VuCall is a public cloud service and leverages the cost and flexibilty advantages of using the internet. But we also recognize the importance of protecting sensitive information transmitted over this medium from would-be hackers with malicious intent. Therefore we have a comprehensive security strategy designed to guard the integrity of your network and keep your communications and private information safe.

Key Security Features

• Password hashing in database
• New component blocking for spoof prevention
• Hardened Linux based appliances for component access control
• Optional firewall traversal using built-in proxy software
• Optional explicit IP-to-IP firewall traversal using cascaded router deployment
• Encrypted token technology for session security
• No login information kept at the desktop

The following features can be deployed as an option at extra cost.

• AES-128 bit media encryption
• HTTPS with certification login
• TLS with certification for signalling

Depending on the specific deployment model, VuCall provides optional methods of secure firewall traversal, enabling organisations to leverage the public network to provide connectivity for mobile end users without compromising the integrity of the private network or requiring additional expensive equipment. 

For implementations where the necessary range of UDP ports are opened on the company network, the desktop client uses industry standard ICE/STUN to negotiate UDP ports directly with VuCall’s hosted router. These same protocols are employed for NAT traversal.

For implementations where the UDP ports are closed on the company network, the proxy solution overcomes these blocking issues in a secure fashion by tunnelling on port 443 using industry standard TCP. The desktop client is able to auto-detect if firewall blocking is taking place and automatically switch to the proxy configuration as needed. If the firewall configuration is known, auto-detection can be easily overridden. The proxy client software is included with the desktop client application and VuCall runs the proxy server software on its hosted platform. The same proxy client and server software modules are also able to traverse Web Proxies, enabling full integration with existing web proxy devices.

Whether you utilize a desktop or meeting room style end point, your VuCall meeting room is the core of your virtual office. Just as with a physical office, you may want to have an open door policy for your VuCall meeting room where anyone with an account can drop in any time, or you may wish to “close the door” to your meeting room and selectively control access. VuCall affords you the flexibility to do both. If you prefer open door, you need not do anything.

If you wish to control access, you have the ability to define a PIN for your room and share it only with the people that you want to have access to your room.

Additionally, if you take advantage of “guest linking” to your room (inviting an unregistered user to join your conference room via hyperlink), every user has the ability to change their hashed hyperlink to their personal meeting space as frequently as desired.

Once in conference, the virtual room owner has the ability to “lock the door” so that no additional participants may enter.

“Spoofing” refers to a tactic used by hackers to “steal” the identity of a trusted component of a network to gain access. VuCall prevents spoofing through a rigorous component authentication scheme. Each machine in the VuCall network has a unique identifier which is communicated to the VuCall server in our data centre over a secure link and is otherwise not accessible. New components added to the network go to the VuCall server for configuration. If the VuCall server does not have a configuration defined for that machine’s specific ID, the machine is blocked from joining the network. 

On the client side, a unique token is generated and encrypted by the VuCall server and sent to the endpoint (desktop or room system) at login over a secured link after the endpoint has sent its unique identifier to the server. The encrypted token is stored at the endpoint and the session is kept alive until the next time the user successfully logs in, whether from the same machine or a different machine, at which point a new token is issued and a new session is started. Each time the endpoint attempts to access the VuCall server for services (such as call initiation), the endpoint presents its session token to the server, ensuring that the endpoint is in fact the machine where the credentialed user last logged in.

VuCall's infrastructure is hosted in a secure Class 4 data centre with 24x7 monitoring and access control. In addition we have Component Access Protection.

The VuCall infrastructure appliances are all Linux based. The security features of Linux are used to prevent hackers from accessing the box itself, and the box is "hardened" by closing all ports that are not relevant or used, making it impossible to access the board without administrator and root passwords.

For customers requiring a higher level of security without tunneling on port 443 VuCall can offer a solution that deploys a single low cost router on each side of the customers firewall to their private network.

The combination of the robust component authentication (see "How secure is the VuCall platform itself?") and a set of explicit IP-to-IP rules on the firewall enable the routers to communicate securely with one another without the performance impact that tunneling on port 443 may have and without compromising the security of the private network.

Regardless of whether your organization deploys a DMZ, VPN or other network topology, VuCall's suite of cost effective firewall traversal solutions integrate with the topology and extend the reach of your video communications beyond the private network securely.

VuCall deploys a range of techniques in its security strategy to maintain the integrity of your network and keep your communications and private information safe. Please see the summary of key security features in the FAQs.

For most customers these measures are sufficient and provide a solution that is inherently secure.

For a customer that must have certification at login combined with media and signalling encryption VuCall can provide this solution as an extra cost feature. The encryption deployed for audio, video and shared content would be AES-128, the highest level in general commercial use today.