S 3.401 Telecommunications system

Description

Using a telecommunication system, or PBX system for short, the telephones of an organisation can be connected internally and to an external Public Switched Telephone Network (PSTN). Along with voice telephony, additional services may be used depending on the terminal devices connected. For example, PBX systems can be used to transmit data, texts, graphs, and moving images. The information can be transmitted analogously or digitally using wired or wireless transmission media. Depending on the connection and the data networks used, PBX systems in different manifestations may be used in an organisation:

In general, it can be said that the major PBX providers supersede the traditional telephone network with uniform IP-based solutions (Next Generation Network), since with these, differentiation between data and voice transport is no longer required. This will also have effects on the interface between an internal telephone system and the PBX service provider.

This module primarily examines the threats and safeguards which apply specifically to the classic PBX systems. The module should be applied to every PBX system regardless of the technology used later. For all areas which go beyond the classic PBX system, the corresponding modules must be implemented additionally, for example for VoIP (S 4.7 VoIP) or the mobile and wireless systems (e.g. S 3.404 Mobile telephones).

Threat scenario

The following typical threats to the IT-Grundschutz of a PBX system will be examined:

Force Majeure

T 1.2 Failure of the IT system
T 1.10 Failure of a wide area network

Organisational Shortcomings

T 2.1 Lack of, or insufficient, rules
T 2.2 Insufficient knowledge of rules and procedures
T 2.5 Inadequate or non-existent maintenance

Human Error

T 3.7 Failure of the PBX due to operating errors
T 3.9 Improper IT system administration
T 3.16 Incorrect administration of site and data access rights

Deliberate Acts

T 5.10 Abuse of remote maintenance ports
T 5.11 Loss of confidentiality of data stored in PBX systems
T 5.12 Interception of telephone calls and data transmissions
T 5.13 Wiretapping of rooms using PBX terminal devices
T 5.14 Call charges fraud
T 5.15 Abuse of features of PBX systems
T 5.16 Threat during maintenance/administration work
T 5.42 Social Engineering
T 5.44 Abuse of remote access ports for management functions of private branch exchanges
T 5.71 Loss of confidentiality of classified information

Method recommendation

To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.

For example, this may include module S 4.5 LAN connection of an IT system via ISDN, which must be applied to all external connections established using ISDN. Modules S 3.404 Mobile telephones, S 4.6 WLAN, and S 4.7 VoIP must be taken into consideration whenever applicable. The central components of a PBX system should be installed in a room which meets the requirements of a server room (module S 2.4 Server room) or of a technical infrastructure room (module S 2.6 Technical infrastructure room). Refer to module S 2.2 Cabling for information on the PBX system's cabling.

A series of safeguards must be implemented for the PBX system, from the planning phase to the procurement and operation phases and to the contingency planning phase. The steps to take to accomplish this as well as the safeguards to implement in each phase are listed in the following.

Planning and design

Safeguard S 2.471 Planning the use of PBX systems should be taken into consideration when planning the PBX system. A policy for operating and properly using the PBX system should be drawn up (S 2.472 Drawing up a security policy for PBX systems).

Purchasing

Safeguard S 2.105 Obtaining PBX units contains the most important criteria to be applied when selecting a PBX system.

Implementation

When installing the system, it is absolutely essential to change the default password set by the manufacturer, since otherwise it will be possible for almost any attacker to manipulate the system. All interfaces must be protected as well. The system must be configured according to the basic rule that all features not required must be disabled, since they entail unnecessary risks (see S 5.14 Shielding of internal remote accesses of PBX systems and S 5.15 Shielding of external remote accesses of PBX systems).

Only those persons commissioned with the corresponding technical maintenance tasks should be granted access to the technology room the PBX system is installed in.

Operation

The administration work on the PBX system should be logged as far as possible in order to be able to track whether security-relevant settings have been modified, see S 4.5 Logging for PBX systems. In the event of high security requirements regarding the operation of the PBX system, the configuration settings must be audited at regular intervals (see S 4.6 Audit of the PBX configuration). Since the security is frequently undermined due to improper operation of the terminal devices by the users, the employees should be made aware of potential threats at regular intervals (see S 3.82 Training on the secure use of PBX systems).

Contingency Planning

Appropriate safeguards for contingency planning regarding the PBX system must be taken. Additionally, the configuration data of the PBX system must be backed up regularly in order to be able to quickly restart and properly configure the system upon potential failure (see S 6.145 Contingency planning for PBX systems).

The bundle of safeguards for the field of "PBX systems" is presented in the following:

Planning and design

S 2.27 (Z) Maintenance of a PBX system
S 2.470 (A) Procedure for carrying out a requirements analysis for PBX systems
S 2.471 (A) Planning the use of PBX systems
S 2.472 (A) Drawing up a security policy for PBX systems
S 2.473 (A) Selection of PBX service providers

Purchasing

S 2.105 (W) Obtaining PBX units

Implementation

S 4.7 (A) Change of preset passwords
S 4.10 (C) Secure basic local configuration of routers and switches
S 4.11 (B) Screening of PBX interfaces
S 4.369 (C) Secure operation of an answering machine
S 5.14 (A) Shielding of internal remote accesses of PBX systems
S 5.15 (A) Shielding of external remote accesses of PBX systems

Operation

S 3.82 (B) Training on the secure use of PBX systems
S 4.5 (B) Logging for PBX systems
S 4.6 (C) Audit of the PBX configuration

Disposal

S 2.474 (B) Secure withdrawal from operation of PBX components

Contingency Planning

S 6.26 (B) Regular backup of PBX configuration data
S 6.145 (C) Contingency planning for PBX systems