Security info

Overview

Risks and hazards:

Misusing a UC system can result in the following hazards for the company and its users:

  • Improper calls to telephone numbers (0900-).

  • Mining of company and personal information (e.g. call lists, voicemail messages).

  • Faking of fax and text messages.

  • Mining of passwords used in the UC system (and possibly elsewhere).

  • Perturbing the communication systems (denial of service).

Overview of the components to protect:

In addition to protecting the general network and computer infrastructure, the following components and functions must be taken care of in particular:

  • XPhone Connect Server

  • CTI interface to the telephone systems

  • Interfaces to groupware systems and mail servers

  • Interfaces of Unified Messaging services

  • Web administration application

  • Windows client applications

  • Web client applications

  • Voicemail remote access

Basic precautions:

This description assumes that your network and machines have a state-of-the-art protection. This includes, for example:

  • Sufficiently protected remote accesses

  • Sufficiently strong user passwords

  • Virus protection and Trojan detection on user workstations

  • Safe administration passwords and secured administrator accesses to the servers

  • Using a firewall for internet access. Using a DMZ, if required. Only open ports that are used by a specific application. Only use encrypted internet connections.

General notes:

A number of attack methods (e.g. Trojans) work with code that runs in the context of the logged in user. That means that such code benefits from the single sign on mechanism leading all other security measures ad absurdum.

Therefore, the main priority is the protection from viruses and Trojans.

It is essential that all UC components that are not used (e.g. fax or voicemail) are deactivated. Internet connections must always be encrypted.

Interfaces

XPhone Connect Server

The console of the machine and remote accesses must be secured against unauthorised use. Access to the file system must only be possible for authorised users (applies to network sharing and console access). The applies in particular to the XPhone Connect Server programme directory and the subordinate data directories.

The SQL database used by the XPhone Connect Server must also only be accessible for authorised users. Usually, this is only the user for whom the XPhone Connect Server is run and maybe the domain administrator.

Data transfer security:

The XPhone Connect Client and the XPhone Connect Server communicate with each other via TLS- secured WCF TCP binding. The underlying certificate is generated again upon each start of the XPhone Connect Server. AES with a key length of 256 bits is used as encryption algorithm. The XPhone Connect Clients do not verify the certificate of the server. The signalling data flow between the XPhone Connect Clients is realised with the XPhone Connect Server, which also encrypts the data.

Login security:

To prevent brute force attacks that mine passwords, a user account is blocked for five minutes after five unsuccessful login attempts.

CTI interface to the telephone system

The CTI interfaces are especially at risk for misuse since widely used standard protocols are used here. The CTI interfaces to current telephone systems are based on the Ethernet. Generally, misuse would be attempted with a workplace computer in the Intranet.

For increased security demands:

Disconnecting the Ethernet infrastructure between workplace computers in the Intranet and the UC system/telephone system:

  • Establish a disconnected Ethernet (separate network card in the UC Server, routing between networks not configured).

  • Establish VLAN or VPN for connection between UC Server and telephone system.

  • Take additional measures for standard requirements

Standard security requirements:

  • Change the access password for the CTI interface, use a complex password.

  • Activate the application firewall existing in the telephone system, if required.

  • Make restrictions in the Ethernet routing so that routing is only possible between the UC Server and the telephone system (configuration of the Ethernet switch).

The included components generally do not support IP encryption (SSL/TLS) so that special attention must be paid to the network configuration.

IP and ISDN interfaces

IP and ISDN interfaces from the UM Server to the telephone system

If the XPhone Connect Server is connected to the telephone systems via ISDN, the cable connection (point to point) must be protected from unauthorised physical access.

The same notes apply for IP connections (SIP or H.323) as for the CTI interface. Furthermore, an encryption at the signalling level is recommended with TLS/SSL.

An encryption of the signalling and RTP data (SSL/TLS and SRTP) within the Intranet is often avoided in practice for performance and administration reasons. In this case, the configuration of the Ethernet (switching and routing) must be done especially carefully.

Interfaces to groupware systems

For the connection to a groupware system, the XPhone Connect Server uses the following protocols:

  • MAPI (only for Exchange Server): Access to voicemail messages for remote enquiry, calendar reading.

  • Alternatively: IMAP (for non-Exchange Server): Access to voicemail messages for remote enquiry

  • Outbound SMTP: Sending of fax messaging, relaying of fax and voicemail messages to alternative recipient.

  • Inbound SMTP: The XPhone Connect Server receives SMTP messages from the mail server and converts them in fax or text messages. See also next chapter.

