8.1 Telecommunications System (Private Branch Exchange, PBX)

Description

A private digital ISDN telecommunications facility (switching device for connections between incoming and outgoing lines for the purpose of exclusive data exchange, in the following referred to as private branch exchange - PBX) is both a communications basis for its proper do-main and an interface with the public network. It is used to transmit speech and images (fax) and increasingly serves as a transmission medium for LAN coupling and electronic mail systems. If it is used as a LAN, the provisions of Chapter 6.1, Server supported Network, must be observed.

For the purposes of this Chapter, it is assumed that a person responsible for the PBX has been designated who is able to take the fundamental security decisions and initiate security safeguards.

Threat Scenario

The following typical threats (T) are assumed as regards IT baseline protection of a private branch exchange:

Force Majeure:

Organisational Shortcomings:

Human Failure:

Technical Failure:

Deliberate Acts:

Here, consideration is given to those threats which may impair the functioning of an institution. Thus, the focus is not on legal data privacy aspects. These are already covered, for a major part, by existing operating agreements and/or service agreements. Nevertheless, IT baseline protection does, of course, also contribute to the protection of person-related data.

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

The central devices of a PBX facility should be installed in a room which meets the requirements laid down for a server room (Chapter 4.3.2), or for a technical infrastructure room (Chapter 4.3.4). For provision of a PBX with cables, see Chapter 4.2.

In the following, the safeguard group "Private Branch Exchange" is set out:

Infrastructure:

Organisation:

Personnel:

Hardware/Software:

Communications:

Contingency Planning:


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000