[ skip to content ]

Toggle Mobile Menu

Securing a Zoom Meeting

More Information about this image

Engineering & Computational Sciences Building


Important:

Report Zoom-bombing incidents to the University Police at police@odu.edu.


Log in to Zoom

Resources

Securing a Zoom Meeting

There are a few things you can do to keep unwanted guests from crashing your Zoom meetings and virtual classrooms:

Use the Latest Version of Zoom

First, it's important to keep your Zoom client up-to-date. Updates are pushed to ODU-managed computers, but you should check for updates on your personal computers and devices.

Note: Zoom has enabled its highest level of encryption system-wide, and only those with version 5.0 or later will be able to log in to Zoom meetings. If you try to enter a meeting using an older version of Zoom, you'll be prompted to upgrade before entering.


Default Meeting Settings

As of April 6, all ODU Zoom accounts will have the following default settings in order to prevent unwelcome Zoom guests:

Authenticated users only

Only authenticated Zoom users (with any type of Zoom account, ODU or otherwise) will be allowed to join meetings. You have the option to go even further by allowing only ODU users to join your meetings. All ODU faculty, staff and students can set up a Zoom account at odu.edu/zoom.

  • Anyone who tries to join your meeting will be asked to sign in (if they aren't already).
  • Authenticated ODU users will be able to enter meetings without waiting.
  • Attendees who do not sign in with an ODU account will enter a waiting room and will need to be admitted by the host.
  • Non-ODU users will have a Guest indicator next to their name in the participant list.

Meeting passwords

All meetings scheduled after April 6 will require a password. The password is automatically included in the meeting invitation sent from Zoom, from the Outlook plugin or from Canvas. No one will be allowed to enter the meeting if they have the link without the password.

  • If you just share the meeting ID or share the link another way, you will also need to share the password.

Before a Meeting

Generate a unique meeting ID

Don't use your Personal Meeting ID for meetings. When you share your meeting link, anyone who has the link can join your meeting. Your personal meeting ID is essentially one continuous meeting that people can pop in and out of any time. Instead, when you schedule a new meeting, have Zoom generate a random meeting ID.

Disable "Join before host"

  1. Go to odu.zoom.us and sign in with your MIDAS ID and password.
  2. Click Settings on the left side of the screen.
  3. Scroll down to Join before host and make sure it is switched off.

Manage "Screen sharing"

Keep random attendees from taking control of the screen and sharing unwanted content with the group.

  1. Go to odu.zoom.us and sign in with your MIDAS ID and password.
  2. Click Settings on the left side of the screen.
  3. Scroll down to Screen sharing. Under Who can share?, confirm that Host Only is selected. (Screen sharing settings should default to "Host Only," giving hosts sole permission to share content within their meetings.)

(If you need to allow participants to share their screens during a meeting, click the arrow next to Share Screen in the meeting control bar, and then Advanced Sharing Options to extend screen sharing privileges to all participants.)

Enable "Waiting rooms"

Attendees are placed in a waiting area until a host grants access to the meeting. This is especially useful when you hold public meetings.

  1. Go to odu.zoom.us and sign in with your MIDAS ID and password.
  2. Click Settings on the left side of the screen.
  3. Scroll down, and turn on the Waiting room.
  4. Choose whether you want all participants or just guests to be placed in the waiting room.
  5. Optional: Customize the message that attendees see in the waiting room.

During a Meeting

You have several options for managing your participants while the meeting is going on. If you find you have a trouble-maker in your meting, you can try:

Remove participants

From that Participants menu, you can mouse over a participant's name, and several options will appear, including Remove. Click that to kick someone out of the meeting.

Mute participants

Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting or inappropriate noise from other participants. You can also enable Mute Upon Entry in your settings to keep the noise down in large meetings.

Disable private chat

Zoom has in-meeting chat for everyone, or participants can message each other privately. Restrict participants' ability to chat amongst one another while your event is going on and cut back on distractions. This is really to prevent anyone from getting unwanted messages during the meeting.

Lock meetings

For private meetings, lock the meeting after it starts.

  • Click Manage Participants in the meeting toolbar.
  • At the bottom of the Participants window, click More, then Lock Meeting.

Note: Participants who may have inadvertently disconnected will not be able to re-enter.


Other best practices

  • Do not post Zoom URLs in public spaces like social media. Share meeting links only with invited meeting attendees.
  • When possible, schedule class meetings from the Canvas Zoom tool. Students can join the meeting from directly within Canvas - no need to send a link.

More information from Zoom

Zoom has many ways to help you keep your meetings on track. Learn more:


Zoom Security Questions

How can I avoid "Zoom-bombing" and "war dialing"?

When meetings are not administered with the recommended settings above, it is possible for malicious actors to automate guessing meeting IDs, and join random meetings with the intention of disrupting the meeting (nicknamed "Zoom-bombing").

To avoid this as best as possible, follow the recommended meeting settings above.

Does Zoom collect information about users' meetings?

Zoom was criticized for collecting information about users' meetings (videos, transcripts and shared notes) for advertising, and for sending de-identified analytics data to Facebook.

Zoom updated their privacy policy March 29, 2020, and no longer uses tracking software in the mobile app. They have removed the ability to use video and other user content for targeted advertising and other business purposes, and removed legacy code that send analytics data to Facebook.

Does Zoom provide end-to-end encryption?

Zoom provides transport encryption using TLS, the same as secure HTTPS websites. However, it is common for enterprise tools to decrypt data internal to the system in order to facilitate key features such as bandwidth scaling.

This level of encryption has been vetted through ODU's security review process and has been approved for use in ODU's academic and business setting.

Can links in the chat window be used to collect credentials?

The Zoom client converts Windows networking UNC paths into a clickable link in chat messages, which can be used to collect credentials, if another meeting participant clicks on the link.

However, when you follow the meeting recommendations above,the likelihood that a malicious actor will participate in a meeting and provide a text with a crafted UNC path is very low.

Zoom released a fix for the UNC link issue on April 1, and has dedicated all development efforts to privacy and security concerns.

What are Zoom and ODU doing to address vulnerabilities?

Zoom is identifying and addressing vulnerabilites with each new software release. ODU is deploying the latest version on all ODU-managed devices.

Update your personal device to the latest version of Zoom at zoom.us/download.

Will my email address (or my students') be leaked to people outside of ODU?

While most email providers are exempt from this feature, Zoom has treated the email addresses of some smaller email providers as if they all belong to the same company, which means they are able to view the account information of others who use the same email provider.

This does not impact large enterprise domains such as Google, Yahoo, Microsoft, etc.

It's very rare that you would run into this issue, but you can request a domain be blacklisted through Zoom's support page.

How transparent is Zoom about their security?

Digital rights advocacy group Access Now has published an open letter to Zoom calling on the video conferencing company to release a transparency report.

Zoom has updated the way they notify users when their information has been requested or provided to government authorities, or exposed by breach, misuse, or abuse.

How secure are Zoom installers?

A previous method used by Zoom to install the app on Macs opens the door for an attacker to insert malicious code and hijack the user's camera and/or microphone.

This issue was addressed with the latest version of the installer.