There are few things more important to a communications system than how well it’s protected. With cyber attacks continuing to escalate and businesses constantly increasing their points of contact with the internet, the chances of being hacked are only increasing. Worse, the fallout of a hack is only growing more severe, with the average data breach now costing SMBs $4.35 million USD per attack.
Once a cyberattacker decides it’s your system that they’ll target next, all that stands between you and severe damages is your system’s security policy. That’s why it’s critical that your UC&C platform not only be thoroughly protected, but enforce that protection consistently and reliably.
And that’s also why Wildix makes security a core element of our system’s design. Wildix solutions all feature potent security measures built right into their architecture — that way, the most essential components each work with little to no extra input. Then, thanks to Wildix’s flexible design, technicians can easily add and configure further protections as an integrated part of the system.
So, just how does that security come to be? Here we’ll give you a complete, in-depth rundown on Wildix’s security policy, and how Wildix solutions keep you secure through their basic design.
What to Protect Against
But before we can fully explore any secure policies, we need a sense of what a UC&C system has to be secured against.
Here are some of the most common attacks targeting digital telephony systems.
Account Break-ins: One of the simplest cyberattacks is to break into a user’s account by guessing its password or obtaining it through phishing. Insufficiently complex passwords or a lack of sign-in security protocol are therefore some of the worst vulnerabilities a system can have.
Man-in-the-Middle Attacks: When a system is insufficiently secured, hackers may be able to access the connection and read the data exchanged across it in what’s known as a “man-in-the-middle” attack. And if having eavesdroppers on confidential messaging wasn’t bad enough, these hacks also give attackers the chance to alter communications data during the exchange to sow misinformation and distrust in organizations.
System Intrusions: Maybe the most frequent image of a cyberattack is a hacker breaking directly into a system without a password, often by using a vulnerability. If a system doesn’t have a way of detecting these intrusions right as they happen, it will be impossible to secure against them.
DDoS Attacks: Distributed denial of service attacks are a form of cyberattack that overwhelms a server with traffic, forcing it to shut down. Systems therefore need a way to block excess traffic, even if all it’s doing is attempting to access the solution.
Naturally there are other ways cyberattackers hit organizations. But if a system isn’t protected against these common forms of attack, it’s going to be vulnerable to some very severe damage.
Secure-by-Design Threat Protection
Protections against these kinds of attacks are, on paper, industry standard. But all too often, poorly planned configurations and simple human error mean either those protections don’t work right, or they’re forgotten about altogether.
As we’ve already covered, that’s an unacceptable risk for any organization. To combat it, Wildix comes with pre-built security measures that are activated by default once the system is booted.
This is why we call Wildix “secure by design”: Without any additional input or setup, all Wildix solutions feature a full suite of robust security protocols that protect end-users from their very first seconds of being online.
Here are the major security components Wildix enables right out of the box:
- Passwords: Wildix systems require complex passwords during account creation, and can be further protected with 2 Factor Authentication (2FA), which requires users to log in using their usual credentials and a one-time code sent to a separate account.
- Encryption: Even if a hacker sneaks into one of your Wildix conversations, they’ll be unable to understand any of them thanks to the solution’s multiple levels of encryption. Using a combination of SIP signaling over TLS, SRTP, DTLS-SRTP and AES protocols, Wildix scrambles transferred data with protocols so complex that only intended parties can unscramble them.
- WebRTC: The Web Real-Time Communications protocol has been central to Wildix digital telephony from the very beginning, and that’s largely thanks to its excellent built-in security. WebRTC runs only in the browser — meaning it uses browser-grade security and isn’t affected by any local files — and automatically encrypts its traffic with DTLS and SRTP to make eavesdropping impossible.
- DDoS Protection: Thanks to a combination of secure connection protocols — SIP, RTP, DNS proxy and NTP in particular — Wildix automatically blocks excessive network traffic targeting the system, better preventing DDoS attacks by stopping an overload of connections (and a subsequent outage) before it can even happen.
- Intrusion Detection: If a hacker tries to illicitly access Wildix, the system administrator will know it instantly. The access points for Wildix PBXs are all automatically monitored to make sure such intrusions are always highlighted for a complete, up-to-date view of your security.
- System Monitoring: Wildix gives insight into live network traffic with a system monitoring feature available to administrators. Thanks to compatibility with the industry-standard Zabbix system monitoring solution, IT teams get deep insight into the real-time activity on Wildix solutions for general insight into their system’s connections, both during general use and in the event of an attempted attack.
- Built-in Protections: For added security right from start-up, Wildix includes built-in measures to block excess or dangerous web traffic, including firewalls and a Session Border Controller (SBC). Because these measures are built directly into the Wildix system, technicians will never need to fuss over setting up or maintaining them, leaving end-users with a consistent means to block most basic attempts at cyberattacks.
