8.1 Telecommunications System (Private Branch Exchange, PBX)
Description
A private digital ISDN telecommunications facility
(switching device for connections between incoming and
outgoing lines for the purpose of exclusive data exchange,
in the following referred to as private branch exchange - PBX)
is both a communications basis for its proper do-main
and an interface with the public network. It is used to
transmit speech and images (fax) and increasingly serves
as a transmission medium for LAN coupling and
electronic mail systems. If it is used as a LAN, the provisions of Chapter 6.1, Server supported
Network, must be observed.
For the purposes of this Chapter, it is assumed that a person responsible for the PBX has been
designated who is able to take the fundamental security decisions and initiate security safeguards.
Threat Scenario
The following typical threats (T) are assumed as regards IT baseline protection of a private branch exchange:
Force Majeure:
- T 1.4 Fire
- T 1.7 Inadmissible temperature and humidity
Organisational Shortcomings:
- T 2.6 Unauthorised admission to rooms requiring protection
Human Failure:
- T 3.6 Hazards posed by cleaning staff or outside staff
- T 3.7 Failure of the PBX due to operating errors
Technical Failure:
- T 4.6 Voltage variations / overvoltage / undervoltage
Deliberate Acts:
- T 5.1 Manipulation/destruction of IT equipment or accessories
- T 5.11 Loss of confidentiality of data stored in PBX installations
- T 5.12 Interception of telephone calls and data transmissions
- T 5.13 Eavesdropping of rooms
- T 5.14 Call charges fraud
- T 5.15 "Inquisitive" staff members
- T 5.16 Threat posed by internal staff during maintenance/administration work
- T 5.17 Threat posed by external staff during maintenance work
- T 5.44 Abuse of Remote Access Ports for Management Functions of Private Branch Exchanges
Here, consideration is given to those threats which may impair the functioning of an institution. Thus,
the focus is not on legal data privacy aspects. These are already covered, for a major part, by existing
operating agreements and/or service agreements. Nevertheless, IT baseline protection does, of course,
also contribute to the protection of person-related data.
Recommended Countermeasures (S)
For the implementation of IT baseline protection, selection of the required packages of safeguards
("modules") as described in chapters 2.3 and 2.4, is recommended.
The central devices of a PBX facility should be installed in a room which meets the requirements laid
down for a server room (Chapter 4.3.2), or for a technical infrastructure room (Chapter 4.3.4). For
provision of a PBX with cables, see Chapter 4.2.
In the following, the safeguard group "Private Branch Exchange" is set out:
Infrastructure:
- S 1.2 (2) Regulations governing access to distributors
- S 1.9 (2) Fire sealing of trays
- S 1.12 (2) Avoidance of references to the location of building parts requiring protection
- S 1.13 (3) Layout of building parts requiring protection
- S 1.22 (2) Physical protection of lines and distributors (optional)
- S 1.23 (1) Locked doors
- S 1.25 (2) Overvoltage protection (optional)
- S 1.27 (2) Air conditioning (optional)
- S 1.28 (1) Local uninterruptible power supply [UPS] (optional)
- S 1.30 (2) Safeguarding of data media containing data on telecommunications charges
Organisation:
- S 2.4 (2) Maintenance/repair regulations
- S 2.16 (2) Supervising or escorting outside staff/visitors
- S 2.17 (2) Entry regulations and controls
- S 2.26 (1) Designation of an administrator and his deputy
- S 2.27 (1) Dispensing with remote maintenance of the PBX (optional)
- S 2.28 (3) Availability of external telecommunications advisory services (optional)
- S 2.29 (2) PBX operating instructions for users
- S 2.40 (2) Timely involvement of the staff/factory council
- S 2.105 (1) Obtaining PBX-annexes
Personnel:
- S 3.10 (1) Selection of a trustworthy administrator and his substitute
- S 3.11 (1) Training of maintenance and administration staff
- S 3.12 (2) Informing all staff members about possible PBX warning notices, warning symbols and acoustic alarm signals
- S 3.13 (2) Increasing staff awareness of potential threats to the PBX
Hardware/Software:
- S 4.5 (2) Logging of PBX administration jobs
- S 4.6 (2) Audit of the PBX configuration (target/performance reconciliation)
- S 4.7 (1) Change of preset passwords
- S 4.8 (1) Protection of the PBX operator's console
- S 4.10 (2) Password protection for PBX terminals
- S 4.11 (2) Screening of PBX interfaces
- S 4.12 (1) Disabling of unneeded user facilities
- S 4.62 (2) Use of a D-channel filter (optional)
Communications:
- S 5.14 (1) Shielding of internal remote accesses
- S 5.15 (1) Shielding of external remote accesses
Contingency Planning:
- S 6.10 (2) Contingency plans for breakdown of data transmission
- S 6.26 (2) Regular backup of PBX configuration data
- S 6.28 (3) Agreement on the delivery deadlines for "vital" PBX units (optional)
- S 6.29 (2) PBX base line for emergency calls (optional)
- S 6.30 (3) Emergency circuit (optional)
© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000
Last Update on 6 April 2000
