product security at swisscom (switzerland) ltd · identity fraud definition: when a person or...

Product security at Swisscom (Switzerland) Ltd

Product security at Swisscom (Switzerland) Ltd 3

BlackBerry® 8

Bluewin e-mail 10

Business Internet light / standard 12

COMBOX® 14

Connectivity products 16

Corporate Mobile Network (CMN) / Mobile Business Group (MBG) 18

Corporate Network Access (CNA) 20

Fixed-line telephony (analogue and digital ISDN) 22

Hosted Exchange Professional 24

International roaming (voice, data, SMS) 26

Internet connection 28

iPhone / iPad 30

MMS 32

Mobile Unlimited 34

Mobile Voice 36

SMS 38

SMS Large Account 40

Webhosting 42

Table of contents

What‘s involved?Security is a central and sensitive issue in connec-tion with (data) communication, both from a cus-tomer and network operator perspective. In short: while the theoretical risks are undoubtedly high, the actual dangers are currently manageable.

This documentation contains facts on security questions relating to fixed network and mobile products as well as integrated solutions.

The key issue is product security and the associated dialogue between Swisscom, its customers and the public (media).

These facts are drawn up, reviewed and updated on an ongoing basis at Swisscom by product managers in collaboration with security officers, the relevant segment, the communications department and the Legal department.

What can happen? The threat level for Swisscom and our customers changes constantly. Swisscom pays close attention to these developments, but there are still threats that arise repeatedly. The threats that occur most frequently are listed below:

Data theft

Definition: Attempt to obtain unauthorised access to call content and transmitted data using technical resources. No distinction is made in terms of whether access is gained by employees, external partners or third parties.

Scenarios: Attack on the data or telephone network; manipulation of devices (PCs, smartphones and tab-lets) or ”break-in” at the data centre.

Attack and protection: In mobile telephony, the air interface from the device to the antenna is encrypted. Algorithms of varying strengths are used for this purpose. In Switzerland, encryption with the strongest algorithm is the standard. There is at

least a theoretical possibility of an intruder tapping the call / data flow. However, an intrusion of this sort requires serious criminal intent and expertise as well as special technical equipment.

What holds true for mobile telephony can also be applied to the fixed network and solution products.

A person‘s main means of protection is to give access to personal data only to those people who need it and to do so either by setting up correspond-ing access and access rights or by storing and transmitting those data in encrypted form.

Swisscom regularly tests its own networks with a procedure known as ”ethical hacking”, i. e. it employs experienced hackers to simulate attacks on its own network. This identifies possible weaknesses, which are then remedied.

Swisscom also conducts regular security audits, identifies and evaluates security risks and introduc-es the necessary countermeasures.

Special attention is also given to physical security, such as access protection for instance, to ensure that only authorised individuals can work on the computer systems.

Data manipulation

Definition: Data manipulation is the alteration or misuse of data as a result of an attack. This affects all data stored by or about customers on servers through to end devices, ranging from billing information to phone numbers on the SIM card of the mobile device.

Scenarios: Data can be manipulated by means of attacks on devices, on the network, or on a service provider‘s servers, the exploitation of product weak-nesses and by attacks involving the use of stolen passwords or access cards. The focus here is on data manipulation through attacks using worms, viruses and other harmful software.

Product security at Swisscom (Switzerland) Ltd

Attack and protection: The main weakness is incor-rect or careless handling of security provisions (e. g. loss of passwords) and failure by the user or network operator to implement protective meas-ures (firewall, virus protection, network scanning).

The only way to significantly reduce the risk is with appropriate training and education for employees and users / customers. Simple and effec-tive means of protection include proper rules for access to data centres, correct handling of pass-words, installation of virus scanners on both the network and the device and also a critical check of electronic messages for unknown senders and content. On the network side, Swisscom is able to detect conspicuous files by scanning and to also isolate viruses, etc. at an early stage. The dissemina-tion of such files is then prevented on the mobile network, for example, by protective measures.

Data loss

Definition: Data loss is entirely or partly the result of the incidents described above or of physical damage to storage sources and / or devices.

Scenarios: Apart from malicious manipulations (as described above), data loss due to defective devices and data storage media is also conceivable if no backup copy exists. In the absence of a backup copy, restoring such data is often difficult, time-consuming and costly.

Attack and protection: Data loss might be rare, but it is extremely unpleasant. Usually it happens in connection with defective devices and because the user neglected to back up the data. We recom-mend always creating a backup to prevent data loss. Nowadays this can be done in many different ways. Mobile devices can be backed up on a home com-puter, for instance, or a computer can be backed up on an external hard drive or in the cloud. Reviewing which data are to be backed up is wise, however. This will help decide whether they need to be encrypted, for example, to prevent them from being read by unauthorised individuals.

Identity fraud

Definition: When a person or company‘s identity information is obtained and used fraudulently, this is known as identity fraud. This fraud is often committed to illicitly obtain services or money.

Scenarios: An attacker can gain access to servers, devices or protected areas in a building by stealing access data / cards or by ”key logging” (recording keystrokes and mouse movements using special resources). Similar attacks may also be used to tar-get COMBOX® and SIM card PINs.

Attack and protection: The best way of combating identity fraud is to educate and train customers and employees and to deploy protective software on devices. Another way to prevent identity theft is by using dedicated passwords for every service. These passwords can be generated by a password manager (software) and then stored within the pro-gramme. Users need to remember just one single password for the password manager and the other passwords can simply be copied out of the pass-word manager and used. If the password for one service is stolen, only that one service is affected; the other services all have their own individual passwords and, as a result, those passwords can continue to be used safely with those services. The protective measures taken by the service provider represent another factor that determines whether password theft is even possible.

Targeted attacks

Definition: As the name implies, targeted attacks are aimed at a person or institution with the goal of causing a specific kind of damage.

Scenarios: Targeted attacks can involve any given combination of the scenarios described above. Identity fraud, for instance, is frequently committed to illicitly gain trust – and thus access to infor-mation – which would not be accessible otherwise. This facilitates data theft.

Attack and protection: Targeted attacks are attacks that are aimed at a specific individual or company (thus the name), frequently with the goal of making one of the scenarios described above possible. Alongside big companies in a wide range of differ-ent industries, victims of these attacks frequently also include companies that sell services to the big companies under attack. This means that small and medium-sized enterprises are also potential targets. While it is only possible to protect oneself against attacks of this type to a limited extent, a mix of different protective measures (technical, organisational and via training) can make a major contribution to recognising and even preventing these attacks.

Swisscom has internationally recognised security certificates in all key areas, and these are audited on a regular basis. Swisscom also has other certificates that may be relevant in a holistic review.

