Critical care announcement

CommuniGate Systems has implemented new measures to insure all of our customers have access to support around the clock. No matter what level of services level agreement in place, our response time will be elevated for all systems administrators of the CommuniGate Pro Unified Communications platform. We have also activated critical support procedure for supporting our government clients involved in mission critical national notification and communications systems.

We understand the importance of the communications that our platform is entrusted to provide. Our mission is always to provide security and business continuity no matter what. To provide peace of mind to those whom manage mission critical communications during the COVID-19 crisis we have added resources to ensure our continued reputation as a highly reliable platform for the Regulated Industries.

DevOps for Cloud services

CommuniGate Systems is looking for new Devops Engineers to join our team. Our technology is Unified Communications for the Regulated Industries marketplace. We offer the service from our data center in Luxembourg across Europe.

There are possibilities for positions in our Luxembourg and Nice France locations. We would also consider candidates that are motivated and can work from remote locations.

Skills for the ideal candidate:

– Strong DevOps running hosting systems on Linux or FreeBSD
– Should know email protocols on the command line, not click boxes
– Must know Internet fundamental protocols; DNS, TLS, SSL, TCP/IP
– Bonus to know real-time protocols; SIP, WebRTC and firewall tricks
– Big plus for skills in messaging protocols like SMTP, XMPP, DMARC
– Multiple language capability; i.e. French + English or German

Apply by connecting to us through one of our offices or send your CV and cover letter to geekgigs @ communigate.com

Messagerie : 5 problèmes de sécurité à traiter en 2020

En tant que chef d’entreprise, vous désirez sécuriser la messagerie électronique de votre société contre le piratage informatique. Vous avez entièrement raison ! En effet, une intrusion malveillante peut avoir de graves conséquences, comme le vol de données sensibles, par exemple. C’est la raison pour laquelle il est très important de mettre en place une réelle politique de protection contre les cybermenaces en 2020. Afin de relever le défi de la cybersécurité , nous allons aborder les 5 points qui doivent vous convaincre d’installer une messagerie sécurisée appartenant au cloud privé. Pour en savoir plus, suivez le guide !

Quelques chiffres clés dans le monde de l’entreprise en 2019 :

  • Les Spams constituent entre 55 et 95 % du trafic total des emails ;
  • 88 mails sont reçus et 34 sont envoyés quotidiennement en entreprise;
  • 12 mails sont identifiés chaque jour par les employés comme étant des Spams ;
  • le Phishing en entreprise concerne l’espionnage industriel dans 65% des cas.

Problème n° 1 : le manque de formation des employés face aux cybermenaces

Actuellement, les employés sont encore imprudents en ce qui concerne les problèmes de sécurité de leur messagerie électronique. Ainsi, ils continuent de stocker leurs données sur Gmail ou sur d’autres messageries en accès public ! Ces pratiques transforment les employés en une cible de choix pour les cybermenaces. En effet, les cybercriminels n’hésitent pas à envoyer en masse des mails malveillants, des Spams, etc . Ils utilisent aussi la technique frauduleuse du Phishing pour tromper les employés afin d’obtenir en retour des données sensibles. C’est pourquoi les hackers n’hésitent pas à envoyer des liens frauduleux et se font passer pour des banques, des fournisseurs d’accès à internet, des sociétés partenaires, etc.

Problème n° 2 : le piratage informatique de plus en plus ciblé

Sur les médias sociaux, toute information est publique et transparente. Lorsqu’une entreprise est présente sur ces plateformes, les hackers peuvent facilement avoir accès à sa structure et à sa hiérarchie. Par ce biais, ils peuvent facilement usurper l’identité d’un dirigeant, copier le logo d’une entreprise et envoyer des mails frauduleux. De cette façon, ils arrivent à obtenir des documents confidentiels, comme le listing des clients et d’autres données numériques sensibles (code bancaire, etc.).

