Zoom vs WebEx Technical Comparison Traffic Test
With all the current media coverage surrounding the security of the Zoom platform, IR has conducted internal technical tests to determine which platform we are supporting going forward.
IR believes both platforms work and are secure for our usage. We offer WebEx as an alternative to Zoom if for any reason a client does not want to use it. However, IR prefers the quality of the video, audio and simplicity of use in Zoom over WebEx. As a small business ourselves, we like to support them. Although Zoom is no longer in this category, we have been supporting them since they were once a small business.
Zoom and WebEx both operate in similar ways, both establish a connection to one of their servers and then data is transmitted to the other computer in the connection.
Zoom establishes a connection with a single server, hosted with AWS (Amazon Web Services), based in the USA. A small amount of data is transmitted over this connection, it is a standard secured TCP port 443, similar to most current web traffic. The bulk of the data (video + audio) is then sent directly to the other computer participating in the call, which has also established a connection to the AWS server. We only have access to basic statistical software for web tracking purposes as we are not a software engineering firm. The assumptions on data patterns point towards a connection to the AWS server to ensure both parties are on the same call, and then to transmit data directly between the parties.
This will bring us to the first publicized concern about Zoom claiming end-to-end encryption. As the data is sent via UDP, encryption isn’t possible as it is only supported on a TCP connection. However, current IP based video conference software, supplied mostly by Cisco and Polycom, and used by courthouses and governments across the country is also UDP based, which isn’t encrypted. All VPN servers where someone can remote connect to an office computer is also UDP based. It is a direct tunnel, which doesn’t confirm where data is going, it just assumes it is going to the right location since a secure connection was established previously telling it where to go.
The second common Zoom complaint is “Zoom-Bombing.” This addressed people trying to gain access to Zoom meetings by randomly generating the Meeting ID codes to show up to unrestricted meetings causing havoc. IR has addressed this issue by requiring passwords in place for all Zoom meetings, as well as restricting guest access. Our usage of Zoom is similar to being in a small boardroom where it is obvious if someone enters who isn’t supposed to be present. The Zoom-Bombing issue leans towards a company that may be hosting large meetings with hundreds of attendees, similar to being in a conference hall where controlling access can be more difficult.
The third issue which sparked initial debate involved someone generating a link in the chat. When someone clicked this link, it would automatically send that person windows login credentials. This isn’t new, and technically is a Windows security flaw, of which Windows and other operating systems have had and been around for years without being addressed. The general good practice that most people follow is not to click on unknown email links. The same applies to any online chatroom, including WebEx.
When a WebEx meeting is started, a connection is established with a Cisco Server, on the same TCP 443 secure port. The difference is the mass bulk of the data is transferred through that connection to multiple US, and in our test case, Netherlands-based Cisco Servers. Multiple servers are required to send the video and audio data because a secure TCP connection is much slower than a direct UDP connection to the other party. In our test case, we could see up to 15 different servers in use, 14 in the USA and 1 in the Netherlands. Again, we cannot see individual packet data, but all the video data was transmitted in this manner. The assumption here is that to maintain the speed required to transmit video, several servers are needed. This is a similar way in which the older free Skype platform functioned, except Skype didn’t use secure ports. We cannot tell if this connection is encrypted, and it is important to note a very large difference in a secure vs encrypted transmission of data. Very few items can be properly encrypted, and it is a very difficult approach for a video feed due to the size of the data. Typically, the initial request to establish a connection between 2 parties can be encrypted, but the video data itself would be difficult if sent on a real-time basis.
This type of connection to several servers to transmit data does delay transmissions slightly, but mostly shows a reduction in AV quality in the connection. Cisco has a lot of servers, it shouldn’t show a big reduction, but theoretically, the more people using it the slower the connection would need to be as servers reach capacity. In the current landscape Internet traffic is becoming an issue with how much data is being sent around everywhere, so we’d likely see connection issues on both Cisco and Zoom platforms deteriorating from home and office-based internet overload before a server slowdown.
This analysis was done in house, by people who have been technology focused since before Windows existed. The rapid expansion of the digital age brings tons of questions about many things, security included, and unfortunately, a lot of the answers provided by these companies can raise more questions than they answer. The best we can do its try to form an educated opinion about choosing a way we are comfortable doing something given all the information available.
We operate a more hands-on mentality when it comes to security and control of our equipment, and still hold house in-house servers in place of cloud-based options. IR does not use any third party ISP-provided routers due to our own internal security concerns and we only use commercial level equipment that can be properly monitored. Most people we talk to think this is overkill, but we don’t feel the ISP needs to be aware of the computers on our network.
This summary is in no way intended to endorse one company over another, and IR will continue to offer clients a choice of service through this time frame in order for everyone to try to be able to continue to work as efficiently as possible through the current landscape.