Cyber criminals and state-sponsored hackers are increasingly initiating sophisticated phishing attacks on organizations via chat. In fact, they are exploiting open federations, where any UC domain can send chat invitations. UC Exchange guards against phishing attacks by allowing only UC traffic from explicitly authorized federations to be routed to members’ UC domain. Furthermore, NextPlane’s patented technology provides organizations control over the type of traffic (IM, presence, voice, video and file transfer) that should be allowed or denied across their business network and collaborative communities.
UC Exchange supports secure-SIP for federation traffic. As a result, federation traffic is encrypted end to end, and your data is protected.
UC Exchange supports both XMPP over TLS and dial-back. All XMPP servers support dial-back security. What’s more, Jabber and OpenFire can be configured to use TLS as well. The combination of server dial-back and TLS provides both authentication and encryption for XMPP communication between UC Exchange and XMPP servers. With UC Exchange, your private IM conversations will remain private.
NextPlane UC Exchange Voice and Video Collaboration Service uses SRTP (Secure Real-Time Transport Protocol) to encrypt voice and video media traffic.
Special TLS Support for Cisco WebEx Messenger
UC Exchange enables Cisco WebEx Messenger to establish TLS-based federation with Microsoft Office® 365, Skype for Business, Lync 2013 and 2010, OCS 2007 R1 and R2; IBM Sametime; and GENBAND EXPERiUS. As a result, organizations can encrypt all their real-time communication with their customers and business partners, regardless of their underlying platforms. UC Exchange TLS support for WebEx Messenger, which is recommended by Cisco, is the only federation solution that works in conjunction with Cisco’s recent addition of TLS support for WebEx Messenger.
UC Exchange uses public certificates that have been signed by a certificate authority to make TLS over SIP or XMPP connections to establish federation.
UC Protection Key Features
UC Exchange UC protection Includes:
- Accepts only SIP/XMPP messages when the source and destination domains in the message are part of the UC Exchange directory. Messages containing unknown source or destination domains are simply discarded.
- Accepts SIP messages only over a TLS connection, and for TLS, UC Exchange will only accept certificates from the set of known and valid certificate authorities.
- Allows a member’s UC to treat UC Exchange as its sole “federation gateway.” The firewall in the UC perimeter network can then be configured to allow communication only with the UC Exchange IP address. This will ensure any direct rogue attacks are stopped at the UC firewall immediately.
- Blacklists domains or users to stop attacks from known culprits.
- Defends against DDoS attacks at the network, session and application layers. For example, the infrastructure is able to blacklist specific IP addresses involved in an attack.
- Accepts and processes only messages that are relevant in the context of UC federation, i.e., those related to chat, presence, voice or video communication. In other words, it’s impossible to mount an attack consisting of “control” messages that may destabilize UC systems.
- Uses a specific FQDN or IP address for a domain instead of the published SRV records (if any). This ensures that UC Exchange only communicates with trusted endpoints, even in the case of DNS service hijacking.