ISO 9001 – Certified quality management

ISO 14001 – Certified environmental management

ISO 15504-2 – Process analysis and improvement in the area of mobile network construction and operation and radiation measurement

ISO 27001 – Security certification for the planning, construction and operation of telecoms and IT networks and associated products and services

ZertES, VZertES – Accredited certification provider for qualified, electronic signatures

Security certificates

This topic is legally very complex, particularly as regards data security. Criminal prosecution authori-ties, for example, can tap calls under specifically defined conditions. Potential attackers can face criminal prosecution. To discuss any legal questions or possible legal implications, please contact the Legal department.

A few important legal and contractual provisions can be found below, in abridged form:

Ordinance on Telecommunications Services (OTS)Art. 87 OTS, Security of telecommunications services: 1 Telecommunications service providers shall

inform their customers of the risks involved in using their services with regard to interception and intervention by unauthorised third parties.

2 They must offer or indicate appropriate means of eliminating those risks.

Federal Mail and Telecommunications Monitoring Act (BüPF)The BüPF gives certain authorities the option to monitor calls and / or access traffic data if specified prerequisites are in place.

Federal Act on Data Protection (FADP)Art. 7 Data security:1 Personal data must be protected against

unauthorised processing through adequate technical and organisational measures

and organisational measures.

Swiss Criminal Code (StGB, Art. 143 ff.)The following are specifically cited as criminal offences: ”data theft”, ”hacking” (”unauthorised access to a data processing system” and ”fraudulent use of a data processing system”) and ”data damage”.

See also the applicable General Terms and Conditions, in particular the provisions on data protection.

Legal information

© Swisscom Ltd · 12/2013BlackBerry® 1/2

The BlackBerry® service enables companies with their own or a hosted corporate messaging infrastructure (such as Microsoft Exchange, IBM Domino or Novell GroupWise) to receive, edit and send encrypted e-mails and to update to-do lists, calendar and address data using a mobile BlackBerry® device.

Availability of the BlackBerry® service is based on several components: BlackBerry® data centres, the BlackBerry® Enterprise Server (integrated in the customer’s IT infrastructure), the Swisscom connection to BlackBerry®, the Swisscom mobile networks and the end device. This service rarely malfunctions and is extremely reliable.

BlackBerry® Enterprise Service 10 uses the Advanced Encryption Standard (AES), which encrypts all data traffic between the customer’s enterprise mail server and the BlackBerry® device, including e-mails, calendar data, appointment queries, and all other application data traffic between the BlackBerry® Enterprise Server and the BlackBerry® device.

BlackBerry® does not store any data (e-mails, appointment requests, etc.) on its servers that are sent to or by customers, and cannot therefore view or output data of this type. In the event of a threat, BlackBerry® provides security updates immediately which can be distributed automatically.

The BlackBerry® Enterprise Server only stores data pertaining to the connection between the BlackBerry® device and the mailbox specified by the user.All e-mails, calendar entries and other company data are stored on the mail server and are not replicated in the BlackBerry® Enterprise Server.

The BlackBerry® Enterprise Server is responsible for routing but not storing information. The channel between the Enterprise Server and the device is protected against unauthorised third-party access. Currently available tech-nologies do not allow for any message manipulation of any kind. In addition, BlackBerry® protects its proprietary data centre using a combina tion of the following measures: password-protected access to all access points, multiple firewalls, systems that detect unauthorised intrusion, as well as other systems that are not specified by BlackBerry® for security reasons.

BlackBerry® is regarded as the most secure solution in the industry.

BlackBerry®

Product description

Availability

Confidentiality

Integrity

© Swisscom Ltd · 12/2013BlackBerry® 2/2

Customers are identified at the end device level by encrypted passwords that are stored in the device. If an incorrect password is entered ten times in succession on a BlackBerry® device, all data are automatically deleted from the device. Network access is also associated with a prompt to enter a PIN code.

The use of S / MIME (additional end-to-end encryption) ensures encryption of e-mail traffic beyond the endpoints of the service. BlackBerry® terminal devices also provide additional protection in the form of chipcard-based identification and access rights verification. Swisscom recommends that BlackBerry® devices are always used in conjunction with a password and that the administrator requires the use of end-to-end encryption instead of conventional encryption technology.

Access / identification

What additional safeguards can customers take?

© Swisscom Ltd · 12/2013Bluewin e-mail 1/2

Product description Bluewin e-mail – your global mailbox. With Bluewin e-mail you can access your electronic mail at any time. You can send and receive e-mails using the Web, an e-mail program or an e-mail app. We take providing our customers with a secure service very seriously. Every e-mail address has a free spam and virus filter. The e-mail service features so-called SMTP authentication to avoid misuse (e. g. e-mails being sent under a false name). SSL encryption is also available if you want additional security for e-mails sent to and from the Bluewin mail server.

Availability Bluewin e-mail can be used with an e-mail program or as Bluewin Webmail from an Internet browser.

Availability of Bluewin e-mail is generally high. On the network side, it depends on availability of the Bluewin mail server and the Internet infrastructure. On the customer side, availability depends on Internet access or the customer's mail server.

Regular automatic data backups on the network side ensure that no e-mails are lost even in the rare event of a system failure. If a server fails, e-mail traffic is automatically routed to another system, thereby guaranteeing interrup tion-free availability of the service.

Confidentiality The confidentiality of e-mails is not particularly high and is often compared to the sending of postcards. e-mails are usually transmitted over the Internet unencrypted and stored temporarily in mail servers. Swisscom recommends the use of special encryption software to protect confidential e-mails. As a rule, the sender and recipient need to use the same protection software.

In accordance with legal requirements aimed at combating misuse, Swisscom is obliged to record the connection details of e-mails (sender, recipient, time, subject) and to store this information in an access-protected archive.

Integrity E-mails are often misused. The most common forms of misuse are spam (unsolicited advertising mails), phishing (theft of sensitive data), viruses (harmful software in e-mail attachments) and falsified sender details.

Bluewin e-mail

© Swisscom Ltd · 12/2013Bluewin e-mail 2/2

Swisscom provides all users of Bluewin e-mail addresses with a free virus, spam and phishing filter for preventing harmful and unsolicited messages reaching the customer's inbox. The filter removes phishing mails and viruses and redirects spam to a special folder. This spam folder can be managed via Webmail. The spam folder is automatically emptied once a week.

Swisscom uses SMTP authentication. This feature significantly reduces the possibility of unauthorised persons being able to misuse the customer's identity and send e-mails under a false name.

Access / Customers can use an e-mail program to retrieve their e-mail from identification the Bluewin mail server, download it to their own computer and send it.

The e-mail program in use does this automatically once the user has logged in with his user name and password.