Since MAPI is not a network but a programming interface, security and encryption are beyond the area of influence of the XPhone Connect Servers.

If possible, use IMAP/s and SMTP/s; they are supported by the XPhone Connect Server.

Secure the connection between the XPhone Connect Server and groupware server/mail system with the measures described in the chapters above.

XPhone Connect UM services

You can find an overview of the service architecture in the web administration interface under System settings > UM > Services.

The Unified Messaging services have several TCP listeners for SMTP messages, which are converted into fax or text messages. These SMTP listeners currently work with the product but without integrated encryption and authentication. These interfaces are generally only used in server-server relations so that security mechanisms in the network are practical.

The recommended method is to activate the internal mail server (System settings > E-Mail Gateway). Its address is entered as SMTP routing target of a smart host (Exchange Server/Domino Server).

Under System settings > UM > General > Security, allow only those servers that are actually to send messages by fax or SMS. If the internal mail server is used, its IP address must be entered there. Usually all UM services are installed on one machine and the entry localhost is appropriate.

If other server (e.g. ERP systems) are to use the sending services directly via SMTP, their sender IP addresses must also be entered there.

Applications

Web applications

Basic information on the security of web applications

For increased security demands, we recommend encrypted HTTP connections even within the Intranet since browsers sometimes work with base authentication and passwords are otherwise transmitted as clear text via the network. By default, the XPhone Connect Server uses a security certificate generated during the installation. It may be replaced by a certificate used within the company. For publishing of XPhone Connect applications in the internet, the Microsoft Internet Information Server is used.

Web administration applications

Activate the SSL encryption of the web servers to be used (Microsoft IIS). Change the administrator password of the XPhone Connect Servers and apply a high password complexity. Secure the network connection between the web server and the XPhone Connect Server with the methods already described, which apply to all kinds of Ethernet connections.

Web service

The procedure described for web administration applications also applies to XPhone Connect Mobile, which use the XPhone Connect Web service. Ensure that the user select passwords with sufficiently high complexity. Use a password policy in the user management settings for a location of the XPhone Connect Server to ensure sufficient password complexity. An encrypted connection between the client and the server must always be used.

Windows client applications

Use encrypted VPN connections for operation across locations.

If possible, use only the integrated Windows login.

If you still need to use the XPhone Connect Server logon, use the password policy (User management > Location > Settings > Password policy) to set up password security to suit your needs.

Voicemail remote access

Remote access allows access to voicemail messages saved in the e-mail system or in the internal message memory. Access is secured by a numerical PIN.

If remote access is not needed, it should be disabled for the corresponding user group.

The Connect with caller option allows you to be connected to a caller via the PBX. If this feature is not required, it must be disabled.

PINs for remote access to voicemail messages are subject to special guidelines; please refer to Voicemail PIN.

Voicemail player

To check voicemail messages sent by email, XPhone Connect has a player application. This application plays a voicemail (WAV file) contained in the email as attachment on any telephone. The message is played by the voicemail player service on the UC Server.

In the current product, the connection for playback is not established via an authentication. The player must only be used within the Intranet.

Hint

We recommend to omit the use of the voicemail player application and to deactivate the corresponding server service if the security demands dictate this.

TAPI

XPhone Connect has a TAPI service provider (TSP), with which it is possible for TAPI-compatible applications to use the telephony services of the XPhone Connect Server.

The XPhone Connect TSP can be used with a special server account as well as with all user accounts.

The server account provides access to all lines assigned to users. Make sure to use a sufficiently complex password for this account. Since it is only configured once and is never used interactively, a high number of digits can be selected from a large number of characters. It is based on WPA keys for WLAN.

All other users only have access to the lines assigned to them. There are exceptions when using the TSP on terminal servers, which cannot be protected against unauthorised monitoring of foreign lines due to the applied principle. On the terminal server, only TAPI control functions (e.g. dialling/hanging up) are protected against access across users.

Hint

Note that the setting Disabled under System settings > Telephony & Meetings > Telephony > TAPI only disables the central server account and not the TAPI function as a whole. The TAPI function can be disabled completely by removing the corresponding licenses.

Telephone system

The following precautions must be taken for the telephone system:

  • In environments using XPhone Connect Servers, we generally recommend to block (expensive) service telephone numbers using the dialling control of the telephone system. The execution of code in the context of an authorised user can never be excluded even if the security measures are perfect.

  • The permissions for setting up external connections must be restricted in the telephone system.

Have you found an mistake on this page?

Please send us a hint about this error by mail to doku@c4b.de. Thank you very much!