Introduction
DTEN ALL IN ONE Zoom Room systems focus on ease of use and out-of-the-box connectivity.
DTEN products can be integrated with Enterprise IT infrastructure but may require additional configuration(s) to co-exist in an Enterprise IT environment.
DTEN supports industry-standard protocols (SSH and TLS), 802.1x, and SNMP. Products are thoroughly tested to ensure stability and compatibility within Enterprise environments.
DTEN frequently reviews the National Vulnerability Database and Common Vulnerabilities and Exposures Database for any applicable security flaws related to DTEN hardware and software products.
DTEN ensures that all critical patches are given the highest priority and provided free of charge.
Assumption
DTEN assumes the following about the operating environment of its systems:
- Administrators are trusted to follow and apply all administrator guidance.
- Administrators are familiar with Windows and Android devices' provisioning and network configuration.
- Administrators are familiar with providing video conference services such as Zoom Rooms and Teams Rooms.
- Physical security, commensurate with the value of the system and the data it contains, is assumed to be provided by the environment.
- Network equipment is secured following vendor-recommended best practices.
- Your organization’s policy does not require dual authorization, as the DTEN ALL-IN-ONE systems are incapable of dual authorization.
Please note: If your organization's policy does require dual authorization, you cannot use a DTEN ALL-IN-ONE system.
- The latest firmware versions for DTEN are installed.
- The latest software versions for Zoom Rooms and Teams Rooms are installed.
- A patch management plan includes regular DTEN firmware, Zoom Software, and Teams Rooms Software updates.
DTEN Product
Hardware
Windows-Based System(s)
- Windows-based products consist of an interactive capacitive touch LED-LCD, camera, microphone line array, and replaceable OPS form factor PC running Microsoft Windows 10 IoT Enterprise, and they are optimized to run Zoom’s Zoom Rooms for Touch. Windows product line is not available on Microsoft Teams Rooms.
Android-Based System(s)
- Android-based products include an interactive capacitive touch LED-LCD, camera, microphone line array, and an ARM-based infrastructure. They are optimized to run Zoom Zoom Rooms, Zoom Rooms Controller, Zoom Rooms Scheduler, Microsoft Teams Rooms, and Teams Room Console.
Software
Windows
- Some DTEN products utilize Windows 10 loT Enterprise 1809/21H2 as an operating system. The Windows OS is configured using DTEN Services installed on Windows-based devices.
- Windows IoT security patches are available on the Zoom device Management Portal, DTEN Orbit, or the device itself.
Android
- Some DTEN products are built on Android software. Compared to DTEN devices that are more familiar to the reader, these Android-run DTEN devices are notably different.
- Android is used to provide the core operating system and display rendering components.
- DTEN appliance device has no access to the Google Play™ store, Amazon App Store, Google Play Service, or any method to allow arbitrary 3rd party applications to run on the device.
- None of the Google® applications (except a web browser) are included on the device.
- Android debug bridge (ADB) is disabled by design on all DTEN appliance devices.
- DTEN supports Android-based encryption for all data.
- While the devices include a browser client, they are not typically exposed to the end user. When the browser client is exposed, it is usually set to render a captive URL, and no browsing to arbitrary URLs is provided.
- All DTEN Android-based devices support wireless network connectivity via Wi-Fi 802.11a/b/g/n and 802.11ac (2.4 and 5 GHz). The D7X-Android Supports 802.11ax.
- The DTEN ME and ME Pro also support Bluetooth® for audio and microphone connections for paired audio devices (Headphones, Headsets, and Speakerphones). Note: Bluetooth® is set to OFF by default, with pairing functions accessed through the DTEN Settings Dashboard.
Zoom Rooms
- All Zoom-certified DTEN products use Zoom’s Zoom Rooms clients.
- Official Zoom applications are only provided by Zoom Partnership or Development Team through a strict Zoom release protocol and management tools.
- Zoom Rooms Certified DTEN Appliance is compliant with Zooms security. For more information, please see Zoom Security Whitepaper.
Microsoft Teams Rooms
- All Teams-certified DTEN products use Microsoft’s Teams Rooms clients.
- Microsoft Partnership or Development Team only provides official Teams applications through a strict Microsoft release protocol and management tools.
- Teams Rooms Certified DTEN Appliance is compliant with Microsoft Teams Rooms security. For more information, please see Microsoft Teams Rooms Security.
DTEN Orbit
DTEN Orbit is DTEN’s tiered subscription Managed Software as a Service (MSaaS) product.
Orbit offers remote diagnostics, firmware, and device management for DTEN hardware.
Orbit performs operations such as authority classification, grouping, sub-account creation, and updating and upgrading the devices to meet the high efficiency of using and managing DTEN devices.
User Authentication
- The Orbit website's authentication service supports single sign-on (SSO) and can be integrated with a user's AD authentication via the OAuth2 protocol. This allows users to authenticate to Orbit using their corporate credentials without actually sharing their credentials with DTEN.