The login information and mail content are transmitted in plain text if no encryption has been selected.

If Bluewin Webmail is used, e-mail can only be accessed via a Swisscom login. All data are transmitted to the Swisscom server in encrypted form at all times.

What additional Swisscom recommends use of the free virus, phishing and spam filters.safeguards This service can be activated and deactivated in the «Swisscom Customer can customers take? Centre» as and when required.

Customers who also use e-mail addresses from other providers should also activate the respective virus, phishing and spam filters.

Swisscom also strongly recommends the use of antivirus software on the PCs being used.

In addition to the above technical measures, security can be enhanced by adhering to the following simple rules of conduct:

– Do not open attachments or links in e-mails from unknown senders. – Do not disclose any sensitive data via e-mail or on untrustworthy websites

(e. g. bank access data, Swisscom login). – Only give personal e-mail addresses to trusted persons. – Use a second e-mail address for competitions, forms, newsletters, etc. – Do not reply to spam. – Do not forward warning messages or chain mail.

© Swisscom Ltd · 12/2013Business Internet light/standard 1/2

Business Internet light (excluding router, unmanaged) offers affordable, secure and reliable broadband access. It is an ideal starter product for your SME and can be flexibly adapted or upgraded to meet your changing needs at any time with the professional assistance of one of Swisscom’s IT partners.

Business Internet standard (with router, managed) offers a high-quality data product with unique services and is reliable and cost-effective. The product is modular and scalable and can be adapted at any time to your changing needs and requirements.

You also have the option of flexibly and easily integrating several locations and external employees into your data network. Business Internet standard can be combined with and complemented by other Swisscom services designed for SMEs.

Business Internet is provided by redundantly operated systems and offers maximum protection against total failure. The systems are monitored constantly, as well as audited and tested at regular intervals by external units so as to ensure that they are operating properly, and are available and secure. Customers who need to minimise the duration of interruptions in the event of faults have the option of ordering an additional failover to reduce Swisscom intervention times (<24h).

With Business Internet, data transmission takes place via the Swisscom back-bone and can be protected end to end using a virtual private network (VPN).

Web service providers and customers can increase confidentiality by using encryption technology. Certain web services, such as online banking services, always make sure the connection is secure and thereby guarantee the confidentiality of the data transmitted.

The optional end-to-end encryption with VPN offers professional protection for your connections. However, aside from this, data transmission with Business Internet offers no protection against manipulation.

Business Internet light / standard

Product description

Availability

Confidentiality

Integrity

© Swisscom Ltd · 12/2013Business Internet light/standard 2/2

Business Internet customers are identified by means of their user name and password.

Swisscom recommends that important data only be transmitted over a connection with additional protection. This can be achieved using SSL (Secure Socket Layer) or a VPN. Secure connections can be identified in Microsoft Internet Explorer, for example, using the padlock symbol displayed in the taskbar.

Swisscom is a one-stop shop for VPN solutions through to secure connections of mobile devices to the company network.

If Business Internet is used in combination with a wireless LAN, Swisscom recommends the use of WPA / WPA2 for encryption of the interface.

Access /identification

What additionalsafeguardscan customers take?

© Swisscom Ltd · 12/2013COMBOX® 1/2

COMBOX® is an answering machine service for fixed-line and mobile phones.

COMBOX® Basic has the answering machine service, COMBOX® Pro has an additional fax and e-mail forwarding feature.

COMBOX® takes your faxes or voicemails when you are unable to do so personally. Callers are greeted with a voice message. As soon as the caller leaves a message on the COMBOX®, a notification is generated on the device.

COMBOX® systems are fail-safe and operated in data centres protected using state-of-the-art technology and monitored on an ongoing basis.

COMBOX® messages are stored on Swisscom systems in Switzerland. Authentication is required for access to the messages. Customers can access COMBOX® from their own device without having to enter a PIN. Accessing COMBOX® to retrieve messages from non-Swisscom networks (e. g. when abroad) is only possible with a PIN.

Customers can adjust the COMBOX® security settings and change their PIN. New PINs are generated automatically and are not displayed to hotline agents.

Hotline agents do not have access to personal COMBOX® data such as messages or the COMBOX® PIN. Swisscom processes all COMBOX® data in compliance with the provisions of the Swiss Data Protection Act.

Customers using the Swisscom telephone network can listen to their COMBOX® messages without a PIN, since identification Is unique and secure.

The PIN code must be entered from non-Swisscom networks to guarantee integrity. A user name and password must be provided to gain access via the Customer Centre.

COMBOX®

Product description

Availability

Confidentiality

Integrity

© Swisscom Ltd · 12/2013COMBOX® 2/2

Authorisation is required for access to the COMBOX®. Customers can access COMBOX® from their own device without having to enter a PIN. Accessing COMBOX® to retrieve messages from non-Swisscom networks (e. g. when abroad) is only permitted in conjunction with a PIN. After three incorrect entries, access is barred and can only be restored by calling the hotline.

All instances of access to COMBOX® are logged and can be provided on request if the customer suspects misuse.

Swisscom recommends that PIN code protection be kept activated at all times. This prevents third parties from retrieving COMBOX® messages from within the Swisscom network even if the phone is left unattended or is lost.

COMBOX® Pro functions, such as fax and e-mail forwarding, should only be activated for known and trusted numbers and addresses, and this function should be deactivated when not in use.



© Swisscom Ltd · 12/2013Connectivity products 1/2

Connectivity products comprise the following: IP-Plus (permanent Internet access for business customers), LAN-Interconnect (services connecting multiple sites via copper wire, fibre optics and wireless), RAS over LAN Interconnect (remote access via secure connections) and Ethernet services (site-to-site connectivity using Ethernet protocol via fibre optics or copper). Opticallink and Private Line (point-to-point connectivity via fibre optics or copper) provide transparent, site-to-site connectivity over a dedicated link.

The cable routes for the above services can be laid out with built-in redundancy to ensure high levels of availability. On request, buildings can be linked using redundant feeds and connected over separate media (fibre optics and copper), to achieve additional outage protection.

To achieve high system availability in networks installed within a building (LAN / Local Area Network), the network nodes in the building also need to have built-in redundancy.

With its LAN-Interconnect product, Swisscom offers the option of a fully diversified second network which in the event of a fault in the main network guarantees the customer full availability.RAS availability is a geo-redundant cloud service offered by Swisscom.

Organisational and technical measures guarantee confidentiality. Where Swisscom draws on the services of partners, it selects the partners carefully. Provision of the services is secured through contracts, non-disclosure agree-ments and data flow agreements entered into with Swisscom. The partners are contractually obligated to implement security measures and to maintain permanent professional secrecy when handling customer data. Swisscom and its partners guarantee that no unauthorised access is possible.

