Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Scroll export button
scopecurrent
template-id0fa09813-8b86-460a-aa1d-ef450a80e9ce
quick-starttrue
add-onScroll PDF Exporter

Info

This document provides information on built-in security features of the Wildix system, ISO compliance and GDPR.

Updated: July 2023

Permalink: https://wildix.atlassian.net/wiki/x/pQvOAQ

Security is a top priority for Wildix and all the security features are built-in inside the product, which means the Wildix System is Secure By Design and security is not delegated to third party devices.

...

The main difference between location-based MFA and other forms of 2FA is that the former is implemented at the system level, meaning it is enabled for the entire PBX. This means that all users who access the system are required to complete the location-based MFA process. 2FA via email, SMS, or external application is typically enabled by individual users on their own accounts. This means that users can choose to enable 2FA on their own accounts as an additional layer of security, and, if required, it can also be enforced by an admin via WMS.

WebRTC Security

Wildix Wizyconf videoconference, same as Wildix WebRTC phone in Collaboration use WebRTC for audio and video communications. WebRTC was born as open source project and is still under active development, however security measures were in place from the very beginning. WebRTC offers security "out-of-the-box" and in fact, this is one of the reasons why Wildix opted for WebRTC back in 2012 when we launched the Kite project and then, in 2015, we made it our technological choice, when we released the first WebRTC phone available directly in Collaboration web interface.

...

QuestionsAnswers

What are the information flows within the system and between it and other services?

  • Data flows from a PBX to remote customer sites and flows to the operator if you have a SIP trunk.
  • Interconnection with other services: Ports used by Wildix services

What are the principle methods of transporting information? 

  • HTTP:80
  • HTTPS:443

Note: 80 and 443 ports can be changed.

Are the data shared with any other third parties?

No.

What firewalls or network control  measures are used to  protect thesystem/data?

SIP firewall in PBX and high  security by design withpasswords and 2factors protection. Data  firewall remains important on  remotesite.

Is the system ISO 27001 compliant?

Yes. See this chapter.


Access Control

QuestionsAnswers

Which access methods are available to access the system?

  • One super admin access
  • One strong password by user

Note: Details can be found in WMS Start Guide.

What system enforced password settings are active for users?  

  • Password Minimum length/ Complexity 
  • Password Change Interval
  • Lockout (after incorrect password entries)
  • Encrypted passwords
  • Recommended 12 characters, at least one capital letter, one special character, one number. Change every 6 months.
  • For the lockout, 3 attempts banned for 1 hour to start over. There is two-factor authentication on top of that


What additional measures are in place to secure administrator accounts. (e.g. stronger passwords or crypto keys required to access systems)

  • 1 unique access
  • Recommended 12 characters, at least one capital letter, one special character, one number

Is two-factor auth mandatory?

It can be mandatory, managed by ACL rules.

How does the system hand out the necessary privileges for users to gain the correct access to information? How does it prevent access to the wrong material?

Admin can limit/ allow access to certain PBX services and features by ACL rules.

How can unauthorised access be detected?

  • Visible in logs
  • Protection by automatic backups
  • Protection by ACL groups

What logs are kept of successful/ unsuccessful usage attempts?

System logs (including all attempts).

...