Problème n° 3 : les ordinateurs professionnels utilisés sur des serveurs en accès public

Si votre entreprise n’utilise pas encore une messagerie sécurisée, les hackers peuvent très facilement prendre le contrôle de vos ordinateurs. Ces derniers sont alors utilisés comme une arme d’attaque contre vos activités professionnelles. C’est la raison pour laquelle les effets d’une attaque de Phishing nuisent gravement à votre e-reputation. Par exemple, si les hackers aspirent toutes vos données bancaires, ils peuvent également vider les comptes de votre société. Surtout que les cybercriminels se servent également du Phishing pour aspirer les données de votre clientèle !

Problème n° 4. : le défi de la cybersécurité à relever sur tous les appareils connectés de l’entreprise

Il n’y a pas que les seuls ordinateurs de l’entreprise qui peuvent être piratés. En effet, un piratage informatique est tout à fait possible depuis un Iphone. Il suffit d’envoyer à un de vos employés des textes avec des liens qui, lorsqu’ils sont ouverts, compromettent la sécurité de son smartphone. En effet, ces liens téléchargent des logiciels malveillants. C’est ainsi qu’un hacker peut espionner à distance votre entreprise et placer un Iphone sous contrôle.

De la même façon, les caméras de surveillance et les routeurs WIFI sont des outils utilisables pour pirater le système informatique de votre entreprise. C’est pourquoi nous vous conseillons vivement d’utiliser notre messagerie sécurisée. N’oubliez pas que les cybermenaces peuvent s’étendre à l’extérieur du périmètre de sécurité de votre entreprise !

Problème n° 5 : l’impossibilité de sécuriser une messagerie professionnelle sans prévoir une check-list

Pour protéger votre entreprise des cybermenaces en 2020, il est primordial d’adopter des bonnes mesures pour assurer la sécurité de votre messagerie professionnelle. En premier lieu, vous devez informer votre personnel des dangers du Phishing et des Spams. Ensuite, vous devez entreprendre un nettoyage de tous les ordinateurs susceptibles d’être contaminés par des logiciels malveillants.

Nous vous conseillons d’installer : 

  • un pare-feu, des anti-spams ;
  • une messagerie sécurisée afin de supprimer la majorité des emails frauduleux ;
  • un contrôle d’accès Wifi de votre entreprise ;
  • un filtrage antivirus afin d’assurer la prévention des intrusions ;
  • un contrôle permanent du contenu des messages envoyés et reçus par vos salariés, etc.

Qui sommes-nous ?

Nous sommes Communigate, une entreprise américaine implantée en France. Nous respectons la législation française en matière de protection et de respect des données des internautes (RGPD). Par conséquent, nous ne sommes pas soumis aux lois américaines, comme le «patriot act » et le «cloud act ». En effet, ces deux lois antiterroristes permettent aux agences gouvernementales américaines (NSA, CIA ou FBI) d’obtenir des données informatiques détenues par les particuliers et les entreprises, sans autorisation préalable et sans en informer les utilisateurs. En résumé, la protection de vos données informatiques est fondamentale à nos yeux. Nous garantissons la confidentialité de notre messagerie sécurisée qui appartient au cloud privé.

Quels sont nos principaux clients ?

Notre messagerie sécurisée s’adresse principalement aux entreprises des industries règlementées comme :

  • les organismes bancaires et financiers ;
  • les compagnies aériennes et de transport ;
  • les institutions publiques comme l’Education Nationale, les hôpitaux, les organismes gouvernementaux, l’armée française, etc.

Toutes ces entreprises possèdent des données à protéger et ne peuvent pas se permettre d’utiliser les messageries publiques (Gmail, Outlook, Whatsapp, etc.). 

Grâce à notre solution de messagerie sécurisée, vos emails professionnels sont cryptés de bout en bout et les données de vos employés et de votre clientèle sont à l’abri des intrusions malveillantes. 

Pour ne pas exposer plus longtemps votre entreprise aux cybermenaces, contactez-nous !

Managed Services Engineer

We are seeking new members to join our services team. The role is not a traditional support technician. Our clients seek our help in managing their CommuniGate Pro platform just like we are a part of their operations team. We monitor the system, provide updates, tuning, tweaking and enable better utilization of the product in their organization.

