Wildix stands out in the realm of communication solutions, embodying the “secure by design” philosophy. This approach is not just an add-on feature; it is the core of Wildix’s design and functionality. In today’s digital age, where cybersecurity threats are omnipresent, Wildix offers a robust and reliable line of defense against cyberattacks, ensuring the integrity and security of business communications.
Wildix's Approach: Inherent Security
Wildix’s secure by design approach integrates security into the very fabric of its products and services. This approach minimizes reliance on external security measures, reducing complexity and potential vulnerabilities.
Every solution requires hardware of some description, whether it’s a simple laptop or phone or a full PBX with desk phones, conferencing hardware, and gateways. One of the biggest issues with hardware, however, is that many solutions use multiple third-party devices that need to be kept updated while remaining compatible with the overall system.
Each third-party device again results in a potential point of failure as a result of these multiple chances for system vulnerabilities or incompatibilities.
A typical system using a traditional IP PBX might look like this:
Each of these could easily be provided by a different vendor, which increases the risk of failure each time. Most solutions get around this by offering some sort of certification process, but many still are at the whims of their third-party providers. In some cases, third-party hardware, such as that from Yealink, has been shown to send data back to fourth parties.
A good telephony solution should eliminate as much hardware as possible, preferably not relying on SBCs, and using their own certified devices. If everything is compatible with a single solution, it resolves a lot of potential issues at once.
A Wildix solution could easily look like this:
Everything is designed to work in harmony with each other, reducing the risk of incompatibilities and overall issues. In addition, this means a much lower chance of unauthorized access.
The question is this: Does your comms system require numerous separate parts from different vendors to even talk to other people? Why does it need that level of complexity?
A good secure by design solution simplifies this complexity.
Key Features of Secure by Design
1. Built-In Security
2. Reduced Complexity
By minimizing the need for additional security hardware or software, Wildix simplifies the overall system architecture.
3. Minimized Human Error
With fewer components to manage and configure, the risk of human error is significantly reduced.
But there’s little point in being secure at the beginning if you’re not secure the whole way through. That’s where encryption comes in. A typical set of security protocols might include the following:
Transport Layer Security encrypts data as it moves between applications and servers.
Secure Hash Algorithm 512 converts text into strings to secure it, including digital records.
Advanced Encryption Standard 128 protects data as it’s at rest, ensuring security throughout the system.
Taken together, these encryption methods render exchanged data unusable to hackers, if messages are intercepted, they will be in an unintelligible state. Using multiple up-to-date encryption procedures increases the complexity of the messages and thus makes them more difficult for unauthorized parties to decipher and use.
Enhanced Security Measures in Wildix Systems
Wildix supports the following security and encryption protocols and reporting tools:
- Single Sign-On with Active Directory, Google, Microsoft Office 365
- 2 Factor Authentication when using Google, Microsoft Office 365 Single Sign-On
- SHA-512 hashing + salt, for storing user passwords securely
- TLS encryption of HTTPS traffic to the PBX, screen sharing sessions, Wizyconf conferences
- SIP TLS – SIP signaling over TLS
- SRTP – SDES-AES 128 encryption of voice/audio, including Wizyconf conferences
- DTLS-SRTP – TLS encryption of voice/audio, including Wizyconf conferences
- VPN AES encrypted traffic between PBXs
- LDAP via TLS
- SMTP / IMAP / POP3 connections over TLS
- SSH console access
- Intrusion detection overall services managed by the PBX (SIP / RTP / DNS proxy / NTP / Web)
- DoS protection overall services managed by the PBX (SIP / RTP / DNS proxy / NTP / Web)
- SIP SBC built-in
- Protection against cross-site request forgery (CSRF) attacks
- Requirement for secure passwords
- Support for Zabbix monitoring
- Report of intrusion attempts detected within the System
All these security measures are enabled by default on all Wildix Phones and Media Gateways connected to the system. All Wildix Phones and Media Gateways cannot be accessed by using Master Passwords.
Why Choose Wildix?
