INFOGRAPHIC: Custom VoIP Phone Modification Capabilities

by Jaymie Murray 8. April 2015 09:10

The SST line of security products includes customisable VoIP telephones that are made to meet the security needs of today's commercial or government workplace. Standard VoIP phones can be easily customised to meet the level of security necessary, including disabling webcams and requiring smart cards or CAC cards for phone access. TEMPEST phones that meet SDIP-27 and NSTISSAM/1-92 standards are also available and can be customised. 

Customisable VoIP Telephones SST offers a standard, COTS VoIP telephone that can be modified to suit the security needs of individual users and their environments. Customisations include enhanced TEMPEST security, access control via a smart or CAC card, visible positive disconnect, and more. Custom VoIP Telephone Capabilities Push to Talk / Push to Mute Handsets Enhance the security of telephones when used in sensitive areas, physical disconnection of handset microphone, plug and use functionality directly replaces OEM handset. Positive Disconnect Positive assured physical disconnection of all microphones and speakers within the telephone, also available with optional visible confirmation LED. TEMPEST TEMPEST VoIP telephones f or deployment into sensitive areas to ensure security (SDIP-27 and NSTISSAM/1-92) Bezel Modification Access Control Identif y separate security classification LANs or areas with easily distinguished bezel colours, logos or Biometric, smartcard, CAC card or token access to VoIP services, combined with centralised identity/profile with easily distinguished bezel colours, logos or department-specific information. services, combined with centralised identity/profile lookup. Custom Developments SST has demonstrated expertise in telephone modification with in-house 3D CAD modelling and rapid prototyping in a Government secure site with security cleared personnel, crypto integration and test facilities. Fibre Ethernet Connectivity Easily deploy VoIP telephones into areas which only have a fibre network. Dual fibre enables deployment without re-cabling , simply connect the telephone to the fibre network and the PC to the telephone. Easy Disable Microphone Webcam Speakerphone Applications Ministry of Defence Commercial Government sst.ws/voip-capabilities.php sst.ws/voip-capabilities.php

Learn more about our VoIP capabilities, contact us, or request a quote

Tags: ,

Infographics | Secure Systems & Information Assurance

Can Certain Third Party Data Hacks be Prevented?

by Tara Condon 14. October 2014 13:03

By: Tara Condon & Henry Gold

 

Last fall, John Gainor, President and Chief Executive Officer of DQ, posted a memo for Dairy Queen and Orange Julius customers regarding a recent data hack. At its centerpiece, was the revelation that a third party vendor compromised account credentials and gained access to customer data.  DQ should be applauded for its thorough investigation following the attack and its forthright communication to customers regarding the same. However, the question remains for CISOs everywhere: Can this type of hack be prevented?

 

Third parties regularly access networks for legitimate reasons.

Companies regularly allow third party access to internal systems. Common reasons for enabling this access include systems administration and programming. Increasingly more common is the granting access of to information technology and communication service providers who troubleshoot, fix, and maintain computers, web sites, networking resources, and voice systems. Often, these third parties require administrator-level access to complete their work. Many times, access to these systems are not secured or well implemented using simple password authentication which is easily breached.

 


But, companies often have little control over third party activity on the network.

Companies typically control the front-end of vendor access with passwords or more robust security measures, such as software tokens or PKI based authentication (two-factor). However, once the third party is on the network, they typically have unmonitored, and often unfettered access, to a variety of systems. Here is where the risk of data theft or system breach is significantly increased. Even if the company ends its relationship with a third party, this risk is often undiminished as backdoors can be opened to a variety of network resources.

 

Companies spend a good deal of time and money to vet and hire employees. One hopes their third party vendors do the same, but that is not always the case. Companies may never meet or even see the wide network of third party employees who regularly work on their system. As such, gauging risk becomes nearly impossible.

 

A system that offers control and visibility is good for companies and third parties.

The ideal system provides controlled third party access along with visibility and monitoring. The good news is that these systems are available today. A company should be able to define and control who is on the network, what they may access, and what they are permitted to do. The system would then provide visibility into activities on the network and alert company representatives in the case of suspicious activity.

 

One would think that third parties bristle about added controls. However, many third parties have wholeheartedly embraced the concept. Having a third party access system in place makes their jobs easier: These third parties can focus on service delivery instead of concerning themselves with network access. Furthermore, the added visibility lets third parties demonstrate – in real time – the value they provide.

 

For more information on this and other security-related topics, follow our Secure Systems & Information Assurance (SSIA) team on LinkedIn.

 

About the Authors:

Tara Flynn Condon (@api_taracondon) is a published writer and Vice President of API Technologies Corp.

Henry Gold is an expert and frequent speaker on security topics and General Manager of SSIA North America for API Technologies Corp. 

Tags: , ,

Secure Systems & Information Assurance

Month List

Tag cloud