Our Managed Services Engineers go beyond the traditional “support” role. If this sounds like a way to leverage your geek skills we are a team looking for new members!

Optimal skills and experience for candidates:

– Should be very well versed in email and/or messaging systems on Unix / Linux / BSD platforms. SMTP, IMAP, XMPP, SIP

– Knowledge of real-time apps using XMPP, SIP or WebRTC a plus

– Strong troubleshooting skills / process of elimination

– Ability to communicate with clients as if they are colleagues through trust and appreciation no matter what skill levels

– Strong skills in Internet standards like DNS, networking, scripting

– Proven ability to work virtually as a team with global organization

– We are seeking several candidates in Europe and the USA. Language skills of French, German and English are a plus.

Apply by connecting to us through one of our offices or send your CV and cover letter to geekgigs @ communigate.com

Sales Engineer positions

We are looking for new members of the customer facing team to help our clients add value to their organizational collaboration. The Unified Communications platform CommuniGate Pro is highly adaptable with a rich set of APIs that requires our technical engineers to support diverse customer topologies.

Our Sales Engineer positions are available in the USA and the European region. The ideal candidates would love carrier scale messaging systems and enjoy helping clients on-site or through virtual sessions.

Skills for the ideal candidate:

– Strong in Unix or Linux or FreeBSD
– Should know email protocols on the command line, not click boxes
– Must know Internet fundamental protocols; DNS, TLS, SSL, TCP/IP
– Bonus to know real-time protocols; SIP, WebRTC and firewall tricks

We serve a wide variety of clients in the regulated industries marketplace. The position requires the ability to adapt and design systems with agility. Apply by connecting to us through one of our offices or send your CV and cover letter to geekgigs @ communigate.com

New office in Nice France!

We are pleased to announce our new CommuniGate Systems European office located in Nice France!

Choosing where to invest in a city was not a simple thing for us. We are now in business for over 28 years and we like plan for the long term! It was important for us to be able to serve our clients in the French speaking market with a location that is easy to connect with. At the same time it was paramount to building a team of excellent talent that whatever city we chose, would have or attract the best in the industry.

When asked by colleagues in the industry to explain a bit about our choice and the benefits it was a pleasure to share the wonderful aspects of the metro Nice region.

– Top of the list for us geeks was the superb internet connectivity. All the commercial buildings in the Ville de Nice have fiber and yes, also when you go home too! Our team members in San Francisco were amazed that even some of the 400 year old apartments here in Nice have fiber to the house, and it is under 30€ a month!

– Transportation can really suck when you are commuting to work in the major technology hubs of California and Europe. We found the recent investment in the new Tramway to be spot on. The system is low cost; about 1,5€ each direction. Plus there are subscriptions with discounts for our staff and it makes our visitors happy too!

– International and regional travel is top as well. The airport in Nice is perhaps one of the best we have seen. Currently #2 in France in terms of the flight volume and recently renovated with good taste. Big plus for the airport to us is that the tram goes right into both terminals making the hop into the city a snap.

– For many of us here at CommuniGate Systems the environment and the plan for the transition to electric powered transportation is important to support. We want to be an active participant of green transportation and not just talk about it. Nice is taking the lead with electric busses, EV charge stations in most every public parking or shopping centers and a new city expansion called the Eco Valley. This sector is is already home to many hi-tech and bio-tech companies with many zero energy buildings.

– Best of all Nice is very accustomed to intentional tourism and welcoming to visitors. The community has been international for more than 2 centuries.

To better serve our clients in the regulated industry our operations in France will provide managed services for Private and Hybrid Cloud topologies. Often times we are faced with the reality that regulatory requirements mean data center and staff must be on the territories we service.

Our staff here in Nice will be multi-lingual and have skill to provide the best services for the most demanding environments. For nearly three decades organizations have depended upon CommuniGate© products and services for their business communications. We strive to let your company have peace of mind while delivering the best innovation for unified communications on the marketplace.

