|Scroll export button
This document provides information on built-in security features of the Wildix system, ISO compliance and GDPR.
Updated: July 2023
Security is a top priority for Wildix and all the security features are built-in inside the product, which means the Wildix System is Secure By Design and security is not delegated to third party devices.
The main difference between location-based MFA and other forms of 2FA is that the former is implemented at the system level, meaning it is enabled for the entire PBX. This means that all users who access the system are required to complete the location-based MFA process. 2FA via email, SMS, or external application is typically enabled by individual users on their own accounts. This means that users can choose to enable 2FA on their own accounts as an additional layer of security, and, if required, it can also be enforced by an admin via WMS.
Wildix Wizyconf videoconference, same as Wildix WebRTC phone in Collaboration use WebRTC for audio and video communications. WebRTC was born as open source project and is still under active development, however security measures were in place from the very beginning. WebRTC offers security "out-of-the-box" and in fact, this is one of the reasons why Wildix opted for WebRTC back in 2012 when we launched the Kite project and then, in 2015, we made it our technological choice, when we released the first WebRTC phone available directly in Collaboration web interface.
What are the information flows within the system and between it and other services?
What are the principle methods of transporting information?
Note: 80 and 443 ports can be changed.
Are the data shared with any other third parties?
What firewalls or network control measures are used to protect thesystem/data?
SIP firewall in PBX and high security by design withpasswords and 2factors protection. Data firewall remains important on remotesite.
Is the system ISO 27001 compliant?
|Yes. See this chapter.
Which access methods are available to access the system?
Note: Details can be found in WMS Start Guide.
What system enforced password settings are active for users?
What additional measures are in place to secure administrator accounts. (e.g. stronger passwords or crypto keys required to access systems)
Is two-factor auth mandatory?
|It can be mandatory, managed by ACL rules.
How does the system hand out the necessary privileges for users to gain the correct access to information? How does it prevent access to the wrong material?
Admin can limit/ allow access to certain PBX services and features by ACL rules.
How can unauthorised access be detected?
What logs are kept of successful/ unsuccessful usage attempts?
|System logs (including all attempts).