Microsoft Office Live 2007 R2 Meeting Service Security Guide Published: August 2008 Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2007 Microsoft Corporation. All rights reserved. Microsoft , MSN, Outlook, PowerPoint, Visio, and Windows are trademarks of the Microsoft group of companies. Microsoft, MSN, Outlook, PowerPoint, Visio, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners. Contents Contents ...................................................................................................................... 3 Introduction ................................................................................................................. 1 About This Guide ................................................................................................... 1 Part I: Office Live Meeting Security ............................................................................ 2 Access Security ..................................................................................................... 3 Meeting Ownership ........................................................................................ 3 Access Control ................................................................................................ 3 Participation Control ....................................................................................... 4 Content Control............................................................................................... 4 Schedule Privacy ............................................................................................ 4 Attendance Tracking ...................................................................................... 4 Content Storage Security...................................................................................... 5 Persistent Content .......................................................................................... 5 High Performance ........................................................................................... 5 Software Security ........................................................................................... 5 Hosting Infrastructure Security ............................................................................ 6 Physical Security ............................................................................................. 6 Dedicated and Certified Security Personnel ................................................. 6 Third Party Certifications ................................................................................ 6 Data Transmission Security ................................................................................. 6 Encryption ....................................................................................................... 7 Firewall Policy and Auto Sensing Technology ............................................... 7 Part II: Security Features for Conference Center Administrators ........................... 10 Corporate Software Installation Policies ........................................................... 10 Web-Based Client................................................................................................ 10 Managing Memberships ..................................................................................... 10 Creating a Membership ................................................................................ 11 Restricting Memberships ............................................................................. 12 Enforcing Password and Meeting Key Policies ........................................... 13 Live Meeting Policies .......................................................................................... 13 Conference Center Account Policies ........................................................... 13 Conference Center Account Preferences .................................................... 16 User Role Policies ......................................................................................... 17 Individual Member Privileges ....................................................................... 19 Part III: Security Features for Meeting Organizers and Attendees ......................... 20 Scheduling a Meeting ......................................................................................... 20 Access Control List (ACL).............................................................................. 20 Sending Invitations ....................................................................................... 22 Meeting Lobby .............................................................................................. 23 Conducting a Meeting......................................................................................... 23 Verifying Meeting Attendance ...................................................................... 23 Controlling Meeting Content ........................................................................ 24 Managing Post-Meeting and Recording Content ........................................ 26 Introduction The Microsoft® Office Live Meeting service provides a central access point for all meeting participants. Regardless of whether they are at the office, on the road, or at home, participants can connect to a Live Meeting session hosted on the Internet. This flexibility, however, is accompanied by some unique security challenges. Some meetings contain confidential material and therefore require special attention with regard to who can access the meeting and how to safeguard the meeting content. The Office Live Meeting service, from meeting access to data storage and transmission, was designed in an environment of security awareness, and built-in security features allow conference center administrators, meeting organizers, and meeting attendees to extend security. This document provides an overview of the security issues that you should consider when you use the Live Meeting service, the Live Meeting security measures available to you, and the procedures for scheduling and conducting secure meetings. About This Guide This guide discusses security for the Office Live Meeting service from different perspectives, from the security considerations that are built into the service to help secure critical data, to the features and best practices for managing attendance and conducting meetings. It is divided into three parts: • Part I is written for the technical decision maker who is responsible for ensuring that the product meets the organization’s security requirements. It discusses the security considerations that were designed into Office Live Meeting and the various controls that are available to the organization. • Part II is written for the administrator of the organization’s Office Live Meeting conference center. It helps administrators configure Office Live Meeting in a secure manner by providing information about restricting memberships, enforcing passwords and meeting keys, and setting policies. • Part III is written for meeting organizers and attendees. It provides tips and best practices for scheduling and conducting secure meetings. 222 Microsoft Office Live Meeting Service Security Guide Part I: Office Live Meeting Security Microsoft’s commitment to providing more secure computing environments includes a comprehensive approach to building and delivering products with high security in mind, and helping customers configure and deploy them in a continued state of high reliability. The Trustworthy Computing initiative, described in detail on the Microsoft Trustworthy Computing Web site at http://www.microsoft.com/mscorp/twc , provides the policies and assurances that form the foundation for this security mindset. Trustworthy Computing is necessary to provide an environment that allows the user to feel confident that critical business needs are met without compromising information that must be protected. The Trustworthy Computing initiative defines four goals that all Microsoft products must meet: • Security . Microsoft products are designed to withstand attack by malicious people or programs, while protecting the confidentiality and consistency of the data that the products originate or consume. • Privacy . Microsoft products enable customers