Introduction
Integration of voice services into an IS/IT data infrastructure raises several questions and concerns as how to guarantee the same level of security, availability, and quality of service as the classic circuit-switched telephony infrastructure.
This document provides an overview of the security mechanisms available to protect the MX-ONE™ solution from threats that are typical of the IS/IT infrastructure. The described measures are either enabled in the system by default, enabled during the installation/configuration phase of the systems, or need to be enabled manually by the system administrator.
The security measures available for the MX-ONE system are mainly based on the following open standard technologies:
SSL (or TLS)
The Secure Socket Layer (SSL) or Transport Layer Security (TLS) provides secure access to IP phones and web services and secure signaling between IP phones and MX-ONE Service Nodes.
SSH
Secure Shell (SSH) provides secure console-based access to IP phones, the MX-ONE Service Node and the Media Gateway (MGU)
SRTP
Secure Real-time Transport Protocol (SRTP) is used to protect the media streams of the voice communication Mitel ASU-II or Mitel ASU-III.
- Correct configuration of the corporate Local Area Network (LAN) infrastructure
- Authentication and authorization of all users of the system, including end-users and administrators
- Security mechanisms provided by the target operating systems (SuSe® Linux and Microsoft Windows®) as well as hardening measures
Beside the security functions described in this document, there are a number of general security aspects that need to be covered and taken care of by a system administrator.
Every organization must have a clearly defined IT security policy in place, defining goals, assets, trust levels, processes, incident handling procedure, etc. The security mechanisms available in the MX-ONE system must be covered by and deployed according to this policy.
An important security measure to be implemented is to preserve physical security. Only authorized personnel shall have access to server locations, since many data-exposure attacks can be mounted by having physical access to a host. Further, the IT data infra- structure must have a solid design, security mechanisms and protocols must be enabled and all components of the whole system must be correctly configured and maintained.
Regional Requirements on Security and Personal Data
There may be specific regional requirements on security and on how “personal data” is handled. For example, the European Union’s General Data Protection Regulations (GDPR) of 2018 are such regional requirements. See the description MiVoice MX-ONE Personal Data Protection and Privacy Controls for details.