Security
Polycom, Inc.
146
Configure Encryption Settings for Skype for Business 2015
and Microsoft Lync 2013
Polycom RealPresence Group systems support media encryption in calls with Skype for Business 2015 and
Microsoft Lync 2013. Skype for Business 2015, Microsoft Lync 2013 Server pool, and the Polycom
RealPresence Group system must be configured to support encryption so that calls can connect with
encryption. If components have encryption turned off, calls connect without encryption. If one component is
set to require encryption and the other is not, calls fail to connect.
Before you use Microsoft Lync 2013 or Skype for Business 2015 in video conferences with RealPresence
Group systems, you must enable AES encryption in the web interface.
To enable encryption for Microsoft Lync 2013 and Skype for Business 2015:
» Go to Admin Settings > Security > Global Security > Encryption > Require AES Encryption for
Calls and ensure that When Available is selected.
For more information about encryption configuration in a Skype for Business 2015 or Microsoft Lync Server
2013 environment, refer to the Polycom Unified Communications for Microsoft Environments Deployment
Guide at
support.polycom.com
.
H.323 Media Encryption
To provide extra security for encrypted H.323 calls, the RealPresence Group system provides an encryption
check code. Both parties in a call can use this check code to verify that their call is not being intercepted by
a 3rd party.
The check code is a 16-digit hexadecimal number that is calculated so that the number is the same at both
sites in the call. The numbers are identical if, and only if, the key generation algorithm is performed between
the two sites in the call and is not intercepted and modified by a 3rd party.
To verify the check codes match:
1
Establish an encrypted H.323 call between two sites.
2
At each site, locate the Call Statistics information on the Place a Call screen of the web interface.
The check code also displays under Diagnostics > System > Call Statistics in the Transmit
column of the Call Encryption section.
3
Verbally verify that the code is the same at both sites.
4
Do one of the following:
If the codes match, the call is secure. Proceed with the call.
If the codes do not match, then there is a possibility that the key exchange is compromised. Hang
up the call. Next, check the network path from the local system to the far-end system to determine
if the systems are experiencing a Man in the Middle attack. This occurs when a foreign device
tricks the local system into creating an encryption key using information from the imposter. Then,
the imposter can decode the data sent by the local system and eavesdrop on the call.
List of Sessions
You can use the sessions list to see information about everyone logged in to a RealPresence Group system
including:
●
Type of connection, for example, Web