Authentication is the process in which the system identifies logged in users from unauthorized users. The effectiveness of this process is determined by the authentication protocols and mechanisms being used. In this article we will start reviewing authentication types that are used to verify the identities of users and decide whether they are really secure or not.
The first version of SIP used Basic HTTP authentication. This system is fairly easy to access using man-in-the-middle attacks. This type of authentication has been depreciating for some time now.
In HTTP authentication, an attacker can simply capture a packet containing the password and base64 encoded, which is then used to decode and perform attacks.
Not secure, indeed.
Security is a serious topic and, unfortunately, it is either overlooked, exposing organizations to risks, or incorrectly addressed through cumbersome solutions. In the series of blog articles I will try to shed light on what you should pay attention to, in terms of security, when choosing a UC solution.
Notwithstanding all the advantages of a UC solution, there is one important prejudice against its adoption: security concerns.
There is a widespread belief that VoIP solutions based on SIP are not secure, and that their usage must be blocked, or at least limited to local networks (eventually extended by VPNs).
Nothing could be further from reality. Well-developed and deployed VoIP solutions that are based on SIP and XMPP are actually more secure than traditional communications.
How did the prejudice start and spread?
This time we will talk about integrations with hospitality management systems via FIAS network protocol.
As we saw in the blog article Vertical Solutions for Retail, Education, Hospitality, Healthcare, integration with hospitality software automates operations such as:
- Check-ins / check-outs
- Minibar charges
- Call charges
- Room status updates
- Do-not-disturb status updates
The most popular PMS systems support a TCP network protocol called FIAS, which allows integration with PBX / UC systems. FIAS was developed by Micros (now Oracle) to allow communication between its PMS Fidelio and external systems such as PBXs, Keys Management Systems, and PoS.
In this blog article we will examine which tools are available for monitoring and analyzing the communication history of the system.
The UC system typically provides one or more of the following resources:
- CDR (Call Data Record) – information about calls
- Call Groups / Queue Logs – or other specific logs
- Syslog – information about the system
- Chat / geolocation logs
This information can be used by our application and integrated with the UC server to perform a specific monitoring and analysis or show reports.
It is important to troubleshoot any technical issues that might arise.
In the previous blog article (TAPI Windows and Web APIs Integrations) we investigated the definition of TAPI and Web API. This time we will discover which Unified Communication capabilities can be integrated using these technologies.
Even before a user answers the customer’s call, the UC system can automate the processing of the call itself.
It can, for example, determine who should answer the call, the level of service agreed, and even the preferred language. This is done by integrating with our application before the call is delivered to a user.
The integration can be achieved either via TAPI routing points or by using web requests to an external service.
In the case of TAPI routing points, our application receives a notification that there is a call waiting and information about it. After performing all relevant operations, the application can reply by requesting that the call be transferred to a specific operator or to voicemail.