Time to talk about the SMTP plumbing & those nasty vent traps!

DMARC stands for “Domain-based Message Authentication, Reporting & Conformance.” DMARC is protocol that uses SPF and DKIM to determine the authenticity of an email. SPF (Sender Policy Framework) is a DNS entry and protocol which provides a list of SMTP servers that are considered “permitted”  to send email for a domain. There are 2 “From” addresses in an email message: the envelope From (Return-Path) and header From. SPF verifies the former, however a regular user does not see “Return-Path” and “could” falsely assumes the domain from the header “From” as the sender domain.

SPF is really different from DNS “MX” records, which are also DNS entries, that in the reverse sense, tell sending email servers what IP address/s are to be “contacted” to submit emails for a particular domain. Think of it as “who is the” postman for a particular neighborhood, whereby you call that person/s up and say “hey, I have letter for somebody in your block, can you take that for me and give it to them?”

DKIM on the other hand is a way to “validate” that emails have not been tampered with once they left the domain sending the email. DKIM  is like a “stamp” or “watermark” if you want to think of it that way. Besides validating that an email was not tampered with, DKIM validates the domain in the “From:” header; and one can easily conclude its significance when considering spoofing. A message may have multiple DKIM signatures, every server it passes through may add its own signature, but only the one matching the domain in “From:” is worth considering.

Also, we need to point out that DMARC is perhaps the one “main” thing which makes DKIM signatures quite useful. DKIM signatures are not mandatory and a fake/invalid signature is equivalent to no signature.

DMARC is a policy reporting system that acts when both SPF and/or DKIM fail in order to help inform senders might be spoofing or phishing in ways that enable email SPAM.

Your DMARC record is published alongside your domain DNS records (SPF, A record, CNAME, DKIM, etc.). Unlike SPF and DKIM, a properly configured DMARC policy can tell a receiving server whether or not to accept an email from a particular sender. It is important to note that not all receiving servers will perform a DMARC check before accepting a message, but many of the major ISPs and enterprises do and its implementation is growing rapidly.

Some of the benefits of DMARC

  1. Publishing a DMARC record protects your company brand by preventing “spoofers  bad guys”  from sending mail from your domain. In some cases, simply publishing a DMARC record can result in a positive reputation bump.
  2. Using or ingestion of DMARC reports increases visibility into your email server by letting you know who is sending mail from your domain.
  3. DMARC helps the global email community to establish a consistent policy for dealing with messages that fail to authenticate. This helps the email ecosystem as a whole become more secure and more trustworthy.

What can you do to deploy DMARC on CommuniGate Pro?

CommuniGate Pro has built in features for DMARC and we also have provided some tools to help you get up and running quickly. We also have the best support for the platform by the people that code it! So, when in doubt or when you need some tips or tricks, you can also reach out to the team.

First you can start by setting up DKIM on your CommuniGate Pro platform by following the tips here:

DKIM with CommuniGate Pro

CommuniGate versions 6.2.x have DMARC built-in….see about “Check SPF records” in <Setup tips SPF & DMARC>

We also are providing a script for easy setup and performance of the DMARC features if required in older versions:

CommuniGate Pro script repository

Additional Resources

European operators are poised to take control of the clouds over the EU

When discussing the systems used for email it can often times be quite different depending upon the generation of the person you are talking to. For many of us that have grown up in the last 30 years, email is a web based system. There are no apps or software to install like was the case for those of us that lived with Apple Mail or MS Outlook as the client.

Many of us grew up kind of expecting certain things like email accounts to be free….albeit provided normally by a search company trying to use us as advertising targets for their customers (outbound marketing clients). Most of us are probably are familiar with the term “nothing comes free” but the nuances of advertising were somehow “manageable” to avoid buying into a paid or professional system.

Whether you “see” email as a desktop program or browser what is common among all of us today is the issue of security and privacy. It seems a week cannot go by without some new revelation being disclosed about somebodies email or private information being released.