In Local Area Networks (LAN) data are normally transmitted unencrypted. Confidential data should be additionally protected before transmission.

The LAN-I (LAN-Interconnect) network offers an adequate level of confiden-tiality. Organisational and technical measures serve to prevent customer data from being viewed or modified by third parties. Confidentiality can be increased by the use of encryption software.

Connectivity products

Product description

Availability

Confidentiality

© Swisscom Ltd · 12/2013Connectivity products 2/2

The standard protection mechanisms offered by LAN and LAN-I prevent data manipulation during transmission. The use of firewalls to separate the different parts of the network and the use of anti-virus software provide additional pro-tection.

Firewalls and anti-virus software are recommended as basic protection at the transfer points to the non-secure Internet. Swisscom recommends the use of Virtual Private Network (VPN) security software, such as that offered by Remote Access Service (RAS), to maintain data integrity during transmission over the Internet.

Swisscom‘s Connectivity products allow the use of various identification mechanisms. Depending on the confidentiality level of the data being transmit-ted, Swisscom recommends identification mechanisms with three security characteristics: user identification, password and digital certificate, Secure ID Token or one-time password (e. g. SMS or APP-based).

Secure RAS (Remote Access Software) allows access to applications and networks from non-secure networks. Secure RAS also supports up to three factors of identification.

The security of a network greatly depends on the security of the equipment connected to it. Swisscom therefore recommends equipping all connected computers with anti-virus software and personalised firewalls. We recommend using device management software for mobile devices.

If confidential data are exchanged between sites, Swisscom recommends oper-ating these connections as a Virtual Private Network. The LAN-Interconnect service can be used here together with the SecureCER option.

Where two networks with different protection levels meet, particularly when interfacing with the Internet, the use of firewalls with restrictive rules is recommended. Here, the Swisscom product, Managed Firewall / Secure POP (Point of Presence), can be used.

Web servers where encrypted SSL connections terminate should be equipped exclusively with SSL certificates from trusted certificate suppliers. Such certificates can be obtained from Swisscom.

Confidential data should be additionally protected before transmission. LAN node computers should be operated in access-controlled, air-conditioned rooms or cabinets.

Integrity



© Swisscom Ltd · 12/2013Corporate Mobile Network (CMN) /Mobile Business Group (MBG) 1/2

CMN is the mobile subscription for corporate customers. It involves setting up a closed user group (all of a company‘s mobile and fixed network numbers) within which calls can be made at preferential rates. These numbers can also be assigned short numbers using a numbering plan.Similar to CMN, MBG also entails setting up a closed user group, but without a short numbering plan.

The technical platforms for Corporate Mobile Network / Mobile Business Group are designed to have a high level of availability.

Platform capacities and service availability are enhanced on an ongoing basis, in accordance with customer demand. In the event of very heavy usage, scheduled upgrades are made to the platforms.

CMN / MBG build on the security of the mobile network and can be regarded as technically secure. As with other providers and services, confidentiality can be restricted in cases where legal authorisation has been granted by criminal prosecution authorities. When it occurs, such wiretapping is carried out in the form of selective access to calls and call data, but only insofar as needed for criminal investigations. Even criminal prosecution authorities are not granted permanent and unrestricted access to calls and the resulting data.

The CMN / MBG platforms are audited at regular intervals to identify potential security vulnerabilities. The integrity of these systems is continuously validated via the Swisscom security processes.

Corporate Mobile Network (CMN) /Mobile Business Group (MBG)

Product description

Availability

Confidentiality

Integrity

© Swisscom Ltd · 12/2013Corporate Mobile Network (CMN) /Mobile Business Group (MBG) 2/2

The Swisscom network infrastructure is divided into security zones, and all zones are continuously monitored. Access by Swisscom technicians is governed by strict guidelines, and is logged and monitored.

Customers are identified via encrypted customer keys embedded in the SIM card and the network. SIM cards and network authentication elements are pro-tected by multiple backups. SIM cards are accessed via a PIN code. The customer is then automatically identified in the mobile network on the basis of secret keys embedded in the SIM card and the network.

Swisscom recommends that PIN codes never be deactivated. Like personal unblocking keys (PUKs), PIN codes can be viewed by selected hotline personnel so that customers who lose their PIN codes can be assisted.



© Swisscom Ltd · 12/2013Corporate Network Access (CNA) 1/2

Corporate Network Access provides a direct, secure link between Swisscom‘s mobile network and the customer‘s corporate network which enables mobile devices to contacted from the corporate network (and vice versa). The customer decides how the two networks are to be connected: either via IPsec VPN (Virtual Private Network) over the Internet or via a private Swisscom network (LAN-Interconnect).

Nationwide availability is guaranteed with the GSM network (GPRS / EDGE) as well as the UMTS network and LTE.In exceptional cases, mobile coverage could experience local, capacity-related availability restrictions. Network monitoring enables faults to be detected and rectified without delay. Corporate Network Access via the private Swisscom network (LAN-I) guarantees (SLA) all the advantages in terms of availability, security and operations management compared with transmission over the public Internet.

Data transmission via the air interface is encrypted using the worldwide GSM / UMTS standard. The encryption mechanisms are improved on an ongoing basis and adapted to increasing security requirements.

On the transmission sections of the core network, data pass through the Swisscom security zones. Swisscom guarantees the full security of these data. A secure IPsec VPN channel or dedicated LAN-I connections link the section between the mobile network and the corporate network.

In the case of roaming, third-party mobile networks are used for which Swiss-com cannot guarantee any security. Corporate Network Access is considered secure since data traffic always terminates on Swisscom systems in Switzer-land, thus guaranteeing secure data transmissions in accordance with the closed user group principle.

Data integrity is assured through the use of a comprehensive security management system and standardised security protocols. Transmitted data are not intermediately stored and are only transported in monitored security zones. Devices are connected directly to the corporate network rather than to the unsecured Internet. Necessary security applications and protection mechanisms can be run on the corporate network to ensure end-to-end security. If Bluetooth is activated, Swisscom recommends installing anti-virus and firewall software on devices. Swisscom recommends using sandbox technologies for critical business data to provide additional protection for data and fully guaran-tee integrity. This security measure is the responsibility of the customer.

Corporate Network Access (CNA)

Product description

Availability

Confidentiality

Integrity

© Swisscom Ltd · 12/2013Corporate Network Access (CNA) 2/2

The customer is identified via an encrypted key embedded in the SIM card and the network. Both the SIM card and the network identification elements are protected by multiple security mechanisms. SIM cards are accessed via a PIN code that is only known to the customer. Swisscom recommends incorporating strong authentication procedures, in addition.

