Versions Compared

Old Version 28

changes.mady.by.user Tatiana Bieliakova

Saved on

compared with

New Version 29

changes.mady.by.user Ksenia Babych

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Scroll export button
scopecurrent
template-id0fa09813-8b86-460a-aa1d-ef450a80e9ce
quick-starttrue
add-onScroll PDF Exporter

Info

This document provides information on built-in security features of the Wildix system, ISO compliance and GDPR.

Updated: August 2021

Permalink: https://wildix.atlassian.net/wiki/x/pQvOAQ

Security is a top priority for Wildix and all the security features are built-in inside the product, which means the Wildix System is Secure By Design and security is not delegated to third party devices.

...

QuestionsAnswers

What are the information flows within the system and between it and other services?

  • Data flows from a PBX to remote customer sites and flows to the operator if you have a SIP trunk.
  • Interconnection with other services: Ports used by Wildix services

What are the principle methods of transporting information? 

  • HTTP:80
  • HTTPS:443

Note: 80 and 443 ports can be changed.

Are the data shared with any other third parties?

No.

What firewalls or network control  measures are used to  protect thesystem/data?

SIP firewall in PBX and high  security by design withpasswords and 2factors protection. Data  firewall remains important on  remotesite.

Is the system ISO 27001 compliant?

Yes. See this chapter.


Access Control

QuestionsAnswers

Which access methods are available to access the system?

  • One super admin access
  • One strong password by user

Note: Details can be found in WMS Start Guide.

What system enforced password settings are active for users?  

  • Password Minimum length/ Complexity 
  • Password Change Interval
  • Lockout (after incorrect password entries)
  • Encrypted passwords
  • Recommended 12 characters, at least one capital letter, one special character, one number. Change every 6 months.
  • For the lockout, 3 attempts banned for 1 hour to start over. There is two-factor authentication on top of that


What additional measures are in place to secure administrator accounts. (e.g. stronger passwords or crypto keys required to access systems)

  • 1 unique access
  • Recommended 12 characters, at least one capital letter, one special character, one number

Is two-factor auth mandatory?

It can be mandatory, managed by ACL rules.

How does the system hand out the necessary privileges for users to gain the correct access to information? How does it prevent access to the wrong material?

Admin can limit/ allow access to certain PBX services and features by ACL rules.

How can unauthorised access be detected?

  • Visible in logs
  • Protection by automatic backups
  • Protection by ACL groups

What logs are kept of successful/ unsuccessful usage attempts?

System logs (including all attempts).

...