S 3.401 Telecommunications system
Description
Using a telecommunication system, or PBX system for short, the telephones of an organisation can be connected internally and to an external Public Switched Telephone Network (PSTN). Along with voice telephony, additional services may be used depending on the terminal devices connected. For example, PBX systems can be used to transmit data, texts, graphs, and moving images. The information can be transmitted analogously or digitally using wired or wireless transmission media. Depending on the connection and the data networks used, PBX systems in different manifestations may be used in an organisation:
- Classic PBX systems
Classic PBX systems use a separate network as PBX infrastructure for establishing the connection and transmitting the data, depending on the existing technology. For example, telephones, fax machines, modems, and answering machines may be connected to the system. - VoIP system
With Voice over IP (VoIP), an IP data network is used to connect the terminal devices to the PBX system instead of a separate PBX infrastructure with separate wiring. The terminal devices communicate with the PBX system or other VoIP devices using IP-based signalling and media transport protocols. The transition to the public telephone network is performed using a gateway within the organisation. - Hybrid system
Due to the increasing importance of VoIP, PBX systems combining classic telephony and VoIP telephony are offered. So-called hybrid systems are additionally equipped with a connection to the data network that can be used by IP telephones to communicate with the PBX system, along with the components of a classic PBX system. Using a hybrid system, classic digital or analogue telephony and VoIP can be used simultaneously. It is also possible to use a hybrid system to gradually migrate to a VoIP infrastructure. - IP system connection
When using VoIP, the PSTN connection may also be located with an external provider. The (internal) VoIP system primarily uses the internet (IP) to externally communicate with the external service provider. This variant is referred to as IP system connection.
In general, it can be said that the major PBX providers supersede the traditional telephone network with uniform IP-based solutions (Next Generation Network), since with these, differentiation between data and voice transport is no longer required. This will also have effects on the interface between an internal telephone system and the PBX service provider.
This module primarily examines the threats and safeguards which apply specifically to the classic PBX systems. The module should be applied to every PBX system regardless of the technology used later. For all areas which go beyond the classic PBX system, the corresponding modules must be implemented additionally, for example for VoIP (S 4.7 VoIP) or the mobile and wireless systems (e.g. S 3.404 Mobile telephones).
Threat scenario
The following typical threats to the IT-Grundschutz of a PBX system will be examined:
Force Majeure
| T 1.2 | Failure of the IT system |
| T 1.10 | Failure of a wide area network |
Organisational Shortcomings
| T 2.1 | Lack of, or insufficient, rules |
| T 2.2 | Insufficient knowledge of rules and procedures |
| T 2.5 | Inadequate or non-existent maintenance |
Human Error
| T 3.7 | Failure of the PBX due to operating errors |
| T 3.9 | Improper IT system administration |
| T 3.16 | Incorrect administration of site and data access rights |
Deliberate Acts
| T 5.10 | Abuse of remote maintenance ports |
| T 5.11 | Loss of confidentiality of data stored in PBX systems |
| T 5.12 | Interception of telephone calls and data transmissions |
| T 5.13 | Wiretapping of rooms using PBX terminal devices |
| T 5.14 | Call charges fraud |
| T 5.15 | Abuse of features of PBX systems |
| T 5.16 | Threat during maintenance/administration work |
| T 5.42 | Social Engineering |
| T 5.44 | Abuse of remote access ports for management functions of private branch exchanges |
| T 5.71 | Loss of confidentiality of classified information |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
For example, this may include module S 4.5 LAN connection of an IT system via ISDN, which must be applied to all external connections established using ISDN. Modules S 3.404 Mobile telephones, S 4.6 WLAN, and S 4.7 VoIP must be taken into consideration whenever applicable. The central components of a PBX system should be installed in a room which meets the requirements of a server room (module S 2.4 Server room) or of a technical infrastructure room (module S 2.6 Technical infrastructure room). Refer to module S 2.2 Cabling for information on the PBX system's cabling.
A series of safeguards must be implemented for the PBX system, from the planning phase to the procurement and operation phases and to the contingency planning phase. The steps to take to accomplish this as well as the safeguards to implement in each phase are listed in the following.
Planning and design
Safeguard S 2.471 Planning the use of PBX systems should be taken into consideration when planning the PBX system. A policy for operating and properly using the PBX system should be drawn up (S 2.472 Drawing up a security policy for PBX systems).
Purchasing
Safeguard S 2.105 Obtaining PBX units contains the most important criteria to be applied when selecting a PBX system.
Implementation
When installing the system, it is absolutely essential to change the default password set by the manufacturer, since otherwise it will be possible for almost any attacker to manipulate the system. All interfaces must be protected as well. The system must be configured according to the basic rule that all features not required must be disabled, since they entail unnecessary risks (see S 5.14 Shielding of internal remote accesses of PBX systems and S 5.15 Shielding of external remote accesses of PBX systems).
Only those persons commissioned with the corresponding technical maintenance tasks should be granted access to the technology room the PBX system is installed in.
Operation
The administration work on the PBX system should be logged as far as possible in order to be able to track whether security-relevant settings have been modified, see S 4.5 Logging for PBX systems. In the event of high security requirements regarding the operation of the PBX system, the configuration settings must be audited at regular intervals (see S 4.6 Audit of the PBX configuration). Since the security is frequently undermined due to improper operation of the terminal devices by the users, the employees should be made aware of potential threats at regular intervals (see S 3.82 Training on the secure use of PBX systems).
Contingency Planning
Appropriate safeguards for contingency planning regarding the PBX system must be taken. Additionally, the configuration data of the PBX system must be backed up regularly in order to be able to quickly restart and properly configure the system upon potential failure (see S 6.145 Contingency planning for PBX systems).
The bundle of safeguards for the field of "PBX systems" is presented in the following:
Planning and design
| S 2.27 | (Z) | Maintenance of a PBX system |
| S 2.470 | (A) | Procedure for carrying out a requirements analysis for PBX systems |
| S 2.471 | (A) | Planning the use of PBX systems |
| S 2.472 | (A) | Drawing up a security policy for PBX systems |
| S 2.473 | (A) | Selection of PBX service providers |
Purchasing
| S 2.105 | (W) | Obtaining PBX units |
Implementation
| S 4.7 | (A) | Change of preset passwords |
| S 4.10 | (C) | Secure basic local configuration of routers and switches |
| S 4.11 | (B) | Screening of PBX interfaces |
| S 4.369 | (C) | Secure operation of an answering machine |
| S 5.14 | (A) | Shielding of internal remote accesses of PBX systems |
| S 5.15 | (A) | Shielding of external remote accesses of PBX systems |
Operation
| S 3.82 | (B) | Training on the secure use of PBX systems |
| S 4.5 | (B) | Logging for PBX systems |
| S 4.6 | (C) | Audit of the PBX configuration |
Disposal
| S 2.474 | (B) | Secure withdrawal from operation of PBX components |
Contingency Planning
| S 6.26 | (B) | Regular backup of PBX configuration data |
| S 6.145 | (C) | Contingency planning for PBX systems |