Swisscom recommends using password protection for mobile devices and that SIM card device PIN codes not be deactivated. Devices should only be able to set up connections to the protected corporate network; the connection of unprotected devices to the Internet should be avoided.

Sensitive data should not be stored locally; however should this be necessary, additional encryption software and sandbox technologies data can be used to protect such data against unauthorised access. In cases where data security requirements are stringent, an encryption application can be installed on the device and the corporate network to safe-guard stored data and provide secure end-to-end data transfer from the device to the corporate network.



© Swisscom Ltd · 12/2013Fixed-line telephony (analogue and digital ISDN) 1/2

Fixed-line telephony (analogue and digital ISDN)

Fixed-line telephony over analogue and digital ISDN lines is understood as voice communication via Swisscom‘s public telephone network. You can access the public telephone network with Swisscom‘s analogue EconomyLINE with one channel and one phone number and digital MultiLINE ISDN connection with two channels and three phone numbers (can be extended to ten numbers). Each access line includes a number of supplementary services, such as CLIP (calling line identification presentation), conference calls, voicemail (COMBOX®), detailed itemised statements and much more. Fixed-line telephony on the Swisscom network stands out through its reliability and availability all over Switzerland.

In the context of the remit to provide basic analogue and ISDN services, Swisscom offers fixed-network telephony throughout Switzerland. The basic provision states that, regardless of the location, all households and companies should be capable of being connected to the telephone network either in the form of an analogue service via EconomyLINE or digital service via MultiLINE ISDN. A location is connected to a Swisscom telephone exchange via an appro-priate subscriber access line. These in turn are connected to all subscribers in Switzerland via transit exchanges and to the rest of the world via international gateways. A complete failure of the network is unlikely thanks to the high level of redundancy in the network and in the system architecture. Malfunctions occur occasionally, but are usually regional in nature. Moreover, all exchanges and network systems can continue to operate and maintain communications independently of the power supply for a limited time (though with reduced capacity in some cases).To safeguard operations and guarantee availability and security, the access and transit networks, like all public telephone network exchanges, are continuously monitored, regularly audited and tested. This is specified in the basic provision remit. Fixed-line telephony builds on the security of the public telephone network and the underlying international standards and legal constraints. Confidentiality can be restricted in cases where legal authorisation has been granted by crimi-nal prosecution authorities – this applies equally to other providers and services. In cases of this nature, selective access to calls and call data will be granted to these authorities for a limited time in so far as it has a bearing on a criminal investigation.Swisscom employees cannot access call content. The archiving and disclosure of call data needed to work out the cost of calls is subject to data privacy and the Swiss Federal Telecommunications Act and is treated restrictively and destroyed after the specified time period.

Product description

Availability

Confidentiality

© Swisscom Ltd · 12/2013Fixed-line telephony (analogue and digital ISDN) 2/2

Swisscom conducts regular integrity audits of the connection data collected. The security standards have been approved by the legislator and authorities.

The network infrastructure installed on Swisscom premises is split into security zones, and all zones are continuously monitored. Access by Swisscom technicians is governed by strict guidelines, and is logged and monitored.The use of and access to telephones is the responsibility of the customer.

Swisscom recommends restricting access to subscriber lines by introducing suitable structural and administrative measures. Swisscom offers a variety of call barring sets so that calls to premium rate numbers can be blocked.Swisscom operates a service that triggers a corresponding alarm if a subscriber line suddenly records much higher or greatly increasing call charges.

Integrity



© Swisscom Ltd · 12/2013Hosted Exchange Professional 1/2

Hosted Exchange Professional is the name of the business e-mail solution for small and medium-sized enterprises. Hosted Exchange Professional can be used via the Internet and via Swisscom‘s mobile data networks.

Thanks to a redundant architecture, permanent monitoring, and experts working round the clock including Sundays and public holidays, Hosted Exchange Professional offers an extremely high level of availability.

Data transmission takes place over the fixed and mobile network via an encrypted Internet connection, with the device and the server representing the endpoints of the encrypted transmission path.

Data transmission for Hosted Exchange Professional has no other explicit protection against manipulation aside from encryption. Swisscom cannot therefore guarantee that data will be transmitted complete and unaltered from endpoint to endpoint.

Hosted Exchange Professional customers are identified by means of their username and password. Registration and change details are saved in order to ensure traceability of procedures. Swisscom processes its data in compliance with the Swiss Data Protection Act.

Swisscom recommends that customers observe the usual rules regarding passwords. In other words, they should choose passwords with at least eight characters, including special characters and capital letters but not the names of persons, places, etc.

Passwords should be changed regularly. Administrator access should only be granted to selected, qualified persons. Swisscom never contacts its customers directly to ask them for their passwords.

Hosted Exchange Professional

Product description

Availability

Confidentiality

Integrity



© Swisscom Ltd · 12/2013Hosted Exchange Professional 2/2

As with PCs, additional virus protection is recommended for feature-rich mobile devices. The software should also be capable of searching the e-mail inbox for potentially harmful e-mail content.Customers are advised to set up a response form on their company website instead of disclosing an e-mail address. This could be found automatically and used to send advertising and spam.

© Swisscom Ltd · 12/2013International roaming (voice, data, SMS) 1/2

International roaming (voice, data, SMS)

International roaming makes it possible to use Swisscom‘s mobile services while abroad (2G, 3G and 4G). Swisscom customers can call, text and surf the Internet in more than 200 countries.

The extent to which mobile services are available outside Switzerland is de termined by the scope of network coverage and the availability of partner networks. If a partner network fails, it is possible to switch to a different operator, provided Swisscom has entered into a roaming agreement with the operator in question. Voice communication security is the responsibility of the relevant roaming partner until such time as the call is handed over to the Swisscom network.

Some roaming partners may provide no encryption or only a very low level of encryption for the air interface between the mobile device and the network. In such cases, calls could be eavesdropped, text messages could be read or mobile surfing activity could be disclosed. Voice communication security may also be limited in some countries owing to specific national laws that authorise law enforcement officials to wiretap phone calls. When using roaming services, customers cannot be guaranteed protection against malicious tracking. Integrity is not guaranteed on weakly encrypted or unencrypted networks.

Customers who use roaming services are identified by means of the secret keys that are embedded in their SIM card and the Swisscom network. SIM cards and network authentication elements are protected by multiple backups.

The SIM card is accessed using a PIN code that is known to the customer. After the customer successfully accesses his or her SIM card, he or she is identified in the mobile network automatically and on the basis of secret keys that are embedded in the SIM card and network.

