeting Lobby or you can periodically check to see if someone new has attempted to join the meeting.

You can also use the Support Control Panel to end the session and thereby disconnect all participants from the meeting.

To view the Support Control Panel1. Log on to the Live Meeting conference center.

NoteWhen you disconnect a user from the meeting, that user can still rejoin the meeting. The only way to prevent the user from rejoining the meeting is to lock the meeting, but doing so will also prevent any other new participants from joining the meeting.


2. Click the subject of the meeting for which you want to view the Support Control Panel.

3. Under Actions, click Support Control Panel.

4. Use the scrollbar to access all panel options.

Controlling Meeting ContentOne of the ways in which you can control the security of meeting content is by limiting the access that participants have to the content. Meeting content can be viewed, recorded, or printed. By restricting any one of those levels of access, you make it less likely that meeting content will end up in the wrong hands.

Disabling Print to PDFWhen printing is enabled, meeting participants can save meeting content to an Adobe Acrobat (.pdf) file, which creates files in the Live Meeting service. If you prefer that files be hosted inside your organization’s firewall, you can disable printing to PDF and instead use client-side recording. By doing so, participants can save meeting content by recording the meeting and saving it locally.

Meeting participants can also potentially redistribute a .pdf file at will. If you are concerned about allowing meeting participants to redistribute content, you can disable printing for the meeting. If you allow printing in a meeting, you should expressly state to meeting participants the level of confidentiality that you want to impose on the meeting contents. Printing to PDF creates files in the Live Meeting service. If you want to restrict the content that is hosted in the Live Meeting service, you can use client-side recording so that participants download recordings locally so that they can be hosted inside your corporation’s firewall.

To disable printing in Meeting Options1. Log on to the Live Meeting conference center.

2. Schedule a new meeting, or click the subject of an upcoming meeting for which you want to disable printing.

3. Click Meeting Options.

4. Click Additional Features.

5. Clear the Printing to PDF check box, and then click OK.

To disable printing in the meeting console1. Click Attendees, and then click Attendee Permissions.

2. Clear the Print to PDF box, and then click OK.

Controlling RecordingsRecordings capture the audio, video, slide, application sharing, and shared notes content of meetings so that they can be viewed later. If you are concerned about who might access meeting content after a meeting is over, consider disabling recording for the meeting.

When recording starts, a pop-up window appears on attendees’ computers to indicate that the meeting is being recorded. When you are in a meeting, you can see that a meeting is being recorded by looking in two places in the console: in the Recording toolbar (shown below in Figure 5), where the counter shows the current length of the recording, and in the status bar of the Live Meeting console (shown below in Figure 6), which displays a red recording indicator.


Figure 5 Live Meeting Recording toolbar

Figure 6 Live Meeting status bar

Meetings are not automatically recorded; depending on the meeting recording options, a presenter can start and stop a recording, or an attendee can start and stop a recording if given permission to do so.

Strategically Using Application SharingIt is important to think about the methods that you use to share content in meetings. For example, you can recommend that users use application sharing to share sensitive documents instead of using the Upload File feature. If you use the Upload File feature, the shared document is included in the meeting resources (but it can be deleted after uploading). If you use application sharing, the content is unavailable as soon as application sharing is stopped.

If you are concerned about putting content on the server, even if only for the length of the meeting, consider using application sharing. Application sharing is a feature of Live Meeting that captures screen images of the Presenter’s computer and sends them to each meeting participant. The meeting participant hosting the application sharing session can share the entire desktop or only a single application.

It is possible to share more than is intended when you use application sharing. If you share a program, you are sharing all documents that are currently open in the program. For example, if Microsoft Word is your e-mail editor, when you share Word, you also share any open e-mail messages.

All windows that are shared during a single application sharing session have the Currently Sharing label in the Title bar. Windows that are shared during an application sharing session are also highlighted on your desktop, while those that are not shared are dimmed.

When you share your desktop, you can share any program that is running on your computer. Even when only one program is visible during a desktop application sharing session, meeting participants can still see all the programs that are currently running if you are using Windows and participants can see the taskbar. To limit the risk of unintentionally sharing something on your computer, close programs or documents that you do not need before starting application sharing. Other options include sharing a single program or using the sharing frame instead of sharing your desktop. The content sharing menu is shown below in Figure 7.

Figure 7 Content Sharing dialog box


Another application sharing option is to use the Sharing Frame. The Sharing Frame is a moveable, resizable window that will share only what is contained within the window.

