Microsoft Teams

How Teams Mitigates Common Video Meetings Security Threats

  • By The Cloud Factory
  • May 8, 2022

The onset of pandemic enforced- shift to hybrid workspace 2.0 where a majority of the workforce is working remotely. That made video meeting tools indispensable for leaders seeking to build a hybrid working environment in their organizations. Video communication tools and software are extensively being used for regular meetings, collaboration, live training, townhall gathering and other live-streamed events.

However, this comes with its own shares of risks and security threats like meeting hijackings, data thefts, data breaches, data loss, unauthorized access to confidential meetings recordings, and uncontrolled access to conversations to name a few. Therefore, choosing a secure video meeting tool like Microsoft Teams becomes very critical.

Here we list five common security threats and how Teams deals with it.


1. Network Denial of Service Threat

A distributed denial-of-service (DDOS) attack is a cyber-attack meant to shut down a machine or a network by flooding it with traffic, thus preventing legitimate users from accessing the system.

By using a denial-of-service attack, the perpetrator can:

  • Hamper the functioning of the network by sending invalid data.
  • Flood the target with traffic, which overwhelms the system to a point it responds slowly to legitimate requests or stop responding at all.
  • Hide the evidence of the attack.
  • Deprive legitimate users from accessing network resources.

Teams offer comprehensive protection from (DDOS) attacks by running Azure DDOS network protection, and by refusing to entertain client requests from the same endpoints, subnets, and federated entities.



2. Eavesdropping

Eavesdropping, also known as sniffing or snooping, occurs when an attacker obtains admission to the data path in a network. This in turn allows the attacker to snoop on the traffic. A good example of eavesdropping can that be of attack mounted by gaining control of the router on the data path.

Teams encrypts all traffic on the network by employing protocols such as mutual TLS (MTLS) and Server to Server (S2S) OAuth (among other protocols) for server communications.

It also uses TLS from clients to the service, which makes eavesdropping next to impossible within the time period of a single conversation. TLS cannot prevent eavesdropping, but comprehensively prevents the reading of traffic by encrypting it.



3. Identity spoofing (IP address spoofing)

Spoofing refers to the method of an attacker identifying and subsequently using IP address a network, computer, or network component without the requisite authorization.

TLS authenticates all parties and offers complete traffic encryption, which in turn negates the possibility of an attacker indulging in IP address spoofing on a specific connection. Spoofing the address of the Domain Name System (DNS) server though is still possible, but since authentication in Teams is performed with certificates, an attacker is unlikely to have the necessary information to perform a spoofing attack on parties involved in the communication.



4. Man-in-the-middle attack

A man-in-the-middle attack refers to the rerouting of communication between two persons through the attacker’s computer. The communication is read and modified by the user and then sent to the unsuspecting recipients who believe that the communication is coming from an authorized personal. It is made possible by modification of Active Directory Domain Services, which allow the attackers to impersonate their server as a trusted server. Another possible scenario is to modify DNS configuration for mounting this type of attack.

Man-in-the-middle attacks on media traffic is thwarted by employing Secure Real-Time Transport Protocol (SRTP) which encrypts the media stream.



5. Real-time Transport Protocol (RTP) replay attack

A replay attack refers to the interception and then retransmission of a valid media transmission between two parties.

Teams employ SRTP with a secure signaling protocol that defends transmissions from replay attacks by allowing the receiver to maintain an index of RTP packets that have already been received. The receiver than compares each new packet with the indexed packet to prevent RTP attack.


The Robust Security Framework

Microsoft Teams, as part of the Microsoft 365 and Office 365 services, is designed and developed in compliance with the Microsoft Trustworthy Computing Security Development Lifecycle (SDL).

By employing secure design principles from the start, Teams successfully endorses security ideas like Zero Trust, and principles of Least Privilege access. The core elements that form a security framework for Microsoft Teams are:

  • Azure Active Directory (Azure AD), which offers a single trusted back-end storehouse for user accounts.
  • Transport Layer Security (TLS) provides encryption, and the authentication is carried out either through mutual TLS (MTLS), or Service-to-Service authentication based on Azure AD.
  • Secure Real-Time Transport Protocol (SRTP) is employed to encrypt and authenticate Point-to-point audio, video, and application sharing streams.

Final Thoughts

To be honest, like any other technology, Microsoft Teams is not 100% secure. The point to understand is Microsoft Teams depends on the shared responsibility model. Microsoft shares the responsibility for the integrity of the data center’s security, infrastructure and operations while you’ll also have to follow the best practices and protocols.

Let us take care of all your Teams related security needs.
Reach out to us at hello@tcf.cloud and we will be happy to assist you.