Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2311
Views
10
Helpful
1
Replies

Is Cisco Proximity Secure?

Marcos Rodriguez
Level 1
Level 1

‎12-29-2014 12:58 AM

Hi all,

I've tested Cisco Proximity with my Ipad and Iphone in a Cisco MX300-G2 codec and it works fine, but I think that it's a big issue... When I leaved the videoconference room, I return to my desktop (15 meters from the VC room)... and other group of people use the VC... from my desktop I could see the presentation they're sharing in the MX300-G2, and this shared content was sensitive info. So, I maked myself this question: "Is Cisco Proximity Secure?". I think that it'd be possible to configured a "pairing code" when you want to connect with Cisco Proximity, it's easy and safety... What do you think about it?

 

Thanks for your support and thanks for a great job.

 

Regards

 

Marcos

Labels:
0 Helpful
1 Reply 1

Henrik Bakken
Cisco Employee
Cisco Employee

‎12-29-2014 05:00 AM

Hi Marcos,

we aim to make Cisco Proximity both safe and easy to use – those two are often conflicting interests and we have to make trade-offs. Let me first give a more general background;

Our internal testing shows that pairing will not work if you are outside the "audible area" of the system you try to pair with. Eg; if the door to the meeting room is closed, even if I'm standing right outside the room – my devices won't pair. The pairing security is mostly based on an inaudible sound token we send from the system. There is a way to tweak/manipulate the signal strength of this, but with all normal settings, a closed door should be more than enough to stop the pairing from happening.

In order to reduce false "drop-outs" (eg you cover or turn the microphone away from the system), we have a "grace period" of about 90 seconds between each re-pairing. This means, if you walk out of the sound coverage (eg. leave the room and close the door), all your paired devices should disconnect within 90-180 sec. In this period, you will still see content shared from the room.

We have considered a boatload of additional security measures, like PIN-codes, a dialog on the touch panel for accepting each new paired device, NFC, QR codes, changing codes on the endpoint screen etc. Our evaluation is that they all deliver a significantly decreased user experience while not improving security a lot (I could for example peak into the meeting room through the window to see the PIN).

As we approach the release of Cisco Proximity (as you know, it is currently still only an experimental feature), we plan have the following measures in place to provide a good balance between security and usability:

  • OSD (on-screen-display) notifications of all connections (everyone in the room can see who connects)
  • An intuitive way to temporarily disable Cisco Proximity for a particular session (eg; if I am going to share confidential information, I can disable pairing and content viewing for all users in the room)
  • A simple way to see all connected "Proximity-devices" on the touch interface in the meeting room (this item is on roadmap, so might be delayed for a later release)
  • And; the administrator can of course still control all rooms for Proximity on or off, and even tweak the audio levels sent for special scenarios

 

So - back to your question in particular (and sorry for my TL;DR-response here...) - when you are at your desk; can you *initiate* a new pairing if you have not yet been paired to the room for say 5 minutes? With a closed meeting room door?

If your concern is that you could pair inside the room, then run back to your desk, and still see content for a few minutes (the 90-180 sec timer described above), that is by design, and again a trade-off between good usability and adequate security.

 

Br,
Henrik

 

Customers Also Viewed These Support Documents