Compounding the issue of security and privacy for European companies is the control of “where” their email resides and under what or “who’s” laws are controlling the access to that data. Email often times for a business is data that contains valuable information about their company’s products or trade secrets. That means for anyone using a free system, those overlooked “click wrap legal agreements” typically blur the ownership and access rights because they need to use that data for advertising purposes. This can be a show-stopper for an organization that needs to protect not just its products and services information rights; but those rights of its employees too. For Europe, staff working in the company or public agency have rights under European regulation and the organization is more than compelled to oblige.

The cloud services topology and emergent WebRTC based unified communications has come quickly across the spectrum and brings with it rays of fresh sunshine on an otherwise impenetrable playing field. There is a massive opportunity for European hosting providers to offer Unified Communications in a private or National Cloud and compete head on with advertising based services that cannot offer localized support very well and have legal barriers to adoption for anyone concerned with European legal protection. Hosting companies that once saw large cloud service providers as a tidal wave dumping free services across their subscriber base now find themselves in a unique opportunity to add high value services within the legal frameworks of their respective markets.

CommuniGate Systems provides unparalleled stability and reliability in its hosting platform for over 25 years enabling more than 250 network operators to deliver quality inside their market place. Join our community today and talk to one of our regional representatives about how we can help you build a branded Unified Communications solution that is complaint.

Locking down access to webmail on your national or private cloud service

For many, if not most of our partners in the network operator & application hosting space the challenges of identifying the subscriber has become nothing short of a nightmare in recent times. Password based security by itself no longer is manageable, secure, and aggravates the user experience of the service by adding layers of frustration to the authentication sequence. Lets look at some techniques that will mitigate some of these challenges and provide some added assurances to the customer experience that the service security policies are effective, but also thoughtful of the impacts on the user.

We have in CommuniGate Pro a certificate authority built into the platform and for the purposes of our chat today we will focus on using TLS certificates in combination with multi-factor authentication to lock down access while providing a reasonably smooth user experience. We should point out that this type of model is typically in demand for business subscribers, especially governmentally regulated industries, i.e. banks, air transportation, government agencies and healthcare are especially pushed to conform to certificate based security topologies. One of the challenges of the topology is the management and setup of the devices which is normally mitigated when the system is operated by IT departments and “bring your own” devices are not permitted, unless they are put under such management.

So what the heck am I talking about in simple terms? Certificate based TLS sessions are where the client system, laptop, desktop or mobile have installed a signed digital certificate that is presented to the service during the SSL connection session. That means that the computer trying to “login” must also have this certificate to present to the service as a means of determining that the computer itself is authorized, not just the user credentials.

 

The illustration above shows  a typical deployment at a network operator with a Pronto! based web access method for the subscribers. In the private cloud all the users must conform to 3 added policies to “get into” the service:

  1. Password and user challenge / response is met with a biometric scan using our multi-factor API and mobile client
  2. TLS certificates must be present on the client machines and presented to the server
  3. The network that the machine is coming from must be on the list in the server policy

Furthermore the network operator has also placed several “good practice” policies on the public access network for reception and transmissions of messaging content. In many cases we are seeing that inner agency traffic, for example from the police to the justice department are required to also present TLS certificates. Adding TLS certificates on the SMTP sessions is highly recommended to “tamp down” the flames of SPAM and create policies that control what you want coming in versus the model of “cleaning up” the junk after it arrives with a open SMTP policy.

It should be stated as sometimes there is confusion about “email encryption” and if that means encrypting the mail itself or the transportation of the mail. For our purposes of this discussion we are talking about  TLS / SSL and that is all about the “transport” not the encryption of the email itself. Email encryption is performed in the CommuniGate Pro platform with a cousin technology called S/MIME that we will discuss in another blog posting.