Each of these components serves as a way of protecting against multiple types of frequent cyberattacks. But they’re far from the only ways Wildix automatically enables security.
Security in the Cloud
The cloud is an immensely useful platform for flexible, remote use of apps and systems, making it an easy infrastructure to recommend to any organization.
However, the cloud also presents immense security risks. Since cloud-based systems are designed to be reachable from any connection and any location, the protections built for local connections won’t always cover all the system’s possible points of access. Then there are the additional networks data must travel across in the cloud, such as the network’s servers and any third-party vendors you use, any of which may be vulnerable to hackers if not properly set up.
Because of that, Wildix includes these additional security measures just for cloud-based systems.
Cloud Authentication
As we said, cloud systems need additional standards to prevent unauthorized access. Wildix enforces this extra security in the cloud primarily through its ability to integrate Single Sign-On (SSO).
SSO is a sign-in method that uses a common external account, such as Gmail or Outlook, to log in instead of a unique username and password. This reduces the number of passwords users have to remember, meaning they’re less likely to write the account’s password down and leave it open to discovery by malicious actors.
SSO also routes the login through the external account holder’s servers for another layer of authentication — in many cases, such as logins through Google accounts, this also adds to security simply by conducting the transfer through some of the most state-of-the-art servers in the world.
Wildix supports this login method with SAML 2.0 (Security Assertion Markup Language), a standard to streamline SSO functions quickly and safely. Our SSO is also supported by OpenID, an additional means of user authentication supported by Google and other major tech vendors.
Plus, the Wildix system consolidates all user accounts into a single feed, making it far more convenient for system administrators to add or remove employees to or from the organization’s accepted SSO logins.
Encryption in the Cloud
While Wildix cloud systems naturally use all the encryption methods we mentioned earlier (TLS, SRTP, etc.), they also use additional encryption to make doubly sure bad actors never access your hosted data.
In the cloud, Wildix can only be accessed through secure connections established by HTTPS and TLS 1.2, the most up-to-date encryption protocol. Older and more vulnerable protocols, like TLS 1.0 and SSL V3, are outright prohibited. Instead, Wildix cloud systems automatically use the strongest available protocols first, then the next-strongest protocols as needed.
This stricter encryption pairs with stricter certificate authentication. During encrypted online communications, each communicating party is issued a digital “certificate” that proves the user is who they say they are and can be trusted with the one-time key needed to decrypt incoming web traffic. In the cloud, Wildix uses the standard SHA256 key exchange for issuing certificates, just like it does for any other installation.
But on top of that, cloud deployments also use stricter protocols to comply with Certificate Transparency standards, while also making Wildix’s own certificates available for validation on request for a fully clear security policy.
Data Hosting Policy
Just as critical as protecting data during exchanges is protecting it while it sits still. So in many ways, security in the cloud is decided by your cloud host, whose on-site and internal security policies play a huge role in data protection.
That’s why Wildix selected Amazon Web Services (AWS) for our exclusive cloud partner. As we’ve discussed in detail, AWS boasts robust protections for all web clients, as well as ample room to expand on that default policy with further security measures.
In keeping with Wildix’s strict data separation standards, user data is hosted only at an AWS server in each user’s preferred geographic location. Each Wildix system also uses sub-domains to further segment user data into private, fully secured servers.
And of course, Wildix also fully adheres to GDPR standards, including automatically deleting user data to better preserve privacy and the right to be forgotten.
To Sum Up…
The way Wildix sees it, security is not optional. So when you use Wildix, nearly all the security you’ll ever need arrives as soon as you start up your system.
While of course we can’t account for every possibility, the most common security issues are readily addressed just by the protections built into each Wildix solution. Every PBX and system is built to run traffic securely without any add-ons or further installations — and that goes extra if your Wildix solution is running in the cloud.
Because right from startup, Wildix protects you from:
- Insecure passwords
- DDoS attacks
- System intrusions
- Man-in-the-middle attacks
- Suspicious web traffic
Any time Wildix is deployed in the cloud, by default it’s also protected with:
- Additional encryption
- Stricter user authentication
- AWS-grade data protection
Focusing on embedded security in this way keeps Wildix systems easy to deploy and easy to maintain, with all the necessary protections simply part of the main architecture instead of sitting lost in hundreds of extra protections.
That makes the work for technicians and IT departments easier, of course — but most importantly, it makes your system that much more impenetrable. With as much security as possible launched within the main solution, there’s no risk of missing any protection at installation, and far less risk of a cyberattack succeeding as a result. It’s a simple solution, but the way we see it, that’s exactly what’s needed for simple peace of mind.
For more insight on cybersecurity best practices, subscribe to receive our magazine for free!