7.2 Modem

Description

A modem is used to link a data terminal, e.g. a PC with other data terminals via the public telephone network to allow the exchange of information. A modem converts digital signals from the data terminal into analogue electric signals which can be transmitted by the telephone network. For two IT systems to be able to communicate, they must be equipped with the required communication software.

A distinction is made between external, internal and PCMCIA modems. An external modem is an independent unit with a separate power supply, usually connected to the IT system via a serial interface. An internal modem consists of a plug-in modem board without a separate power supply. A PCMCIA modem is a credit-card sized plug-in board normally connected to laptops via a PCMCIA interface.

This chapter does not deal with data transmission via ISDN (c.f. Chapter 8, PBX System) Modem

Threat Scenario

The following typical threats are assumed for modem operation as part of IT baseline protection:

Force Majeure:

• T 1.2 Failure of the IT system

Human Failure:

• T 3.2 Negligent destroying of equipment or data
• T 3.3 Non-compliance with IT security measures
• T 3.5 Inadvertent damaging of cables

Technical Failure:

• T 4.6 Voltage variations / overvoltage / undervoltage

Deliberate Acts:

• T 5.2 Manipulation of data or software
• T 5.7 Interception of lines
• T 5.8 Manipulation of lines
• T 5.9 Unauthorised use of IT systems
• T 5.10 Abuse of remote maintenance ports
• T 5.12 Interception of telephone calls and data transmissions
• T 5.18 Systematic trying-out of passwords
• T 5.23 Computer viruses
• T 5.25 Masquerade
• T 5.39 Infiltrating computer systems via communication cards
• T 5.43 Macro viruses

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.
The safeguards package for "Modem" is presented in the following.

Infrastructure:

• S 1.25 (3) Overvoltage protection (optional)
• S 1.38 (1) Suitable siting of a modem

Organisation:

• S 2.25 (2) Documentation on the system configuration
• S 2.42 (2) Determination of potential communications partners
• S 2.46 (2) Appropriate key management (optional)
• S 2.59 (1) Procurement of a suitable modem
• S 2.60 (1) Secure administration of a modem
• S 2.61 (2) Requirements document for modem usage

Personnel:

• S 3.17 (1) Briefing personnel on modem usage

Hardware/Software:

• S 4.7 (1) Change of preset passwords
• S 4.30 (2) Utilisation of the security functions offered in application programs
• S 4.33 (1) Use of a virus scanning program when exchanging of data media and data transmission (for IT systems generally prone to computer viruses)
• S 4.34 (2) Using encryption, checksums or digital signatures (optional)
• S 4.44 (2) Checking of incoming data for macro viruses

Communications:

• S 5.30 (1) Activating an existing call-back option
• S 5.31 (1) Suitable modem configuration
• S 5.32 (1) Secure use of communications software
• S 5.33 (1) Secure remote maintenance via modem
• S 5.44 (2) One-way connection setup (optional)

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000