Product description

Availability

Confidentiality

Integrity


© Swisscom Ltd · 12/2013International roaming (voice, data, SMS) 2/2

Customers can protect themselves against the negative consequences of mobi-le phone theft by taking the following precautions:– Activate the SIM card PIN and device PIN / keypad lock – Write down the device number (IMEI) (enter *#06# as a telephone number)– Back up contacts, photos, etc.– Call +41 62 286 12 12 immediately to report the loss

Customers can protect themselves against unexpectedly high roaming charges by taking the following steps:– Consult the roaming cockpit (http://cockpit.swisscom.ch): if data roaming is

activated, data packages can be purchased and any costs incurred can be tracked. This homepage can be accessed at no charge from abroad, as well

– If the Combox is not required abroad, this should be temporarily deactivated


© Swisscom Ltd · 12/2013Internet connection 1/2

Internet connection

An Internet connection allows customers to access the Internet over a fixed- line connection. It includes the Classic service package, which features five e-mail addresses with spam, phishing and virus filters as well as a number of other services. Internet connections are offered with various pricing models based on the additional services included in the package as well as the speed of the connection. Internet connections are available to 100 per cent of the Swiss population. Where DSL or fibre optics are not available for technical reasons, service is ensured using alternative technologies such as SAT or 3G / 4G. Detailed information regarding availability at a specific location can be found at ”www.swisscom.ch/checker”.Internet connections are provided by redundantly operated systems and offer maximum protection against total failure. Systems are checked around the clock and regularly subjected to technical checks in order to safeguard operations, availability and security. With an Internet connection, data are transmitted over the Internet, which is operated by a large number of companies and organisations. This means that Swisscom is unable to guarantee the end-to-end confidentiality of data on the Internet. Web service providers and customers can increase confidentiality by using encryption technology. Certain web services, such as webmail, eCommerce and online banking services, always make sure the connection is secure and thereby guarantee the confidentiality of the data transmitted.

Since an Internet connection involves transmitting data over the Internet, Swisscom cannot guarantee that data will be transmitted complete and unaltered from endpoint to endpoint.

Customers are identified on the basis of their access data or connection information. In accordance with legal requirements, details of who was assigned which IP address and when are stored for six months. These details are treated with the strictest confidence and are only issued if required by a judge in ongoing criminal proceedings.

Product description

Availability

Confidentiality

Integrity


© Swisscom Ltd · 12/2013Internet connection 2/2

Swisscom recommends that important data be transmitted exclusively over a connection with additional protection. This can be achieved using SSL (Secure Socket Layer) or a VPN. Secure connections can be identified in the Internet browser using the padlock symbol displayed.If access to the Internet is gained via WLAN, Swisscom recommends using WPA / WPA2 encryption on the router.Swisscom‘s ”Internet Security” product offers protection against dangerous content, viruses, worms and spyware for mobile devices and computers.


© Swisscom Ltd · 12/2013iPhone / iPad 1/2

iPhones / iPads enable companies with their own or a hosted corporate messaging infrastructure (such as Microsoft Exchange, IBM Domino or Novell GroupWise) to receive, process and send encrypted e-mails, to update calendar and address data and to mobilise business processes.

Availability of the iPhone / iPad depends on the following components: the selected service provider, the mobile network and availability of the device. The mobile service is considered to be extremely reliable and disruptions are very rare. The confidentiality of transmitted data is contingent on the settings on the device. In the case of data transmission via the browser, confidentiality is guaranteed if the server supports SSL / TLS and this is used. With e-mail traffic, confidentiality is assured when the SSL (Secure Socket Layer) is activated on the iPhone / iPad and is supported by the server.Secure access to confidential company data can be safeguarded by using a VPN (Virtual Private Network) connection.

Data integrity is guaranteed on the iPhone / iPad by blocking access to the device via the keypad.The device is delivered with the keypad lock deactivated and the lock needs to be activated.

The customer is identified by way of a numeric passcode delivered with the device. Access security can be enhanced using the ”iPhone Configuration Utility” tool and adding letters to the code or changing the minimum length.Another configuration setting offered is for the device to be wiped clean after ten incorrect password attempts.In the event of loss or theft, the data on the device can be deleted via iCloud or via the Exchange administrator using the remote wipe function.Access to the mobile network can be protected by entering a PIN code.

iPhone / iPad

Product description

Availability

Confidentiality

Integrity


© Swisscom Ltd · 12/2013iPhone / iPad 2/2

The ”iPhone Configuration Utility” tool (available for Windows and OS X) or a mobile device management system (BES10, Mobile Iron, etc.) can be used to configure the device to meet company-specific security requirements. Security settings required by the company for mobile devices (activation of code lock, no installation of software by users, etc.) are configured on the iPhone / iPad and serve to minimise wrong configurations being made by users.


© Swisscom Ltd · 12/2013MMS 1/2

MMS

The Multimedia Messaging Service (MMS) allows users to send multimedia messages to other mobile devices or e-mail addresses using a mobile phone. A Multimedia Message (MM) can be made up of any number of attachments of any type. This service makes it possible to send texts, pictures and short video clips to one or more recipients. The maximum size of a Multimedia Message that can be transmitted via the Swisscom mobile network is 300 KB.

MMS service availability is occasionally limited, particularly in rare cases when the network fails or is overloaded. The capacity of the required systems is expanded on an ongoing basis in accordance with increases in the number of users. Any MMS message that is found to contain a virus or worm will not be delivered. In the Swisscom network, MMS messages are transmitted as plain text via secure SMS, WAP and GSM / GPRS channels and via wireless interfaces as encrypted data. The MMS systems that process and temporarily archive messages are operated in security zones. These Swisscom networks and sys-tems meet high security standards and are monitored and tested continuously.Any MMS message that is not viewable on the recipient‘s device can be viewed on a Swisscom website by entering the relevant phone number as well as a password, which is sent to the recipient via SMS. MMS messages are deleted from the Swisscom Mobile server immediately after being viewed or are stored in MMS boxes for customers that have one. In non-Swisscom mobile networks, MMS messages sometimes traverse the entire transport channel as plain text, and in such cases, the applicable security level is determined by the network provider. MMS messages are stored in devices as unencrypted data.

MMS integrity is assured by the integrity of the SMS, WAP and GSM / GPRS basic services, as well as by the MMS system itself. With some destination devices, it may be necessary to modify or optimise the format of transmitted MMS messages, particularly image and video data. This conversion process is carried out automatically, in a secure system (transcoder) that is located in the security zone. Text data do not undergo this conversion process. MMS traffic is moni tored for and protected against viruses by Swisscom and in this process the message structure is also checked. Any MMS message containing a known virus or worm that could pose a risk to or damage the destination device is blo-cked by protective mechanisms and is not delivered. Swisscom content partners are contractually obligated to protect their services against misuse. Vodafone live! content is certified and is identifiable as such on the device.