- Orbit supports Okta and PingFederate authentication, allowing users to authenticate to Orbit using their corporate credentials.
- Users can create a local account with an email address.
Business Continuity Planning
The architecture of Orbit provides high reliability, resilience, and security.
- The service is hosted in multiple Amazon AWS data centers in the United States. To meet our minimum RTO and RPO goals.
- AWS, the provider of cloud services, handles normal, low impact due to power outages or link disruptions.
- During a major crisis or disaster, services are load-balanced to other regions within Amazon's AWS infrastructure until the affected regions' disruption(s) have been restored.
- DTEN continuously refreshes its risk assessment and business impact analysis every year and conducts recovery drills in various ways for core systems. Gaps with actual requirements are identified by analysis of the exercise results, and continuous improvements are made.
Cryptographic Security
DTEN continuously monitors platform security updates and thread management forums. The platforms are Amazon AWS, Google Android, and Microsoft Windows. A Mitigation or Response Plan is implemented based on the level of a threat announcement.
We are ready to promptly update the service to respond to new cryptographic weaknesses and implement evolving best practices by regularly monitoring cryptographic industry trends.
Data at rest is protected using standard cipher suites (e.g., AES-128 and AES-256) and hashing algorithms (SHA-256)). DTEN's requirements for Encryption algorithms include the following:
- In business scenarios that require high security, such as:
- Generating keys/Nonce for AES/ HMAC, RSA/ECDSA/ECDH, etc.
- An encryption-secure, random number generator (Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)), not ordinary random number generators such as rand(), without encryption security.
- All communication with the Orbit web server is over a standard secure SSL connection that encrypts all requests and responses. This is achieved through an HTTPS connection using TLS 1.2 and a 256-bit encryption layer using SSL and certificates.
Network Security
DTEN Servers and Infrastructure
Amazon Web Services (AWS) hosts our servers and network infrastructure. We use AWS Security Groups to secure connections to external networks configured to allow minimal required access. We use industry-standard Transport Layer Security (TLS) encryption to protect data in transit.
We make use of the security tooling provided by AWS for intrusion detection. We follow an N-tier model for segregating components. Authentication mechanisms protect all administrative interfaces. Audit logs for our environments and devices are generated by AWS and maintained to facilitate any required investigations. Server configurations are reviewed regularly, following our Configuration Management Policy. Our standard configuration includes security standards and appropriate hardening. All systems are regularly patched, and EOL software is prohibited in our environment. Our servers are Linux-based, and audit logs for our environments and devices are maintained to facilitate any required investigations.
We use Amazon Web Services (AWS) as a cloud hosting provider. See more information about AWS security and compliance here.
Ports & Network Connections | All DTEN Products and Services
- Network Firewall and Web Security Whitelist for DTEN, please see here.
- See here for the current Zoom Network firewall or proxy server settings
Please note: This link connects to the most up-to-date information on Zoom settings.
- See here for the current Microsoft IP range for Microsoft Teams
- Microsoft Teams Rooms does not support proxy authentication as it may interfere with the regular operations of the room. Ensure that Microsoft Teams Rooms have been exempted from proxy authentication before going into production..
Google | DTEN OS Appliances
For DTEN OS Appliances, the system will check the following domains for network connectivity or Captive Portal protocol:
- *.googleapis.com
- http://connectivitycheck.gastic.com/generate_204[connectivitycheck.gastic.com]
Google Public DNS
The Google Public DNS IP addresses (IPv4) are as follows:
- 8.8.8.8
- 8.8.4.4
The Google Public DNS IPv6 addresses are as follows:
- 2001:4860:4860::8888
- 2001:4860:4860::8844
Microsoft Windows
- Product: D7 Series Only
- Windows Server Update Services (WSUS)
- Microsoft Windows 10 Configuration Reference Link
Amazon AWS Services | All DTEN Products and Services
Amazon CDN Services. CDN Services are configured as Dynamic. If CDN services are disabled, communication defaults/routes to amazon.com.
DTEN Security Practices
Data security is taken very seriously at DTEN. We aim for transparency, clarity, and open communication regarding handling security.
Security is one of the most paramount considerations in everything we do. If you have any questions or concerns about security, we are happy to help. Please contact support@dten.com, and we will connect with you.
All new features, designs, updates, and changes will go through a security review process by the DTEN Security team. Furthermore, our code is reviewed with automated static analysis software, tested, and manually peer-reviewed before being implemented in production.
The DTEN Security team works closely with development teams to resolve any security issues that may emerge during development. The initial design ensures security by implementing security and functional requirements as part of the initial design process.
A defense-in-depth model is systematically incorporated through layered defenses to increase the security posture of all DTEN products.
Security Checks Cove
- Evaluating services on open ports
- Evaluation of third-party components
- Automated and scripted testing
- Evaluation of access to and hardening of the underlying operating system in products
- Regular retention of independent third-party penetration testers for additional validation of our program
Privacy
Our Privacy Policy describes the policies and practices as to the collection, use, and disclosure of information that we collect from users when you purchase our product(s) and/or visit, access, use, or download from our website, including all other media forms, media channels, mobile websites, or mobile applications related or connected to it. Our Privacy Policy is updated annually to account for any required changes.
