| Html |
|---|
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script> |
...
| Info |
|---|
This document provides information on built-in security features of the Wildix system, ISO compliance and GDPR. Updated: April 2018 Permalink: https://confluence.wildix.com/x/QgBuAQ |
Security is a top priority for Wildix and all the security features are built-in inside the product, which means the Wildix System is Secure By Design and security is not delegated to third party devices.
...
All these security measures are enabled by default on all Wildix Phones and Media Gateways connected to the system. All Wildix Phones and Media Gateways cannot be accessed by using Master Passwords.
Check of certificates
PBX certificates and licenses are checked daily. The PBX TLS certificates are generated automatically and updated every two months if the PBX is reachable via the internet via https. In case the PBX is not reachable via internet, a certificate must be loaded manually and then updated before its expiration. The daily check makes sure that:
- the system is running with valid certificates (this means that all the customers are communicating without the risk of their communications being intercepted)
- the system has not been duplicated (this prevents the risk of a man-in-the-middle attack)
- the software version running on the system is not known for security issues, otherwise an alert informs the system administrator that the system must be upgraded (failing to do so can lead to the system to disable certain features that were detected as the ones that could expose the system to risk)
- the system is running within acceptable performance parameters (memory and CPU), otherwise an alert informs the system administrator that the underlying HW or Virtual environment must be improved.
Technical details:
- The check is executed daily at a random time, this can be modified to run at a regular time or day of the week.
- The connection is made to the server api.wildix.com; optionally via an http proxy (to the server wmp.wildix.com, in case WMS version is lower than 3.86)
- The protocol used is based on HTTPS with high level encryption, no incoming connection is needed for the system check to work; the protocol can also work through a customer’s web proxy
- The average data size exchanged on the connection is 2 Kb daily
- The system ignores a failed connection attempt for up to 14 days; it is possible to keep the system offline and reconnect it to the Internet at least once every two weeks.
- After 14 days offline the system limits available features to guarantee the customer safety. An alert is given to the users of the system. To restore a full operational system it is sufficient to permit the outbound connection and sync licenses in WMS (Refresh via Internet option on the page Activation / Licenses).
Security vulnerabilities report
Vulnerabilities and questions about privacy must be communicated using the following email security@wildix.com, we have a Vulnerability Reward Program in place. The reward will depend on the importance of the problem found.
Reasons to contact us at security@wildix.com:
I’m experiencing a security problem with my Wildix account
I want to report a technical security bug in a Wildix product (WMS, Collaboration, WMP, Kite, ubiconf, WP, iOS / Android Wildix apps)
I have a privacy doubt or a privacy-related question about Wildix products and services.
...
Added an option to auto-delete CDR, chats / Kite chats, voicemails and call recordings in WMS Settings -> PBX -> Call and chat history after a period of time (WMS-4090; WMS-4084)
GDPR - Right to be forgotten
- Added the possibility to delete all contacts from the phonebook in WMS -> Users -> Phonebooks (WMS-3901)
GDPR - Right to be forgotten
...