Currently, analog and ISDN networks throughout Europe are being switched over to standard Internet Protocol (IP). End customers and resellers need to deal with IP telephony. Here, the issue of security also plays an important role. innovaphone, manufacturer of IP Telephony and Unified Communications solutions made in Germany, has a secure solution for this.
The innovaphone PBX is equipped with a lot of different security mechanisms that provide the best possible protection against a wide variety of attacks.
In this context, innovaphone is permitted, for example, to carry the trust seal "IT security made in Germany" from TeleTrusT, the German IT security association (Bundesverband IT-Sicherheit e.V.). It is awarded exclusively to German IT companies that develop their products in Germany and meet strict criteria on IT security and data protection.
Within the scope of a labelling initiative, TeleTrusT introduced the optional labelling “IT Security made in Europe” in 2020 and awarded this trust seal to innovaphone in addition to the trut seal “IT Security made in Germany”.
The innovaphone PBX runs on a very lean and fast operating system that has especially been developed. Viruses, worms and Trojans are not known for this operating system. The different ways of communicating from establishing connections, over voice and data connections to administration and address data access can be controlled via a variety of standardized security protocols. The DTLS-SRTP protocol allows device-to-device encryption. This high degree of security is available for all innovaphone PBX connections, if necessary.
The increased prevalence of SIP ports caused by the switch from the ISDN network to All IP across Europe is accompanied by uncertainty and new security requirements because All IP makes it necessary for every PBX to be open to the internet. The innovaphone Session Border Controller (SBC) supports all relevant security mechanisms and reliably protects the innovaphone PBX against attacks from the internet. Since the innovaphone SBC is directly integrated into the innovaphone PBX, no other external or third-party SBC is needed. This simplifies installation and ensures 100% compatibility, bringing a cost advantage for the customer. The innovaphone SBC can either run as a separate process on the innovaphone PBX or can be installed on a separate innovaphone VoIP gateway.
One special challenge for security is caused by the additional demands of borderless communication and mobility, as it is the case with Unified Communications and WebRTC solutions. The innovaphone Reverse Proxy is particularly suited for such Anywhere Workplace scenarios. As an independent component in the innovaphone Reverse Proxy, it serves as a central authority for all inbound connections from the internet. As a result, attacks are detected and repelled at an early stage. In the same way as the innovaphone SBC, the innovaphone Reverse Proxy can either run as a separate process on the innovaphone PBX or it can be installed on a separate innovaphone VoIP gateway, e.g. the IP0011.
Having access to myApps anywhere and anytime provides a lot of flexibility and mobility for users. However, specialized security mechanisms against unauthorized access, so-called brute-force attacks, are required to make sure that the accounts are adequately protected. If the innovaphone PBX recognizes such a brute-force attack on a myApps user account, an automatic mechanism will slow down the login attempts of the attacker. New login attempts with a wrong password will be blocked for increasing time intervals. The blocked account can then only be unblocked by the respective user entering the correct password.
TLS |
- |
Encryption and certificate-based authentication for various applications |
HTTPS |
- |
HTTP over TLS, encrypted web access to administration |
H.235 |
- |
Authentication with encrypted password |
SIPS |
- |
SIP over TLS, SIP security |
H.460.17 |
- |
H. 323 over TLS, registration and signaling via TLS encrypted |
SRTP |
- |
SDES-encryption of media data (voice, video,...) |
DTLS-SRTP |
- |
TLS encryption of media data |
LDAP via TLS |
- |
Data encryption for contact data via LDAP |
IEEE 802.1X |
- |
Access control to the network, also with EAP-TLS |
Kerberos |
- |
Authentication via central server |
X.509 Certificates |
- |
Certificate-based authentication for TLS |