Versions Compared

Old Version 17

changes.mady.by.user Ksenia Babych

Saved on

compared with

New Version 18

changes.mady.by.user Ksenia Babych

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Html
<div id="fb-root"></div>
<script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>

...

Info

This document provides information on built-in security features of the Wildix system, ISO compliance and GDPR.

Updated: August 2021

Permalink: https://confluence.wildix.com/x/QgBuAQ

Security is a top priority for Wildix and all the security features are built-in inside the product, which means the Wildix System is Secure By Design and security is not delegated to third party devices.

...

QuestionsAnswers

Are users required to login? Is this login over a secure link?

Yes, users are required to login, login via HTTPS.

What are other data transfers/ connections between users' browsers and the system?

Check the doc Ports used by Wildix services.

From which solution stack does the system consist?

Check the doc Legal Notice PBX.

What is your approach for identifying applicable security patches and applying the system? 

Full security package with recurrent licences: Wildix Terms and Conditions.
Are contacts with relevant authorities (CNIL, CISA, NIST…) and special interest groups (OWASP, FIC, RSA, DEF CON…) maintained?Wildix is in touch with OWASP Foundation and uses the OWASP SAMM in development.

What processes do you have in place to minimise the risk of these issues according tOWASP list:

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards

The processes are present in Wildix Terms and Conditions.

How are security incidents managed and reported?

Wildix SRE Engineers perform continuous system monitoring 24/7, investigate crash reports, and intervene in case a problem with any client PBX has been revealed by the monitoring system. In case a problem has been revealed, the following actions are undertaken:

  • Identify the CoS of the issue; issues which have been identified as Critical are immediately taken into analysis, even if revealed outside Support Hours
  • Find all the information related to the PBX, including Serial, Country, Partner, information about the issue
  • Partner is contacted by creating a ticket or by phone
Is knowledge from previous incidents used to reduce the likelihood or impact of future incidents?Yes, review of previous security incidents is the basement to improve procedures.

Are any vulnerability scanning or penetration testing carried out?

Penetration tests are performed yearly and security reports summaries are released on request after signing an NDA to existing customers.

Do you implement daily Antivirus scans across all systems and a patch management procedure to patch vulnerabilities with a CVSS3 score at 4 or above without undue delay?We constantly apply security upgrades for all components within the Wildix PBX and components are very mature. By default, we do not allow elevated permissions on our PBXs and malicious software cannot be installed. Wildix PBXs are monitor 24/7 for malicious activity and are blocked by default through our inbuilt SBC and other security mechanisms.

How have you ensured the data links to the web server are adequate for traffic volumes anticipated? Have you tested under anticipated load?

  • Test with 5000 users / 600 concurrent calls
  • Wildix recommend 100 kb symmetric per call

...