Product description

Availability

Confidentiality

Integrity

© Swisscom Ltd · 12/2013MMS 2/2

MMS messages are based on identification mechanisms in mobile networks. MMS made available on the Swisscom website are password protected for the relevant phone number. The password is sent to the recipient via SMS.

Inasmuch as MMS messages may contain viruses, Swisscom recommends that any application about which the user has any doubt should not be installed, or should be installed only after consulting the sender.It is recommended that antivirus filters be installed in devices that use Symbian or Mobile Windows operating systems. Swisscom also recommends protecting access to devices by PIN code and that devices that are switched on not be left unattended.



© Swisscom Ltd · 12/2013Mobile Unlimited 1/2

Send high-speed e-mails and surf while on the move:Mobile Unlimited turns Switzerland into a hotspot.Mobile Unlimited gives you the freedom to work wherever you want. Whether at home, in the office, on the road or on holiday – Mobile Unlimited connects you automatically to the Internet or your company network at the fastest available speed using mobile broadband or WLAN.

Mobile Unlimited refers to a suite of multi-access products.These currently include the following hardware products:Huawei E303 USB modem Huawei E3276 4G USB modem ZTE MF60 mobile hotspotZTE MF91 4G mobile hotspotGlobesurfer III+ 3G router option

The portfolio is continuously adapted to the latest technologies. Current products can be found at

”http://www.swisscom.ch/en/residential/internet/internet-on-the-move/devices-accessories.html”

Mobile Unlimited also supports various notebook ranges from diverse manufacturers with integrated mobile broadband modems (”3G / 4G ready”).

Mobile Unlimited works with independent (mobile) networks (currently GPRS / EDGE, UMTS, WLAN, HSPA and LTE).

This combination of networks ensures a very high level of availability although data transfer speeds may vary depending on the network technology in use.The service‘s main technical components are installed redundantly in data centres at different geographical locations, thereby minimising the possibility of network failure. At the customer‘s request, automatic seamless switching between networks can be deactivated.

Data transmission is fundamentally secure since Mobile Unlimited complies with the same security standards as the networks used.

Mobile Unlimited

Product description

Availability

© Swisscom Ltd · 12/2013Mobile Unlimited 2/2

Data transmissions via WLAN are encrypted ”over the air” using WPA2 (SSID=Swisscom_Auto_Login) or WEP (SSID=MOBILE-EAPSIM). Swisscom recommends that its customers use WPA2 and also consider using a VPN for data transmissions whenever confidential data is involved.

Customers are responsible for ensuring the confidentiality of data stored on their PCs. Here Swisscom recommends the use of suitable protection software.

When data are transmitted, they pass through various Swisscom security zones. Mobile Unlimited customers are shielded from one another in the network. This means that it is not possible for a mobile customer to obtain direct access to the device of another mobile customer. Mobile Unlimited is audited at regular intervals and subjected to intrusion attempts by experts. This allows vulnerabilities to be detected and corrected in a timely fashion.

Swisscom cannot rule out the possibility of attacks on customer devices by viruses etc. and therefore recommends that customers install protective antivirus software, personal firewalls and anti-spy / anti-spam software.

When customers launch the Mobile Unlimited software, they are required toidentify themselves to the SIM card (embedded in the PC or USB stick card) by entering a PIN code.The customer is then automatically identified in the mobile network on the basis of secret keys embedded in the SIM card and the network.

Swisscom recommends that PIN codes never be deactivated. Like personal unblocking keys (PUKs), PIN codes can be viewed by selected hotline personnel so that customers who lose their PIN codes can be assisted.

Customers can use a Virtual Private Network (VPN) to provide additional protection for connections between devices and the corporate network. Swisscom recommends keeping the maximum security settings in the basic service configuration.

Corporate Network Access enables corporate networks to be connected via VPN to the mobile network, securely and in line with the customer‘s needs. This provides added security for the connection.

Confidentiality

Integrity



© Swisscom Ltd · 12/2013Mobile Voice 1/2

Mobile Voice

The Global System for Mobile Communications (GSM) is a standard for fully digital mobile networks which is mainly used for voice communication, but also for circuit-switched and packet-switched data transmission and short messages. It is the first standard of the second generation (2G) and the most widely used mobile standard in the world. UMTS (3G) and LTE (4G) have joined GSM over the course of the past few years. The mobile voice network is available to 99.8 percent of the populated area of Switzerland, and mobile telephony services are available in all areas with coverage. However, availability may be restricted in tunnels, inside buildings or in underground areas. A complete failure of the network can be ruled out thanks to the high level of redundancy in the network and in the system architecture. However, failures can occur from time to time, but are usually regional in scope. Swisscom endeavours to maintain a high level of availability for its mobile network, but cannot, however, rule out the occurrence of interruptions and faults nor guarantee certain transmission times and capacities (e. g. in the case of SMS).

Swisscom monitors the voice network for mobile telephony on an ongoing basis and an efficient fault management system ensures that any malfunctions are corrected rapidly.See the General Terms and Conditions for Mobile Services for further details (e. g. on maintenance work).

Mobile voice telephony builds on the security of the mobile telephony network and the underlying standards. From a technical point of view this service and the standards are considered to be very secure.As with other providers and services, confidentiality can be restricted under certain legally defined conditions as part of ongoing criminal proceedings. If an individual case meets the legal requirements, Swisscom must grant the relevant authorities selective access to calls and call data. However, not even criminal prosecution authorities are granted permanent and unrestricted access to calls and the resulting data.

Swisscom employees have no access to the content of calls between customers.

Product description

Availability

Confidentiality

© Swisscom Ltd · 12/2013Mobile Voice 2/2

Swisscom regularly checks the integrity of its voice telephony network and compares its security standards with those of other providers within the EU and with security firms.

The Swisscom network infrastructure is divided into security zones, and all zones are continuously monitored. Access by Swisscom technicians is governed by strict guidelines, and is logged and monitored.

Customers are identified via encrypted customer keys embedded in the SIM card and the network. SIM cards and network authentication elements are protected by multiple backups. SIM cards are accessed via a PIN code. The customer is then automatically identified in the mobile network on the basis of secret keys embedded in the SIM card and the network.

Swisscom recommends that PIN codes never be deactivated. Like personal unblocking keys (PUKs), PIN codes can be viewed by selected hotline personnel so that customers who lose their PIN codes can be assisted. PIN and PUK codes and any other allocated security codes should be carefully stored in a separate place from the mobile phone and SIM card. They should not be made known to third parties. Customers are also advised to change the PIN code regularly and to consider activating other PINs (e. g. device PIN).