We comply with all applicable laws for the data that we handle. Although our appliances by customers may handle such data, we do not directly handle PHI, PII, consumer report data, financial transactions, or EU personal data. Any data handled by our appliances are destroyed at the end of each session. Access privileges are granted based on job roles and require management approval.
Communication & Server Security
Our servers and network infrastructure are hosted in AWS. We use AWS Security Groups to secure connections to external networks configured to allow minimal access. We use industry-standard Transport Layer Security (TLS) encryption to protect data in transit. We make use of the security tooling provided by AWS for intrusion detection.
Our appliances do not directly store or process scope data. Windows appliances are configured according to security baselines from Microsoft:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines
Android appliances are configured according to security baselines from Android:
https://source.android.com/security/reports/
Hypervisor security is managed by Amazon Web Services (AWS.)
Cloud Hosting
We use Amazon Web Services (AWS) as a cloud hosting provider. Cloud hosting services are not provided to customers as part of our product. Snapshots of our virtualized systems are stored only in AWS. AWS does not directly manage to snapshots of our systems, but our staff does. AWS Marketplace images are used as a base for all of our instances, with additional hardening applied as required.
Information regarding security, compliance, and audit efforts for AWS services can be found here: https://aws.amazon.com/compliance/soc-faqs/.
Vulnerability Management
We have a Vulnerability Management Policy and program, ensuring at least one complete round of vulnerability scanning per month.
DTEN will promptly notify you of any security breaches in our system. DTEN has incident management policies and procedures to handle such an event.
Reporting Vulnerabilities
DTEN investigates anomalies and suspected security breaches on an enterprise-wide level. You may contact DTEN directly at support@dten.com. We will respond as quickly as possible. We request that you wait to disclose the issue until DTEN has addressed it. We encourage you to encrypt your messages to ensure confidentiality when emailing sensitive information to DTEN. Please include a detailed description of the vulnerability, including the type of issue; product, version, and configuration of the device containing the issue; and, where possible, step-by-step instructions on reproducing the vulnerability along with screenshots. Displaying the existence of the vulnerability will help us validate the vulnerability.
We will provide a timely acknowledgment of your reported issue. We will assign resources to investigate the issue and verify the existence of the vulnerability using the information provided. DTEN will provide a notification that we have confirmed the vulnerability. Additional information may be requested accordingly.
DTEN may consult with legal counsel before responding to unforeseen questions or reports.
DTEN will provide updates once vulnerability analysis can be performed. DTEN will address vulnerabilities and release updates or patches to devices and will provide timelines for releases of updates or patches. Updates or patches are prioritized by criticality, product impact, fixing complexity, and quality testing. Extenuating circumstances and factors may impact response times. DTEN is committed to providing the best effort possible to resolve vulnerabilities in supported products as quickly as possible.
Please be advised: No guaranteed reward will be awarded to reporters of vulnerabilities.
Public Notification and Acknowledgement
DTEN will coordinate public notification(s) of validated vulnerabilities with involved third parties. DTEN prefers that public disclosures be published simultaneously when possible.
To protect customers of DTEN products, DTEN requests that involved third parties do not post or share any information about potential vulnerabilities in any public forum. DTEN also asks for the appropriate time to research and respond to any disclosed vulnerabilities to allow DTEN customers adequate time to update DTEN products and exposed systems.
Third-party researchers who follow responsible, coordinated vulnerability disclosure practices defined in this policy will be recognized. Provided the vulnerability is kept a secret before DTEN can inform customers via DTEN security advisories and within updates or patches.
DTEN customers registered users and subscribers of DTEN’s Orbit service will be notified directly within the service.
System Maintenance
New functions and vulnerabilities security deployment for the device will be available through DTEN Orbit Portal or Partner Device Management Portal, such as Teams Admin Center or Zoom Device Management Portal. To reduce device vulnerabilities, DTEN recommends routine monitoring and updating of the units. To ensure the devices use the most up-to-date firmware and software when the product arrives, DTEN recommends updating all devices to the latest General Release version.
An announcement of a new update will be posted on the DTEN support website. You may subscribe to our newsletter for notifications on dten.com.
Disclaimer
This white paper is for informational purposes only and does not convey any legal rights to any intellectual property rights in DTEN products. DTEN does not provide any express or implied warranties. This is a statutory information white paper. DTEN does not guarantee the accuracy of the contents of this document and reserves the right to correct or modify it without notice. Any decision to use or rely on the contents of this document and the consequences thereof are the sole responsibility of the perpetrator. In the event of a conflict between what is stated in this document and the applicable law, the provisions of the law shall prevail.
To view the latest version of this document, please visit DTEN's Privacy Policy.
If you have additional questions or need to contact DTEN Support, please refer to this DTEN Knowledge Base article for more details: HERE.
Comments
0 comments
Article is closed for comments.