Wildix’s secure by design approach offers a more robust, simpler, and inherently secure alternative to traditional secured communication systems. This approach not only enhances security but also simplifies management and reduces the total cost of ownership.
Wildix Cloud and ISO 27001, 22301 compliance
Wildix Cloud network is powered by Amazon Web Services, whose data centers undergo ISO 27001 and ISO 22301 audits (for more information, you can refer to this page). These data centers share hosted facilities space with the world’s largest Internet companies. The geographic diversity of these locations acts as an additional safeguard that minimizes the risk of service interruption due to natural disasters.
Wildix Security Standards
With built-in security features, Wildix systems are less susceptible to cyberattacks and vulnerabilities. The simplicity of the Wildix system reduces the need for extensive technical knowledge and maintenance. By reducing the need for additional security hardware and software, Wildix offers a more cost-effective solution in the long run.
- The solution supports SAML2 and OpenID.
- Exclusive SSO authentication; no other authentication methods (login/password, etc.) are authorized to access end-user data. SSO via an external identity provider can be forced and password authentication blocked.
2. Traffic Encryption
- The certificate used for the identity of the hosting asset is valid, using at least the SHA256 key exchange mechanism and having any intermediate certificate within the certification chain valid and respecting the same above criteria.
- Certificates for the identity of hosting assets comply with the Certificate Transparency standard (https://www.certificate-transparency.org). The certificate used on systems can be freely validated at any time as requested by clients.
- The solution is accessible through HTTPS only with strong encryption protocol implementation: Vulnerable TLS 1.0 & 1.1, SSL v2 & v3 protocols are disabled. Only TLS 1.2 is allowed as a security protocol and all previous protocols are disabled by default.
- Protocol downgrade attacks are mitigated using the TLS_FALLBACK_SCSV mechanism.
- Cipher suites in encrypted traffic do not use null encryption, obsolete cipher MD5, RC4, DHE, CBC, and DES3. Additionally, the Wildix system can be switched between security mods in order to support outdated devices, while still using only modern ciphers.
- Perfect Forward Secrecy (PFS) Support: The solution supports ECDHE or AES suites in order to enable Forward Secrecy with modern web browsers.
- All cipher suite combinations that do not support Perfect Forward Secrecy (such as RSA) are banned.
- Cipher suites configuration is sorted from the strongest to the lowest.
- The solution supports HTTP Strict Transport Security (HSTS) for Web Servers to prevent Man-In-The-Middle Attacks.
- For security and performance reasons, each Wildix system uses sub-domains.
3. Secure Cookies
Wildix makes reasonable efforts to prevent cookie/session leaks, such as centralized CSRF protection and similar proactive measures.
4. Implementation of best practices to avoid security risks
Wildix follows OWASP recommended practices, performs penetration testing, and educates employees. More details can be provided after signing an NDA.
5. Mitigations Against CPU Speculative Execution Attack Methods
Mechanisms are in place to protect against CVE-2017-5754 – Meltdown, CVE-2017-5753 – Spectre 1, CVE-2017-5715 – Spectre 2 (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754). Wildix implements mitigations of both programmatic (kernel updates/modifications) and hardware (CPUs used are not affected) varieties.
Wildix is a Comprehensive Solution
The Wildix ecosystem encompasses a range of products and services designed to work seamlessly together, providing an integrated and secure communication solution for businesses of all sizes. From VoIP services to collaboration tools, Wildix offers a complete package that is secure, user-friendly, and efficient.
Embrace the Future with Wildix
Wildix represents the future of secure communications. Its secure-by-design philosophy, combined with advanced features and a user-friendly interface, makes it an ideal choice for businesses looking to safeguard their communication channels in the digital age. Choose Wildix for unparalleled security, simplicity, and efficiency in your business communications.
Ready to experience the pinnacle of secure communication solutions? Book a demo with us today and step into the future of cybersecurity and communication excellence. To get started with Wildix VoIP and experience its benefits, click here and schedule a free consultation with us today.