In the hosting model we have two “doors” that we are talking about locking or having keys for the user to open. First is the “web access” or Pronto! webmail that combines all its communications over a HTTP/S session. That means we can send/receive mail, VoIP calls, and perform actions on the calendar or directory with a single socket connection; in this case HTTP/S using the TLS certificate to control whom and from what system can open the door. The other doorway we are talking about controlling is public or external to the “domain” in question. That means if in my example of the police and the justice department are on separate services, each can install the TLS certificates on their respective SMTP/S configuration profiles and lock the doors for any abuse or fraudulent attempted access.

While most of our talk is centered around the installation of TLS certificates on the access computers, we should not lightly skip over the way the user should authenticate. In the end of the day, if a computer is stolen, or accessed by an imposter, all they need is the fingers on the keyboard. Often times security breeches are performed by persons with mal-intention within the organization or on the periphery, like a partner or even staff with access for cleaning and maintenance of the facilities.

Password based authentication is only designed to determine that a password is “correct” not that the person is actually who they say they are. Biometric authentication in a multi-factor policy is the best method today for adding a layer that is far more precise, but also simple to use compared to lengthy passwords that are difficult to enter and remember for the user. CommuniGate Pro has build a simple to user and re-brand mobile client for TouchID on iOS devices and Android systems with biometrics sensor features. We can also “fall back” to secure session data code transmissions or least secure SMS code validation but strongly suggest that biometric scan policies are enforced for the most reliable and traceable security policy on your cloud service.

REFERENCES:

CommuniGate Pro PKI infrastructure

Tips for protecting the SMTP session on CommuniGate Pro 

 

The ever increasing opportunity for National Cloud value added services

Seems to me…… where & “with whom” you “float your ballon” is just as important as what “type” of ballon you have to fly. Translating that into the terminology of Cloud Computing; what legal rights you have based on who’s stuff (service) you are using might be more important than the type of technology you have for security. That means if I use great passwords or encryption, it might be less important than if all my “stuff” is at the end of the day controlled by legal agreements I submitted to knowingly or un-witingly.

For the purpose of this post we want to put aside technology to another discussion or topic, meaning lets chat about the benefits or ramifications of security, i.e. encryption or access controls another time.

The underlying subject of security that often times gets overlooked completely when discussions are made about cloud computing is the legal umbrella you might be walking under when using a cloud based system or service. Most of us click, and few of us read those EULA’s that come with all the popular email, chat or voice/video systems in use today. Often times these “agreements” include in one way or another the accord that “by using this service you explicitly agree that the jurisdiction controlling this usage License is xxxx”. Furthermore, many of these click-wrap agreements (for free and paid cloud services) indicate that your rights are forfeited and you should stop using that service if you do not agree to the jurisdiction.

Many telecoms and network operators have a massive opportunity in that they more than many can provide a National Cloud that has a lot of benefits for not just the public, but we also find many governmental organizations demand a local provider. I recently was speaking with a “post office” that uses one of our partner network operators for email. Kind of ironic huh? I mean mail man using email, but OK jokes aside they too must have a way to communicate electronically by inner-agency messaging systems, and want those to be “housed” inside the country domain, both physically and legally.

I have found that at root or the core of a value for many of our partners is the legal ability (licensed operator) to issue phone numbers. Over the top services have in many cases overwhelmed many operators globally. But “nationally” the potential is just as it is today with phone numbers if you think about @Internet address space that can be nationalized. Many of the weaknesses of technical limits can also be overcome when a domain is controlled, regulated and managed on a national level.

Take the example of a provider issuing internet address space on a National Cloud for email. Not only can the legal use License be placed under local laws and regulations (benefit for business owners), but security and abuse can be managed far more than un-managed public messaging services. Simple case, a user or domain is fake or sending abuse mail, it can be de-commisioned. Adding to this, the National Cloud operator can add value by certifying the origin of the mail, the contents of the mail (not having been tampered with) and much more, making email professional and far more trustworthy.

With over 200 Network Operators as partners, we have a unique visibility on the values of Unified Communications as a Service and understand what not to do, what works and what does not work. If you are a service provider and are interested to provide high value business communications in your region we have a unique way to work; as a partner relationship not a vendor/client. We listen and we adapt to your local requirements better than most.