Sharing ControlSharing control of an application is allowed by default. Sharing control can be initiated by any presenter in a meeting, but attendees must be granted permission to control an application sharing session. When you organize a meeting, you can prevent presenters from granting control of application sharing by disabling sharing of control in the meeting options. If you do not want to prevent presenters from sharing control altogether, you can allow presenters to grant limited control of application sharing, such as when a single application is being shared. Furthermore, when configuring whether or not presenters can share control, you also decide whether or not meeting participants can request control of application sharing.

Meeting AudioOffice Live Meeting uses Secure Real Time Transport Protocol (SRTP) to transport audio and video.

Ending MeetingsBefore you perform post-meeting resource management, you can help protect meeting content by explicitly ending meetings when they are over. Presenters can leave a meeting without actually ending the meeting, and as long as the meeting is still open, attendees can remain in the meeting or return to the meeting later and access any content that is still a resource in the meeting.

To end a meeting In the Live Meeting console, on the File menu, click Exit and End Session.

Managing Post-Meeting and Recording ContentAfter a meeting ends, there are a few more security measures to consider, such as deleting meeting resources, deleting the meeting itself, and downloading a meeting recording locally. As long as a meeting exists on the conference center server, its content can be accessed by someone who has the meeting information. It is therefore important for you to think about how to manage post-meeting content. For recordings, you should also consider when the recording should be deleted from the server.

Setting Content ExpirationIf it is important that meeting content no longer be accessible after a meeting is over, you can enable content expiration for the meeting. If you do, Live Meeting automatically deletes content at a specified interval after the meeting has ended. After the content expires, users can no longer access resources that are still associated with the meeting. You can also set expiration for published recordings.

To enable content expiration for a meeting1. Log on to the Live Meeting conference center with a membership that is in the

Administrator or Organizer role.

2. Schedule a new meeting, or click the subject of an upcoming meeting for which you want to configure content expiration.

NoteWhen the host of an application sharing session grants control to another meeting participant, he or she is essentially giving control of his or her computer to someone as if that person were physically present. Ensure that all presenters in the meetings that you organize understand and acknowledge this risk.



4. Click Expiration.

5. Under Meeting Expiration, under Set the amount of time to wait before deleting meeting and contents, click the check box.

6. In the box, type the number of minutes, hours, days, or months that you want to pass before the meeting content is permanently deleted from the conference center server.

7. Click the arrow and select a time unit: minutes, hours, days, or months.

To enable a recording expiration1. Log on to the Live Meeting conference center with a membership that is in the


2. Schedule a new recording, or click the subject of an existing recording for which you want to configure expiration.


4. Click Expiration.

5. Under Meeting Expiration, under Set the amount of time to wait before deleting published recordings, click the check box.

6. In the box, type the number of minutes, hours, days, or months that you want to pass before the recording is permanently deleted from the conference center server.

7. Click the arrow and select a time unit: minutes, hours, days, or months.

Manually Removing ResourcesYou can also manually remove individual resources from a meeting if you want some content to remain on the server and remain associated with the meeting.

To remove individual meeting resources1. In the meeting console, in the Content pane, click Options, and then click Manage.

2. In the Manage Content dialog box, right-click the resource that you want to delete, and then click Remove.

Handling Meet Now ContentSpecial attention should be paid to Meet Now meetings because they are, by nature, always on the conference center server. If you use your Meet Now meeting room with many different people, you need to ensure that content from one Meet Now meeting is not left to be seen by attendees of a later Meet Now meeting.

Deleting the Meeting ItselfIf you do not need to retain any information from the meeting, you can delete the meeting from the conference center server to prevent anyone from joining the meeting later to review its content.

To delete a meeting1. Log on to the Live Meeting conference center with a membership that is in the


2. In the navigation pane, under Manage, click Meetings to display a list of the meetings you have organized.

3. Next to the meeting that you want to delete, select the check box.

4. Click the Delete button.

5. Click OK to confirm the deletion.


All slide sets loaded for the meeting and any slides created for the meeting are deleted. If the meeting is still active, it is immediately stopped. Saved recordings of the meeting are not deleted. You can, however, delete them as described in the following section.

Deleting a Recording You can delete a recording from the conference center server. Note that instead of saving a recording on the conference center server, you can save a recording locally without worrying about confidential material being stored on the Live Meeting service.

To delete a recording1. Log on to the Live Meeting conference center with a membership that is in the


2. In the navigation pane, under Manage, click Recording to display a list of the recording you have created.

3. Next to the recording that you want to delete, select the check box.

4. Click the Delete button.

5. Click OK to confirm the deletion.

Documents

Microsoft Office Live Meeting Service Security Guidedownload.microsoft.com/.../Live_Meeting_2007_R2_Securi… · Web viewPrint to PDF. If you enable this option, use the Print to