Integrity



© Swisscom Ltd · 12/2013SMS 1/2

SMS

SMS is the abbreviation for Short Message Service, a telecommunications service for sending text messages. SMS service availability is determined by the scope of network coverage. Swisscom‘s GSM network covers 99.8 per cent of the population of Switzerland. The core infrastructure is set up redundantly and is designed to handle large volumes of traffic – for example, at New Year or during one-off events such as elections or voting. Network operators provide SMS services without any delivery guarantee.

SMS messages are transported as encrypted data via secure channels in the Swisscom network. The encryption is for a specific segment only and is not end-to-end encryption. When roaming (communicating abroad), SMS messages sent via foreign networks may be transported without encryp-tion. If an intended SMS recipient is not reachable, the SMS is temporarily stored as encrypted data. Several attempts are then made to deliver the SMS to its intended recipient.

The system that supports these functions is located in a high security zone, is monitored continuously and is subject to a stringent security policy. SMS messages are stored in devices as unencrypted data. Message traffic is monitored on the network side with a view to preventing infiltration by viruses and spam. This means that the ”technical” structure of SMS messages is scanned. However, no actual content is read or viewed, thus preventing any invasion of the privacy of senders or recipients. Any message that is found to be infected is not delivered.

Sending, transmitting and receiving SMS messages in the Swisscom network is protected against intrusion and manipulation. It is virtually impossible for any misuse to occur owing to the use of encryption and the fact that networks and systems are monitored continuously.However, this is not always the case with roaming (communicating abroad). SMS information service providers (short phone numbers) are contractually obligated to Swisscom to safeguard their services against misuse.

Product description

Availability

Confidentiality

Integrity

© Swisscom Ltd · 12/2013SMS 2/2

Inasmuch as a sender‘s identity can differ from that indicated in the displayed sender address, it is not always possible to ascertain the exact identity of the sender of an SMS. SMS messages stored as plain text in devices should be safe-guarded against unauthorised access. If SMS messages are used to transmit spam, Swisscom can implement countermeasures at short notice. Any user who suspects they have received SMS spam can notify the hotline accordingly.

The device should not be left unattended and if possible should also be password-protected. Swisscom recommends that SIM card PIN codes never be deactivated.



© Swisscom Ltd · 12/2013SMS Large Account 1/2

SMS Large Account allows users to send a large number of SMS messages any-where in the world within a short space of time. The larger the volume, the more attractive the price. Contracting parties are granted direct access to the SMS Center and can access the network via ISDN or IP according to their needs.

SMS Large Account availability is mainly determined by the type of network chosen by the customer (ISDN, Internet or LAN-I / IPSS) to access the Swisscom SMS infrastructure.

The service‘s core infrastructure is designed to be fully redundant as well as to reliably transmit large volumes of data (New Year‘s Eve, elections, major sporting events). Maintenance windows are announced in advance and can occupy several hours during the night.

For the contracting party, the availability of the SMS service is high, in part due to the high level of mobile coverage (99.8 per cent) in Switzerland. Should a message be undeliverable, several time-delayed attempts will be made to deliver the SMS successfully. For technical reasons, however, network pro-viders – including Swisscom – offer the SMS Large Accounts service without any access or delivery guarantee.

Service confidentiality is to a great extent determined by the customer‘s choice of network used to access Swisscom‘s SMS infrastructure.– If access takes place via ISDN, Swisscom guarantees confidentiality up to

the handover point to the customer‘s telephone service provider.– In the case of (unprotected) access via Internet, all data (including pass-

words) are transmitted without encryption via TCP sockets. – In the case of access via LAN-I / IPSS, Swisscom has SLAs in place to guaran-

tee that customers have reliable, secure access through to the core SMS infrastructure.

The core SMS infrastructure is located in a high-security zone at Swisscom, monitored continuously and subject to Swisscom‘s stringent security policies. Delivery to end customers takes place via secure channels on the Swisscom mobile network. If recipients are located outside Switzerland (roaming), it is possible that SMS messages are transmitted on the foreign networks without encryption.

SMS Large Account

Product description

Availability

Confidentiality

© Swisscom Ltd · 12/2013SMS Large Account 2/2

SMS dispatch and transmission in the Swisscom network is protected against manipulation and access by third-parties and security is monitored on an ongoing basis.

The customer‘s identity is established by access to the network:– ISDN: Customer‘s phone number, password.– Internet: Customer‘s IP address and password– LAN-I / IPSS: Customer‘s IP address and password

The sender‘s identity can be selected and configured as desired by the customer. It Is therefore impossible for the recipient to determine the sender of the SMS with any certainty.

A possible source of spam for Large Accounts are undesired SMS messages sent by customers. This, however, is in clear breach of the contractually agreed terms of use and will be penalised by Swisscom. Furthermore, Swisscom prevents SMS messages from being sent from one SMS Large Account to another SMS Large Account. This considerably reduces the risk of spam.

Customers can select the desired degree of SMS security through their choice of network access. They can choose from ISDN and TC-IP as well as LAN-I / IPSS.

Confidentiality can be safeguarded to an even greater degree by employing end-to-end SMS encryption. However this requires the use of decryption modules on the end devices being used.

Integrity



© Swisscom Ltd · 12/2013Webhosting 1/1

Swisscom has a homepage and hosting offering with e-mail functionality to suit every need: from beginners to experienced HTML programmers and professionals.

Webhosting not only guarantees an extremely high level of availability but also conforms to the highest security requirements. The high-performance data centre in Zurich is equipped with comprehensive alarm systems and the network is secured using state-of-the-art firewalls. The data networks are also permanently monitored by a control centre in order to detect and rectify any incidents, failures or disruptions in good time.

Customer information is protected against unauthorised access by systems in the Swisscom security zones; this protection complies with current security standards for websites.

The security architecture is based, among other things, on electronic intrusion protection systems, firewall protected security zones and strict access monitoring.

All Webhosting platforms are inspected by external security specialists at regular intervals in order to guarantee that only authorised individuals can process the data. Potential security loopholes are thus detected at an early stage and can be rectified without delay.

A daily data backup and full restore service ensure additional data integrity.

The measures employed by Swisscom use a special, encrypted interface to ensure that access to data is only granted to authorised persons.

Swisscom generally recommends that passwords be changed monthly. Passwords should comprise at least eight characters, always made up of a combination of upper / lower case letters, numbers and special characters and should not contain names.

Customers can protect their workplace by installing up-to-date virus and spyware protection software and a personal firewall, and by activating a spam filter.

Webhosting

Product description

Availability

Confidentiality

Integrity



product security at swisscom (switzerland) ltd · identity fraud definition: when a person or...

Documents