Network and Communication Security

Your network infrastructure is important in protecting your system. Your network needs to support the communication necessary for your business needs without allowing unauthorized access.

A well-defined network topology can eliminate many security threats based on software flaws (both on the operating system and application level), or network attacks such as eavesdropping. If users cannot log on to your application or database servers at the operating system or database layer, then there is no way for intruders to compromise the machines and gain access to the back-end system database or files. Additionally, if users are not able to connect to the server LAN (local area network), they cannot exploit well-known bugs and security holes in network services on the server machines.

For the basic idea of implementing Sinch Contact Center, see the graphic in the chapter Technical System Landscape. More information is in the following topics:

  • Network Segments

    This topic shows the appropriate network segments for the various client and server components and where to use firewalls for access protection. It also includes a list of the ports needed to operate Sinch Contact Center.

  • Communication Channel Security

    This topic describes the protocols used by Sinch Contact Center, and ports that must be opened to enable communication.

  • Communication Destinations

    This topic describes the external communication destinations.

Note:

To apply security-level high measures:

  • Enforce encryption on database connections on the SQL Server.

  • If external services (such as JDBC or LDAP) are used, network communication must be appropriately secured by using the SSL/TLS-enabled protocol variant. For more information see Microsoft instruction on a 'minimal principle' authorization concept.

  • Prevent malicious attacks via ECF Visitor Chat: If the Visitor Chat functionality is deployed to the system, make sure that the used web page is protected by firewall settings.

  • Call Attached Data (CAD) used for customer indentification is subject for manipulation. We recommend using two-factor authentication.